Received notification that ecobee will be making changes to their API on Dec 1st. Did a quick forum search (and yes I may have missed it) to see if this had been discussed. Here is a portion of the notification I received:
We are in the process of updating our authentication systems to better serve our customers and protect their privacy.
Please review this email closely as it outlines several changes that may affect how your systems are integrated with the ecobee API.
Upcoming API Changes Effective December 1, 2020
The following changes will go into effect on December 1, 2020. If you are unsure whether these changes will have an impact on your solution today, we encourage you to discuss it with your technology team, program manager, other stakeholders and ecobee partners.
Access/Refresh Token Format Changes
Starting from December 1, 2020, ecobee access tokens will no longer be returned as opaque 32-character strings. Access tokens will now be JWTs, which are considerably longer and uses a wider character set. Our JWTs follow the RFC7575 standard for JSON Web Signature tokens.
To ensure your application will continue to work, you will need to ensure that your application supports the following changes:
- Access tokens will be up to 7KB in length, and includes upper/lower case alphanumeric characters, hyphens, underscores, and periods.
- Refresh tokens can be of varying lengths and can contain non-alphanumeric characters.
Authorization Code Changes- The Redirect URI associated with your registered application should be a semi-colon separated list of absolute URLs that start with https://. We do not accept http:// protocol links.
PIN Authorization Changes- PINs will become 10 character alphanumeric strings.
- This flow is only recommended in situations where a user is interacting with a device that cannot easily use a web-based login form; we recommend migrating to the Authorization Code strategy for a better user experience.
Click here for more ecobee developer documentation.
Early Access Program
For developers who would like to switch over to the new authorization flows before the December 1st deadline, there is an Early Access Program (EAP) available immediately. To gain access to this program, please submit a ticket on our Help Center and our Developer Relations team will reach out to you with next steps.
Next Steps
If you have any questions about these upcoming changes to the ecobee API, please submit a ticket on our Help Center and the Developer Relations team will get in touch with you.