Many devices are internet connected and only have an API that works over the internet. I think most of us agree that a local API which allows for direct communication over the local network is much more reliable, quicker and private.
To spread this message to the world, it would be convenient to have a ‘local API manifesto’. This text would explain why it is good that devices enable local access over wifi. It would also come with a description of what a good local API should look like.
Devices or companies who already offer such an API could sign it. This could come with a kind of badge that they can put on their products which might stimulate others to provide the same.
I have a few devices that have a web API, but no local one, even though they are on my WiFi network. I could use this to encourage them to make a local API.
As far as I know, such a manifesto doesn’t exist already so it could be helpful if Home Assistant stands behind it.
Even though I generally agree that local APIs are great, I don’t think such a badge that vendors can put on their products could become reality.
I’m not a vendor. But if I were one, I would think twice about providing such an API. Because if I provide it, I also have to maintain it and give support. People won’t always know what their doing, and I would end up giving support for the same question a gazillion times. Also security issues will pop up. People will expose their devices to the web not knowing what they are doing, and by that possibly burn down their houses (of course I’m exaggerating here).
On top of that, I would still need to provide a cloud service, because that’s what average people want. It makes pairing to Alexa and Google Assistant easy, and I only have to take care of my infrastructure instead of possibly providing firmware updates (which can fail) to a lot of disappointed customers.
To sum it up: local APIs are great and powerful. But for average users they don’t matter and aren’t overly cost effective when people start shooting their own feet because they don’t know what they’re doing. So even though I wish for more local APIs, I believe vendors won’t provides them in most cases.
I agree that this is not something we can have for all devices, but that shouldn’t stop us from not trying at all.
The security issues I don’t really see. I would say that it is fundamentally just as easy/hard to abuse or hack a cloud API as it is to hack a local API that someone exposed accidentally to the internet. In the case of a cloud API, there is also communication between the device and the cloud server which could be tampered with.