Integration with Span?

Thanks for this! I just tried your fork and my panels are showing back up again.

This is not an official response from Span, it’s just something I wrote off the top of my head.

The span panel’s local API uses non-SSL http calls on port 80. AFAIK it’s never supported SSL, although I could be wrong about that. It’s worth noting that homeassistant also uses non-SSL http calls on the local network. You probably also log in to your home router using plain http. This is actually a pretty common pattern for local traffic, and for good reason.

Why? Because in order to use SSL effectively, you need a certificate signed by a well-trusted root CA, and that certificate has to be bound to a domain name, and the traffic has to actually use that domain name. This is exceptionally difficult, if not actually impossible, to do when the traffic is being routed entirely locally over a homeowner’s network. You’re connecting to your panel over your network, using we-don’t-know-what domain name (probably just the ip address, which I don’t think you can even get a CA to issue a SSL certificate for).

The other option is what e.g. zwavejs-ui uses, which is a self-signed SSL certificate. My understanding is that the reason it does this is that browsers will refuse to allow camera data to be sent to a non-secure website, even if it’s on your LAN. The result is that cameras work for scanning QR codes, but a scary “not secure” warning shows up in most browsers that will be confusing to most users, because the SSL cert doesn’t have a valid chain of trust back to a trusted CA.

I’m not a security expert, but I really don’t see the problem with using http connections for traffic that never leaves your home network. If you configured your router to port forward external traffic to the span panel on port 80, then yes, it would be a security concern, but in the same way that choosing to leave your front door wide open 24/7 is a security concern. You should just … not do that.

As far as the threat model, the only sensitive information being transmitted over the http LAN connection is the auth token itself, which is completely useless for anything besides access to the local api of that one panel. It’s completely separate from anything used for cloud connectivity or the span mobile app, and the validation happens entirely on the panel itself. This was a deliberate design choice to provide resiliency in the face of e.g. a problem with your internet connection or with Span’s cloud servers.

I think there’s a lot of confusion about the sate of authentication in the HA integration itself. It’s pretty much all working, and I opened a PR against @sargonas 's fork (which he merged) clarifying some of the documentation.

The essence of it is that the proof of proximity is used once, for the integration to get a token, which it then automatically saves and reuses. So you won’t have to repeat the door button trick when the panel reboots or gets a firmware update.

1 Like

Thanks Matt for the reply, @sargonas and @NathanCu both helped me up above and got the auth token working as expected - and so far has been very robust.

The specific issue I was raising was if you selected the auth route and did not have your token yet you couldn’t go back to proximity authentication to first install the integration.

Been there, done that. You just blow away the integration, restart HA and install the integration by ip address. Or grab a new token from the panel.

After some issues blowing away the integration (I had a second discovery of my existing panel that I had previously ignored and forgotten about), I was able pull down the @sargonas fork and get it up and running with auth.

2 Likes

@gdgib Brand new to HA over the weekend having received my HA Green and got it up and running over the weekend. Was entirely motivated by this thread so as to be able to get my Span integrated in with my Tesla gateway, etc.

But Step 1 in the setup of installing HACS is tripping me up (note - no trouble getting the Span authentication token which I have ready and standing by). Appear to have successfully gone through all the installation steps, except when then finally selecting HACS in the sidebar so I can go get the Span integration, I get a very simple HTML page (image here


), not any kind of app like other screen shots show (e.g. Getting started | HACS).

Presume it’s some kind of config bust, but too new to HA to understand (and not a programmer at all)?

I would welcome any tips to fix HACS as presume from there on would be straight forward, but also wondering whether there is a different way to install the Span integration without going through HACS?

@gdgib Never mind. After working on this since yesterday, found the problem in another thread here. Problem trying to install HACS

On to install Span integration now…!

@gdgib Sorry for simple newbie question, but what does the “Host” input field require during initial setup? Using IP address only yields “unknown error” and using full url (i.e. “http://x.x.x.x” yields “failed to connect” error.

IP address is correct as can readily connect via browser.

Initiating “proof of proximity” test didn’t change the outcome.

Already have the access token standing by if I can get past this step…

Which integration did you try to install? The default one in HACS mawhave an issue (read above just a few posts about recent breaking changes by span that requires an integration edit in the user end.)

@NathanCu Thanks. Looks like indeed may be referring to wrong repository? When I click on the right 3 vertical dots in the Span integration row of HACS, it takes me to what appears to be the master @gdgib repository, not the @sargonas one in the link posted. Version shows as 0.0.7. That was the most recent one to come up in the integration install.

Can I manually redirect to the later “fork” or do I need to uninstall/reinstall using a different path?

1 Like

It seems @gdgib has been mia for a few months, which is why you have to do the funky workaround to load my fixes.

