Logitech Harmony removes local API


Bingo, 100%. Get ready to have hundreds (thousands?) of users perpetually downgrading their firmware. Unfortunately, monster companies like this have little incentive to change unless they seem a dramatic impact to their revenue.

I’d still love to see what security vulnerability (which was apparently so hazardous that a closed system was vulnerable) was actually fixed by this…


Still nothing happens. Just the volume decrease.


December 2015 Philips Hue did a similar thing, when they locked out all other verndors of zigbee bulbs from their bridge. A couple of days and hundreds of 1-star reviews later they reverted the change.
I own three hubs and about a dozen other product from logitech and I have plenty of time over the holidays. Merry Christmas to you too Logitech :frowning:


Great point. We should flood Twitter, Amazon, etc.


This is quite a sad day. I have two hubs, and have had several Harmony products over the years. What I currently own will be my last. I’ve already removed all references from my automations, and lucky for me there are other integrations for my AV equipment that will allow me to do the basics of what I wanted to do. I can at least detect power on/off of my vizio and sony tvs to trigger lighting scenes. Which is mostly what I was doing anyway. I’ve recommended this brand to so many people over the years, but that will stop. I know in thier mind they are just hurting a small subset, but that subset is very likely responsible for others purchasing their equipment as well. Hopefully we will be able to get updated code that wont be blocked again in the next 6 months.

Edit: If you use the emulated Hue to kick off automations is that local control?


I went back to my Amazon purchase history today and found 6 harmony products purchased over the last 7 years.
I added/revised reviews for all the products and gave them all one star. Copied and pasted the same comments for all. Basically, if you want local API access to your Harmony, you are SOL.
Customer feedback influences my purchases. I hope my reviews will poke Logitech in the eye if a couple of hundred potential customers read them.
Got to fight back anyway we can.


Great idea about the negative feedback on review sites. I think I’ll start the rounds.

    - harmony


Wow… I sympathize for anyone who had to go through this mess, making local API inaccessible to Home Assistant and other open-source home automation projects that make use of it, including Hubitat (if they have Logitech Harmony integration in place).

I have retweeted so many of people’s complaints about not getting local API to work and I do feel everyone’s pain. I would certainly not provide DNS server IP address and default gateway to my Harmony Hub if I have one. The Harmony Hub will be in a separate subnet with no access to the Internet.

And Logitech not re-enabling local API access is nuts. Undocumented local API access has nothing whatsoever to do with security so long as these devices are in a separate isolated subnet.



i am still on 201, and blocked internet on the hub, now the problem is that the android app is not working anymore on adroid, this is confirmed by other users
so how can we now update settings for activities or buttons? so probably synching is not working anymore
i know websockets will be released soon, but any1 tried already changing buttons/activities with a blocked internet connection?


Amazon had a deal on the Harmony Elite yesterday: £119. Bought that, then came here and saw the news. Looks like I have a decision to make now :neutral_face:



What horseshit.

I probably have purchased well over $5,000 in Logitech products between personal use and small business use.

No more. Not one more dollar.


Okay so I’ve now cancelled my order for the Elite (super sad, was looking forward to it). What are the new recommendations for uni remote?



This really sucks.

I have one question: Is it enough to block HTTPS, TCP 433 or do I also need to block HTTP, TCP Port 80, 3128, 8000, 8001, 8080?

Thank you!


The referenced webpage (based on the Dec 1 2015 version in the wayback machine) described the API that apps such as IFTTT, smartthings, etc use. I’m guessing things like Alexa and Google home use this same API now too. This API actually uses authentication (based on their webpage, also IFTTT and Google integration actually make you log into your harmony account) and I assume is internet based (IFTTT and Google at least are only accessing Harmony via the internet).


Logitech need to get a grip… removing functionality that they know full well people are using with no prior warning under the BS excuse of “security” is unacceptable.
A solution would have been to disable it by default but allow users to toggle it back on by accepting the ‘risk’ in the mobile apps/myharmony.

Off to Amazon to rate all my logitech purchases 1 star…


Updated my two reviews, small step but it’s basically all we can do.

I really wish I had free time, i draw up pretty solid plans in the shower this morning for an open source universal remote system.


Is there a way to just remove my logitech devices from my home assistant so I stop getting this error in my logs? I don’t actually use it for any automations, i’d rather use a conventional remote than my phone or tablet.


I wasn’t going to set mine up until after christmas.
I’ve just arranged a return. Logitech’s response was so hilariously unprofessional (effectively “Lol! SOL Nerds!”) that I’d rather spend more and go elsewhere to someone that has an API.
If no-one supports an API for media control then I just wont use it.


Just wrote this to Darrell Bracken, Logitech CEO:

Dear Mr Bracken,
I just wanted to reach out to let you know how angry I am at how your company has handled the recent HarmonyHub firmware update that has now bricked a large section of my home automation.
Firstly, while I acknowledge we are a small subset of your customer/user base, I would like to point to how active we are in discussing/recommeding products and methods that enable ever-growing ways to manage and control our homes.  With this in mind I think, if your marketing people were to trawl the forums and reddits etc, you would find a huge number of recommendations for the HarmonyHub.  While I don't have numbers I would assert that, due to the trust implicit in these recommendations, a very large proportion of these turn into sales.  Sales that your company has profited from, over many years.
I'm now of the opinion that your marketing actually weren't aware of this subsection of your userbase, or how passionate they are or how much time and commitment they put into improving their homes.  If you did, your product team would not have dealt with this matter the way they did, in fact they would be actively involved in the community.  Your company is showing Microsoft levels of disconnect with its communities.
Not one bit of text was released by your commany informing anyone of the change.  Nothing in the changelog of the firmware, nothing to any community, nothing on twitter.  That either says you don't care or you didn't know it was going to upset so many people.  I'm not sure which is more disappointing.
For me, there is a more emotive reason to be upset.  While, in my house, the worst case of my remote no longer being able to be controlled by my Hub of choice(Homeassistant), is that I have to get up off the chair to do something.  In my Mother's home, it's a different matter all together.  She has MS, is pretty much bed-ridden, no dexterity in her fingers on either hand and damaged optical nerves, reducing her eyesight to less than functional.  She has no way to regulate her body temperature and so struggles with feeling either freezing or feeling too hot.  Of course, I have tried to help her the only way I know how, by bringing technology to the rescue.  Again introducing a system that controls heating, plugs, lights and aircon through voice control as well as doing it's best to automate things without her having to do anything.  She needs it.  I use the word NEED explicitly.  She needs it!  It impacts her quality of life directly every mninute of the day.
So, while your marketing people hide behind the point about this change being about security and "hard choices needing to be made" etc. which we know is a reflex response due to the unexpected vitriol being directed toward your company and its actions, clearly shows how little you know or care about your customers.  In this age of consumer power it really is a monumentally stupid error at all levels of your company and for that, only you can be held responsible.  It is also the reason you will never see me recommend your company's products again.
My only wish is for Logitech's actions in this matter to be reflected in the only way that seems to matter.  Somewhere in the financial figures and that somehow it awakens in your company, a deep longing to to re-engage, re-connect with your once loyal communities.  To become a shining example of how a company can benefit from loving its customers and respecting their wishes.  After all, they have invited you into their homes, you should honour that.  I won't hold my breath.

Yours incandescently,

sorry about horiz scroll, can’t get this indenting thing to work properly.

Also changed all reviews on Amazon. I’m really angry, not just about what has been done but how they are handling it. Monumentally shortsighted.

Darrrell’s email is publicly available in one of the Logitech forum posts.