Alright, this drove me absolutely nuts because I’m trying to zone my house with home assistant.
EDIT 11/22/2023: Coming back I’m now using this post to fix my own installation after working for several months. It looks like due to messing with my network my thermostat lost connectivity long enough that the refresh token went stale again. All I had to do was go here (Honeywell Home Developer Site | Create a Token from an Authorization Code) and use my existing information but I’m redoing the whole thing with a new app so that this makes more sense next time I break it and until I figure out how to bypass resideo.
I need to be able to change priority with automation and while this isn’t my perfect solution it does work.
We’re going to use the resideo api to make the commands that weren’t included with homekit. Unfortunately this solution does depend on the cloud. I’m hopeful to change this later but at least it works for now.
- Make a honeywell/resideo developer account (Honeywell Home Developer Site | APIs)
- Create a new app with any name and this URL as the “callback URL” which will later be referred to as the “redirect uri” https://my.home-assistant.io/redirect/application_credentials/
- Under the API menu in the resideo/honeywell website you’re going to select the “authentication” submenu which should have 4 commands (we need to do them all)
The directions on them aren’t clear and terminlogy changes so we’ll keep an inventory:
One of the things we’ll need is an “Authorization”. We get this by taking the “Consumer Key” and “Consumer Secret” which you can get by expanding your app on the “My Apps” tab in the resideo developer site. Once you’ve expanded the app by clicking on it’s name it should look like this:
The "Authorization is a base 64 combination of these two keys with a “:” (colon) in the middle. Go to this website and paste the api key (Consumer Key) and secret (Consumer Secret) for the app you created with a “:” between them The base64 version is what you’ll use for “Authorization”.
Using my example keys, that step looks like this:
Now take the base64 converted string and test it using the link below to make sure your authorization works:
Obtain OAuth2 Client CredentialsToken
Get an Authorization Code [information only, you dont need to go here]
Please don’t confuse this with “Authorization” … This is an “Authorization Code”. It’s an 8 character alphanumeric string you’ll pull out of your browser URL on the landing page when it asks for your home assistant URL. You do not need to go past that page.
Take the link below and replace the "xxxxx"s with your api key (Consumer key on the honeywell page for the app you created in step 1. You do not need to click on the link above, you only need to modify the one below and go to that link. It will ask you to login to your resideo account and you should link your account to the device before doing this step. This is different from your honeywell developer account.
https://api.honeywell.com/oauth2/authorize?response_type=code&redirect_uri=https%3A%2F%2Fmy.home-assistant.io%2Fredirect%2Fapplication_credentials%2F&client_id=xxxxxxxxxxxxxx
Login, select your thermostat, authorize and when it asks to continue to home assistant: Look in the url after “code=” and copy those 8 characters.
Let’s take an inventory of what we’ve got now:
Go to this link: Create a refresh token
Fill out: Authorization / code (aka authoriation code) / and redirect URI using the information we’ve collect and hit send. The only line we care about is the “Refresh token”. This is the only step you need to repeat if your refresh token ever goes stale and you cant make requests anymore.
Requests to the API are made with an access token. While we get one from the previous step, we need to refresh it regularly so dont worry about it until you setup a sensor in home assistant to refresh it automatically using the refresh token.
Refresh a Token
We’ll do this as a sensor because this api key goes stale all the time and we need a new one to keep making requests. There is almost certainly a better way to do this im just going for the duct tape approach.
- platform: command_line
name: T10_Refresh_Token
command: "/usr/bin/curl -s -X POST \
'https://api.honeywell.com/oauth2/token'
-H 'Authorization: <REPLACE WITH YOUR AUTHORIZATION>'
-H 'Content-Type: application/x-www-form-urlencoded'
-d 'grant_type=refresh_token&refresh_token=<REPLACE WITH YOUR REFRESH TOKEN>' | cut -d '\"' -f4"
scan_interval: 1000
shell_command:
set_thermostat_priority: "/usr/bin/curl -X PUT \
'https://api.honeywell.com/v2/devices/thermostats/<INSERT LCC-########>/priority?apikey=<INSERT YOUR API KEY HERE>&locationId=<INSERT YOUR LOCATION HERE>'
-H 'Authorization: Bearer {{api_key}}'
-H 'Content-Type: application/json'
-d '{{input}}'"
Please note the “LCC-#######” refers to the T10 and you’ll need to change this for your thermostat. You’ll need to do this anyway because you’ll want the location identifier as well. You can get this from the api website: https ://developer.honeywellhome.com/lyric/apis/get/locations
refresh token goes stale if it stops getting updated for a while so even if you are getting api keys back they won’t work. You’ll have to go get another “code” through the web auth and then get another refresh token.
This is very much a work in progress and I’ve not even finished working the kinks out … there is a solution though.
sorry about the link formatting, I made this account just to toss what I had up and it wont let me have more than 2 links. EDIT: came back and fixed formatting now that my account can.
