Growatt ShinePhone account locked after enabling Growatt integration (need safe best‑practice with API token & scan_interval)
Context / Goal
I’m trying to integrate my Growatt hybrid inverter + APX battery into Home Assistant OS (HAOS) in a way that:
- Keeps my existing Growatt cloud monitoring fully working
- Keeps the ShinePhone app fully usable at all times
- Avoids any risk of Growatt locking my account again because of API usage from HA
After enabling the Growatt integration in HA, my ShinePhone app account was locked, while I could still log in to the Growatt web portal. I want to understand what the safest best‑practice is (API token + scan interval, separate account, etc.) so this never happens again.
System description
- Location / setup
- Residential + small business setup in the Netherlands
- 8 kWp PV (20x Jinko Tiger Neo 400 Wp, east–west)
- Hybrid inverter: Growatt MOD 7000TL3-XH BP
- Battery: Growatt APX HV 10 kWh
- 3‑phase backup box: SYN100XH30
- EV charger: Growatt THOR 11 kW
- Growatt datalogger: ShineWiLan‑X2, S/N ZGQ0F6M145 (WiFi + LAN)
- Home Assistant
- Hardware: Gigabyte BRIX mini‑PC (Intel N200, 16 GB RAM, SSD)
- Install: Home Assistant OS (official HAOS image)
- Role: central EMS (energy management system) for:
- Dynamic electricity pricing (EnergyZero / Greenchoice, NL)
- Battery control (charge / discharge strategy)
- EV charging strategy
- General home automation
What I did (and what went wrong)
- I added the Growatt integration in Home Assistant (Growatt Server) to get:
- PV production
- Battery SoC / charge / discharge power
- Grid import / export
- After enabling this integration, my ShinePhone app suddenly reported my account as “locked” / blocked.
- I could still log in to the Growatt web portal (server.growatt.com) with the same credentials.
- The lock seemed to apply to the app / API side, not the portal.
- I then removed the Growatt integration from HAOS to stop further API calls from Home Assistant.
- My goal was to prevent making the situation worse and to avoid permanent issues with my account.
From what I’ve found online and from my own analysis, this looks like a Growatt rate‑limit / security lock because HA was polling the API too aggressively (or with the same account that the ShinePhone app uses).
Current status
- ShinePhone app: currently locked / unreliable (message about the account being locked).
- Growatt web portal: still accessible with my login.
- HAOS: Growatt integration is currently removed; no more Growatt API calls are being made from Home Assistant.
- I strongly want to keep full control via the ShinePhone app – this is non‑negotiable for me. I do not want to flash hardware or sacrifice the official Growatt cloud monitoring.
What I want to achieve
My desired end‑state:
- Growatt cloud + ShinePhone keep working exactly as designed.
- Home Assistant gets Growatt data (PV, battery, grid) safely and reliably.
- No account locks / rate‑limit issues at Growatt due to HA.
I’m not looking for complex MQTT / Grott / custom firmware solutions right now. I know they exist and might be more robust long‑term, but at this moment I want:
A safe configuration using the official Growatt integration with an API token, possibly with a separate HA‑only account and a conservative scan_interval (5–10 minutes), that the community considers “best practice” and that doesn’t risk another lock.
Planned approach (please sanity‑check / correct me)
This is the plan I intend to follow once my ShinePhone app access is restored:
- Reset security at Growatt side
- Change the password of my main Growatt account via the web portal (server.growatt.com).
- If possible, create a second user / visitor account specifically for Home Assistant (read‑only if available).
- Use an API token for HA
- Log in with the HA‑specific account in the ShinePhone app.
- Generate an API token / third‑party access token (as described in various guides and in my own system documentation).
- Store this token securely.
- Re‑add the Growatt integration in HA
- In Home Assistant:
Settings → Devices & Services → Add Integration → Growatt Server - Use the API token instead of username/password.
- Set the server / region to Other region / server.growatt.com (I’m in Europe, NL).
- Set a safe polling interval
- Use the default ~5‑minute update or explicitly configure scan_interval to 300–600 seconds (5–10 minutes).
- Make sure no other tools are logging into the Growatt API with the same account (no extra scripts, no additional Growatt integrations, etc.).
- Monitor behaviour
- For the first days, monitor:
- ShinePhone app login behaviour.
- HA entity updates (that they keep changing every few minutes).
- Optionally create a simple HA automation that warns me if a key Growatt sensor (e.g. battery SoC) doesn’t change for more than ~30 minutes, so I can catch issues early before Growatt decides to block the account again.
Questions for the community
- Is this approach (API token + separate HA account + 5–10 min scan interval) considered “safe” and “normal” by people running Growatt + HAOS long‑term without ShinePhone lock issues?
- Does anyone have concrete experience with Growatt account locks specifically caused by the HA Growatt Server integration, and what exact settings / patterns caused or avoided those locks?
- For users with ShineWiLan‑X2:
- Are there any known caveats when using the official Growatt integration (API token) together with ShineWiLan‑X2 on server.growatt.com?
- Any reason to prefer a 10‑minute scan_interval over 5 minutes to be on the safe side?
- Are there any recommended config examples for:
- Using the Growatt Server integration only for reading (PV, battery, grid)
- With a conservative scan interval
- Without touching modes / settings on the Growatt side
- Finally: Is there anything obvious I am missing that could prevent a future lock, given that:
- I have a fairly “heavy” energy setup (PV, APX battery, EV charger, dynamic prices).
- I want HA to be the main EMS, but I also want the official Growatt monitoring + ShinePhone to remain fully functional and reliable.
Home Assistant details
- Installation: Home Assistant OS on Gigabyte BRIX (Intel N200, 16 GB RAM, SSD)
- HA role: primary EMS, with:
- EnergyZero / dynamic electricity pricing (NL)
- P1 smart meter integration
- Future automations for Growatt APX battery and EV charging (Mazda MX‑30 R-EV + Growatt THOR 11 kW)
If needed, I can also share specific versions, logs, or an anonymised config snippet once I re‑enable the integration.
Thanks in advance to anyone who can share long‑term experience or best‑practice guidance – I really want to avoid another ShinePhone lock while still using Home Assistant as my main EMS.
+++
Related threads / docs I’ve already read:
- Locked Out Of ShinePhone Account: Locked Out Of ShinePhone Account
- Growatt integration docs (API token, rate limiting): Growatt - Home Assistant
- Various GitHub issues about rate limiting / account lockouts for Growatt.