I’m using HA for a year, and had no problems. My alarm works this way:
I’ve Foscam cameras with motion sensors, these cameras upload captured images and videos to an FTP when motion is detected. Then, there is an upload script that calls HA REST API to fire a sensor, and the alarm triggers.
I updated my HA to 0.83.1 this morning. At 9 pm (Spain time), a thief has entered to my house, so the cameras uploaded images and videos to the FTP, but the alarm did not triggered because of this bug: https://github.com/home-assistant/home-assistant/issues/18820
When the ftp upload script tried calling HA REST API, response was: “unauthorized”. So the alarm didn’t trigger. At least I have the videos so I can give them to the police.
I’ve modified my scripts, so now I’m not using api_password anymore. Now I’m using a long-lived access token, although I’ve just seen the bug have been fixed today in version 0.83.2: https://github.com/home-assistant/home-assistant/releases/tag/0.83.2
The thief has had an incredible good luck, and bad luck for me