Dynamic Authorization header for REST sensor

Is there any way to get dynamic headers when RESTful sensors? The Bearer token (in Authorization header) of my REST api changes every 24 hours. So I need to updated the headers property in the rest sensor. For example:

sensor:
  - platform: rest
    resource: `http://domain/my/api`
    name: foo_status
    headers:
      Authorization:  **I WANT A TEMPLATE or VARIABLE HERE**
    value_template: ''{{}}"
    scan_interval: 30
3 Likes

Same question here, did you ever get a solution?

Thomas

Not really. I fix the solution by using a secret variable as authorization token. This secret is saved in secret.yaml as usual, so I refresh the yaml file once per day by using an external script thanks to a crontab entry.

Any further ideas or updates to this?

I’m in the same boat, it would be great to have it driven from a template, then I can jimmy up another sensor whose state is the token or something like that.

I ended up customizing the restful sensor component to accept templates in the header option.
Works pretty well as long as the template checks that the sensor with the token has a state, however since this was basically my first foray into python it is in no state to open up a pull request.

2 Likes

Could you share this script that is run by the cron?

I’m sorry. I forgot the script is run by the own HA in automations.yml:

 - trigger: 
    platform: time
    at: "00:10:00"  
  action:
    - service: shell_command.refresh_token
    - delay: '00:01'
    - service: homeassistant.restart

We still need this.
I’m in the same boat, using a secret file is a major hack.
Headers should support templates.

I had the same need, my workaround was to use the command_line sensor with curl instead (the template here fetching the token from another sensor retrieving it):

- platform: command_line
  command: >
    curl
    --header "'Host: api.fullup.be'"
    --header "'Accept: application/json'"
    --header "'Origin: https://dashboard.fullup.be'"
    --header "'Authorization: {{ state_attr('sensor.fullup_token', 'result')['type'] }} {{ state_attr('sensor.fullup_token', 'result')['token'] }}'"
    --header "'Content-Type: application/json;charset=UTF-8'"
    --header "'X-Requested-With: XMLHttpRequest'"
    --header "'Sec-Fetch-Site: same-site'"
    --header "'Sec-Fetch-Mode: cors'"
    --header "'Referer: https://dashboard.fullup.be'"
    --header "'Content-Type: application/json'"
    --header "'Accept-Language: en-US,en;q=0.9,fr;q=0.8'"
    --header "'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.117 Safari/537.36'"
    "'https://api.fullup.be/tanks/search?connected=true&limit=50&offset=0&search=&type='"
  name: FullUp
  scan_interval: 3600
  value_template: >
    {% if value_json.success == true %}
      OK
    {% else %}
      KO
    {% endif %}
  json_attributes:
    - result

It’s the closest workaround but there are features differences between the two, unfortunately.
Namely, the rest sensor supports ‘json_attributes_path’ for grabbing nested attributes.

Uh, yeah, it is really a shame that the header is not templated. The different work-arounds are all ugly and inconvenient.