If he’s still unreachable in the new year when I return from the holidays overseas, I’m going to spin my fork out into a dedicated organizational account with multiple volunteer admins to prevent a bus-factor of 1 for me, and then reluctantly ask the HACS maintainers to redirect the listing to my repo instead, in hopes of keeping this well maintained by not just me (who is admittedly of limited skill in this space) but by anyone willing to pitch in.

2 Likes

Until the get the final dispo figured out, uninstall the one you have and setup then install sargonas’ repo as a custom repository and install it. Should get yih rocking quickly.

Boom! Thanks! That worked! Connected right away with previously secured auth token, an all data streams seem active.

Now to see what I can do with it all. In process of just exploring HA while stuck, found existing formal integrations for both my SolarEdge inverter, and my smart meter (Smart Meter Texas). Getting these things calibrated to agree with one another is where I started this whole journey in R (key features shared in this link: https://teslamotorsclub.com/tmc/posts/7890392/ where some other HA’rs encouraged me to follow this road). I’m not really here (yet) for the cool home tricks, but more smarty optimize the use of energy in my home.

PS: For anyone as newbie as me who comes on this thread, the final key was figuring out how to link in a “custom repository.” To be found still in HACS as option under the 3 vertical dots in the far upper right. From there, was “discovered” automatically (after restart), then in config was pretty straight forward.

Thanks again, @NathanCu !

1 Like

I keep having all the entities for my panel go unavailable every once and a while. Restarting Home Assistant seems to fix it. Anyone else run into this?

Only error I can find in the logs:

2023-12-19 07:11:44.270 ERROR (MainThread) [custom_components.span_panel] Authentication failed while fetching span panel SN-TODO data: Server error '502 Bad Gateway' for url 'http://10.47.3.24/api/v1/panel'

Thanks to this community for this thread and for the integration work. I got my shiny new SPAN panel installed …and, now have the Home Assistant integration done with the custom repository.

The SPAN panel allowed for 32 slots (SPAN uses ‘circuits’ term) for breakers…but, up to 64 circuits possible with tandem breakers. I re-used some of the tandem (dual or quad) breakers from my old dumb panel and only separating some key circuits (eg., ACs) to dedicated breakers in order to do load management.

The SPAN Home app is OK but limited in features and control. For example, I could change the name of the circuits but the PDF for Breaker layout has the names entered by the installer. One has to email support to get the changes done so the PDF printout shows what I want.

API vs SPAN app
Compared to the SPAN Home app, the API provides info on lot more attributes (eg., Door state), data to create statistics graph for different time periods, etc… While the SPAN app’s history view allows to view more detail with a “long press”, there are no options to view for shorter period like a couple of hours, for example. So, I expect to use the Home Assistant statistics/history graph more often to track key circuits and to do automations, stankey graph, …and, many more cool things with this integration.

edit-1 : The value for “Current Power” is higher with the API vs the APP’s Flow tab showing “Currently powered by the grid”. The difference is ~30-40 Watts.

SPAN & Tesla Powerwall
In the next few weeks (waiting for local permit!) I should have Tesla Powerwalls (+ REC solar panels/enphase iq8+) installed.

  • The electrical integration will be per the figure on page 10 in the “Backup System Connection Guide” (SPAN Technical Documents) with generation breakers in the Tesla Gateway. Likewise, Tesla’s website has a figure showing the whole home backup with standalone meter (Tesla Powerwall Whole Home Backup Figure).
  • The network integration is supposedly via a wired ethernet cable. Although I have the ethernet cable set up and ready, I am planning to check if SPAN can discover the Powerwall over the (wifi) LAN. I see this briefly mentioned earlier in this thread. A main reason is to ensure local API to Tesla Powerwall is available for integration with Home Assistant.

Will update this post once I have the Powerwall integration complete.
Thanks

Clearly that is a supported integration configuration.
I wanted to keep/use all 6 breaker spaces in the Tesla Gateway for Powerwall batteries, so the output of my Enphase Combiner lands on a pair of generation tabs on my Span panel, but there is a CT that measures the Enphase Combiner/PV output that connects to the Tesla Gateway (easy in my case, as the output wires of the Enphase Combiner run through my Tesla Gateway chassis.

I ran hardwired Ethernet cables to my Span panel, my Enphase Combiner, and my Tesla Gateway. They are all on the same network segment, and they can all see each other via the network. My Home Assistant is on that same network segment, so HASS can see all three components, and the Span can “see” the Tesla Gateway over the network.

My setup will have 3 Powerwalls. The engineering diagram from my installer shows a “battery combiner panel” before the Tesla gateway. So, I have

  • a combiner panel for the 3 x 20A PV circuits (Enphase combiner 4/4c), and,
  • a combiner panel for the 3 Powerwalls (don’t see a brand name for the combiner panel).

Hence, need 2 breakers in the gateway - 60A for PV and 90A for Powerwalls.

I currently have 2 breaker spaces in the span panel and keeping them for a charger (eg. SPAN Drive) at a later time.

Cool, thx.

That seems like a good design