Integration with Span?

While the “proof of proximity” is great for “power home-owners” its not great for a fully automated home automation system that was created for “hands off” home owner. The integrator cannot ask a homeowner to open and close their breaker box everytime there was a power outage.
My feeling is though, that SPAN is considering a token based login - the question is how an integration software can securely get and refresh the token.

The Alexa Media Player integration currently renews a dynamic token with 2FA. It’s entirely possible.

That is a cloud based service. If you want to stay strickly local API only 2FA will not work

I used that example strictly because it’s currently the most complex auth in any integration I currently know of… It initiates a token renewal on a regular basis which triggers a 2fa request that the integration handles on its own. Yet… it still works well. My point is whatever they put in I’m sure the community can adapt to it. Any auth that uses current standards, supports local control, resettable, etc.) should not be a problem for HA to consume. Any auth that doesnt fit the bill I will join in with flames to thier engineering team

On proximity access there’s some things I want to not be easy to access like onboarding a new ZWave door lock or accessing my entire electrical infrastructure. I LIKE that proximity access is part of it and if they sound like they’re moving away from that I will definitely put in a counter argument to at least keep it as an enforceable option. If you dont want physical access part of your auth solution that’s fine - personally I DO. Be it button on panel or a FIDO key or whatever. (yes im also a weirdo switching many of my important public IDs to FIDO keys for 2FA)

Im any case, Its up to us as users to keep pressure on SPAN to ensure whatever they do maintains local auth and local API access. If they don’t think it’s important to thier customers they won’t put effort behind it. If they do think it’s important to clients it suddenly becomes a Product Manager’s problem… I intend to keep putting it in any SPAN employees desk. Yes this is important. If not one of the most important features.

My panels look due to be installed next week. Im pretty sure my sales team and engineering team are already getting tired of me repeating that local access local control mantra and asking them to make sure that the message is passed up the chain. I keep reminding them that I am spending enough money to have earned the right for them to at least listen to my opinion and that thier core demographic are folks who REALLY care about these issues. Someone who doesn’t care about local access and control of an electric monitoring system isn’t spending 1.5x the cost of a typical panel installation and isn’t who they’re trying to sell to. They can try to monetize the advanced AI features all they want. Cut off basic access to the panel and we’ll have a SIGNIFICANT problem.

Else, they can simply not have my money and not install the panels. So far I’m not unhappy with the responses.

Thanks @SPAN-Shoop for the details about SPAN’s plans. I’ve been in discussions with my local solar installer about adding a SPAN panel to my system, but I would need a commitment from you guys you’ll support local API access. So, the project is off for now.

Proximity makes sense, but it HAS to be persistent. I paired my Hue bridge to Home Assistant by physically pressing a button on my Hue hub, and it’s just worked for years without a problem.

Thanks @SPAN-Shoop, this first confirmation has really encouraged my purchasing decision this summer. The “easter eggs” you have in the local REST API have so much more detail than the current SPAN app, and together with the SolarEdge Modbus both ethernet wired in creates very detailed data information collecting. Bravo for letting us continue down this path with both Span and HA! I am sure the Venn diagram between Home Assistant users and those considering Span is pretty inclusive, and I am sure a decent marketing potential could be had by getting officially integrated into Home Assistant by working with Nabu Casa.

I do like the local verification idea (after I figured out what was going on after my power was restored from the wind storm last weekend), but @stbenjam has a point - this should also be persistent. A setup similar in protocol to Hue, where a physical location trigger is entered when enrolling into a system and on the same local network - but then it should be persistent. After all, it is an electrical panel and designed to react to power failures!

Thanks again for the support Span.

The FIDO Key is a great idea but if I was SPAN, I would not retrofit all existing panels with a key.
Like the other folks commenting here @SPAN-Shoop I am super happy to hear that SPAN is thinking towards a supported local API. My installation includes two inverters from SolarEdge and their local API story is horrible at this point: Modbus TCP with only ONE connected client - and that connection is actually used by SPAN so I cannot use it with my software. The much better local API SolarEdge has is a GRPC (kinda REST) interface that only works when you push a button on the inverter and then its only available via an internal SolarEdge Wifi AP that shuts down if a client is not reading from the AP in a couple minutes.

