Also a a Brunata victim customer. I can’t turn the lights on, but I can light a candle:
A cursory inspection of the web transactions from a browser login, looking at consumption data, and logging out, I can see that their customer website uses an api backend, based on the following URLs (broken since I have a 2-link limit)
securehttpcall://online.brunata.com/online-auth-webservice/v1/rest/authorize
securehttpcall://brunatab2cprod.b2clogin.com/brunatab2cprod.onmicrosoft.com/B2C_1_signin_username/oauth2/v2.0/authorize
securehttpcall://online.brunata.com/auth-response
securehttpcall://online.brunata.com/online-webservice/v1/rest/consumer
The calls for getting the data are straightforward:
https://online.brunata.com/online-webservice/v1/rest/consumer/consumption?startdate=2022-07-01T00:00:00.000Z&enddate=2022-07-31T23:59:59.999Z&interval=D&allocationunit=W)
The response is JSON and also straightforward:
"consumptionLines" : [ {
"meter" : {
"meterId" : 99999999,
"placement" : "right here",
"meterNo" : "222DEADBEEF333",
"meterType" : 1,
"scale" : 2.6,
"unitfactor" : null,
"mountingDate" : "2017-12-04T09:25:00+01:00",
"dismountedDate" : null,
"transmitting" : true,
"allocationUnit" : "O",
"superAllocationUnit" : 1,
"unit" : "1",
"meterSequenceNo" : 11,
"numerator" : null,
"denominator" : null
},
"consumptionValues" : [ {
"fromDate" : "2022-01-01T00:00:00+01:00",
"toDate" : "2022-02-01T00:00:00+01:00",
"consumption" : null
...
Since the data part looks easy, the main task to get it working then would be inferring the authentication flow, which is not a simple auth as far as I could see, but federation calls against microsoft from client-side javascript that will require some work to model. For someone with the dev skills it might not be that big a deal, but is beyond my familiarity and time availability…