As for the local API, I would have some additional requests: The SPAN Panel reads my Solar Inverters production and battery values and shows it in the mobile app. Including the flow of the energy. It would be great if SPAN cloud include these values in the local API as well - then I would have no need to connect to my inverter anymore and cloud use SPAN as the central power management data source.
Also I really would like to understand what “isSheddable” and “producedEnergyWh” on each circuit means. The latter could point at some future V2G or V2H option - which would be super cool!

Keep it coming SPAN, I am super happy with my two Span panels!

This is how my SPAN panel looks in my software:

image1001×1059 95.7 KB

All my circuits are set to “Must have” and I do control them myself depending on the battery level.
I can also set warning levels for each breaker if they are close to “trip”. These warnings are sent to all my monitoring devices in the house and even my “Home’s Discord Channel”.

@muenchris - you may be on to something with the whole auth token Let’s talk about a few what IFs…

1. What if, once tokens were generated they persisted until revoked without needed a refresh? Is that a deal breaker or do you believe that tokens should always be refreshed every 30\60\90 days?
2. What if, tokens had varying levels of access controls; i.e. Read = GET, Read\Write = GET, POST, PUT.

It would be perfect if the token is persisted and valid until revoked. Refreshing every 30/60/90 is more secure but is tricky for use cases like vacation homes, where there might not be anybody for an extended period of time. Homes that are fully off-grid might also fully off-internet and the local EMS (Energy Management System) would have to be able to control the breakers even without internet. If than the token has expired, someone would have to get to the vacation home just to renew the token.

The token should only allow local access and I would love it if there are different levels of access control as . One idea behind the different levels is the possibility to give certain apps (and therefore certain users) only read access. POST and PUT would be for the EMS. These “claims” could be encoded in a JWT security token.

The big question is still how an app/user would get the token. Here I think your open/close door proximity verification would work just great. For example you have to go to a local web page that tells you to open/close the SPAN door within a certain amount of time. Then the token shows and gets persisted. Trouble is that an smart intruder that knows about this process, could do this as well.

One way to ensure that the token is correctly validated, you could incorporate the token generation in your SPAN App. It requires a valid login and the token coming from the SPAN panel could be validated against your SPAN cloud service. Basically using a “refresh token” coming from the panel locally that then retrieves the final JWT token from the cloud service. The SPAN app would then store the token in the local panel and therefore the local web app can validate incoming REST requests against that JWT. That way an intruder would only get the “refresh token” but without the SPAN app and login would not get the final JWT. The JWT would be valid until the SPAN app requests a new Token via a new Refresh Token.

I am very happy to hear that you take security seriously but still want to give local access to app! This is the best combination of IoT and user friendly app design.

I second everything about this post…

…And my panels were literally provisioned 30 minutes ago.

@SPAN-Shoop I’d like to make another suggestion regarding SPAN products.

Please, find a way to let the customer access their own hardware provisioning. I just had a SPAN Drive unit installed yesterday, and it’s still not turned on properly. The installer who did my SPAN Panel sent someone who didn’t have access to the software or something, and the tech support individual at SPAN who I got stuck with is just now learning how to commission the product. Particularly annoying since she is the same person I got stuck with back in August when I had questions about the API and she knew nothing about that either.

Maybe my experience with SPAN customer support is unique, and other people have found them to be competent, but I’m currently stuck with a car charger that doesn’t function and trying to get someone to simply turn it on before they all take off for a five day Thanksgiving holiday.

There really need to be some assurances that REAL technical support and not just some script trained receptionist will be on the other end of the line when a customer needs help.

      Doug

Ok, the SPAN Drive unit is now working and car is charging. The addition seems to have broken the “Circuits” page on the local device website, but I guess that wasn’t entirely necessary at the moment. One step at a time.

Some initial thoughts on SPAN Drive addon for the SPAN Panel…

This appears to be a solidly built level 2 wall charger. The cable is heavy but easy to manage and the charging plug is very nice, gently sliding into the car’s socket and locking in place with a firm click. It is easy to remove from the car, and doesn’t seem to stick at all. Very nicely made to the point of appearing delicate, but it does look tough enough to last. Time will tell. The wall box itself is a little smaller than I expected. It’s very attractive with a glass front panel. While the inexperienced installer did a poor job of actually installing it on the wall, I’ll deal with that later.

When initially installed, the front panel light worked, and the LED turned green when plugged in, but wouldn’t charge the car. The aforementioned installer didn’t have access to the SPAN Tech Portal app, which is necessary to activate the device. I eventually contacted SPAN support, and in time we were able to resolve the problem.

Once remotely provisioned the device is working great. Charges at your car’s max amperage, adjusting the rate as appropriate.

The device has some advanced capabilities to communicate with the car as well. It appears that SPAN is working with Smartcar.Com to implement their API, which would potentially give the device an ability to access a tremendous amount of data in the attached vehicle. This could be a real goldmine for home automation aficionados. Unfortunately, SPAN’s implementation of this doesn’t yet work with Nissan vehicles, so my own car seems to be out of luck at this time. Smartcar.com is forcing an upgrade to their 2.0 API by the end of the year, so maybe that will encourage some innovation.

I don’t know how many SPAN Drive units have been installed so far, since they only work in tandem with the SPAN Panel, but this does seem like a solid product that has a lot to offer the home automation community.

Thanks for the review Doug, really helpful. I am still considering this down the road, but I am also holding out that the SolarEdge chargers that would hook up to my solar inverters will someday reverse for ‘power to home’ mode. I am not sure if the Span charger has this in the outlook, but I am sure it would take a lot of work to get the communication right from the automatic transfer device.

Speaking of provisioning, did you ever get your main Span panel provisioned correctly and connected locally?

I’m still having significant problems trying to get the panel working locally. The app is functioning, but the direct access website has problems. Since the problems I have are unsupported issues at this time, the tech support person that they have given me twice now (Allison) is even less capable of providing any assistance.

I too would really love this sort of capability. Unfortunately, my understanding is that it’s quite far off, and requires either a bidirectional inverter in your car, or a DC connection. I think the Nissan Leaf has a bidirectional inverter (or at least it did in certain model years), but AFAIK no other car sold in North America has one. The only product I’ve seen that actually did this was the Wallbox Quasar which used a CHAdeMO connector, which the Leaf had. I don’t know the whole story, but I think they never released a North American version, probably because the only North American car it would work with was the Leaf. It looks like now they’re working on a version 2, which uses a CCS connector (DC), but it’s not available yet.

The upshot of the above is basically that I don’t think any level 2 EVSE with a J1772 connector (this describes basically every home EV “charger” on the market in the US) available today will ever be able to power your home from your EV battery. I’d love to be proven wrong, but I just don’t see how it would be possible without a major hardware upgrade.

That does seem to be the unfortunate reality, with more and more companies advertising future features that may or may not ever happen.

The biggest buzz with power to home has been with the Ford Lightning. Reports said they were going to partner with Sunrun to install the Home power side and use a lot of Delta equipment to manage it. Oh my, just looked up the system….

Not for the faint of heart, and definitely looks like a generation 1 product. Doesn’t look like there is any room to work or manage with Span with setup either, which is a shame. I’m sure they will figure it out eventually, but I can be patient. Honestly I will probably wait until the next gen EV tech comes out, and by then they will have V2H figured out and won’t be too much of a retro install.

Hopefully Span can be part of it, even better if HA has full access to monitor it all.

We had a power outage this week and after the power came back one of my SPAN panels upgraded to spanos2/r202240/06.1. This version now requires a header with "Authentication Bearer " for all Local API calls (except of “/status”). For now, to get the token was to grab it from the local storage of a Chrome Browser after it has been successfully done the login after open/close the door 3 times.
Bevor this firmware the API calls worked without the token once some browser was authenticated.

@SPAN-Shoop I assume this is still not final but a great step towards the goal

A few questions:

1. Did you install the SPAN Drive separately from the panel? If so, how long did it it take to get completed?
2. Would you recommend getting 2 of them based on your experience with them?
3. Do you know if you’d be able to install 2 running off the same breaker? I know they are working on functionality to have them share but its not ready yet.