I’ve searched and searched and not seen anybody posting an integration for these lights, but I’m hoping someone can point me in the right direction. The lights are definitely running a local web interface that responds with some status info when I hit it with a browser, but there’s nowhere else to go without pulling out wireshark.
1 Like
The lights appear to be using MQTT, not a rest API. I’ve never done any low level work with MQTT, but my first forays aren’t able to connect to the devices (it’s just ‘refused’). Is there a way to sniff MQTT traffic from my mobile app? The lamps have an “offline” mode that is still controlled from the app on a local network, so I’m assuming the broker is built into the lamps?
Wonder if there’s a way to integrate the ReefBeat app to HA…
It irritates me that it’s the only manufacturer that I can’t control.
I’d really like to develop an API for their ATO as I hate having to use their software.
Definitely MQTT
Well, thank you for that link. I sent esolutions a note through their contact us page. I give it a 5% chance of materializing, but better than not trying. In particular, I would like to set the desired schedule and then monitor power usage (through a neptune apex) to verify the light is on at the desired brightness. But man it would be cool to be able to run it on a solar cycle based on a target latitude.
Yeah, that page is certainly insightful.
I’m irritated enough to try and reverse engineer their android app to see if I can subscribe to their mqtt broker. I’ve tried snooping the mqtt messages locally and they’re obviously encrypted.
My main reason for wanting to do it is to gain a numerical value for their ATO water level sensor. I hate that is uses a desired range as, due to my sump design, it results in infrequent large volumes of RODI being dumped into the tank. It’s fairly trivial to intercept the messages but I’ve only been able to replay the manual start/stop command for the ATO pump.
esolutions look like they’ve adhered to best practices when designing ReefBeat so I doubt I’m going to find a nicely labeled certificate for client based mqtt authentication. That being said, they also don’t have the need to implement something more secure such as rolling codes.
I’m comfortable with mqtt, but have no background in android app design, but I imagine that’s going to be easier than the iOS app I use. I’ll sign into their Android App using an emulator and try and see if I can ascertain how it handles the client side authentication. At the end of the day, I’ve potentially already got a valid set of credentials …
1 Like
ok, so with some help, I’ve decompiled the app and can see that the end devices also respond to http requests. Try browsing http:/device-info using the IP of of any ReefBeat device. 
Trying to get an index commands from the code and will go from there.
Making progress!
1 Like
I get a nice JSON response - any other endpoints? Is this a standard http package we can guess endpoints?
On review, I’ve seen the root response as well - but I wasn’t able to find any of the endpoints.
{
ap_enabled: false,
ap_ip: "(IP unset)",
wifi_enabled: true,
wifi_ip: "10.0.210.106",
rtc_connected: true,
flash_size: 4194304,
real_flash_size: 4194304,
free_heap: 11536,
total_bytes: 957314,
used_bytes: 21586,
max_open_files: 5,
max_path_length: 32,
uptime: "D:011-H:09-m:34-s:11",
reset_reason: "Power On",
uuid: "bcff4d5142fe",
i2c_devices: [
{
address: "0x40",
device: "RSLED90"
},
{
address: "0x68",
device: "RTC"
}
]
}
the device-info endpoint gives a smaller response:
{
hw_type: "reef-lights",
hw_model: "RSLED90",
name: "RSLED90-5325566",
status: "unpaired",
hwid: "bcff4d5142fe"
}
The ap I imagine is part of the handshake, and I don’t know what RTC refers to.
I can only check using the ReefMatt and ATO - I don’t use their lights.
I’ll reply back when I have indexed the commands.
My goal is to ultimately connect over mqtt using my existing credentials.
I’m confident I’ll be able to achieve that, but I can’t write a HACS integration so hopefully we can all work together
try /dashboard
Hi Guys, I’m also highly intested into that topic, I use the full ecosystem from Red Sea (today lights, pumps and ATO and soon as well the mat and skimmer) and can do test’s to support, but I’m not a programmer meaning need some guidance for doing tests 
I can’t vouch for the LED lights (don’t have any), but the ReefDose dosers are:
- Just ESP32 devices
- Publish mDNS
- Respond to the /dashboard endpoint and list status
❯ avahi-browse -r _arduino._tcp
+ enp86s0 IPv4 RSDOSE4-4231951262 _arduino._tcp local
+ enp86s0 IPv4 RSDOSE2-79306589 _arduino._tcp local
= enp86s0 IPv4 RSDOSE4-4231951262 _arduino._tcp local
hostname = [RSDOSE4-4231951262.local]
address = [192.168.0.145]
port = [3232]
txt = ["board=doitESP32devkitV1" "tcp_check=no" "ssh_upload=no" "auth_upload=no"]
= enp86s0 IPv4 RSDOSE2-79306589 _arduino._tcp local
hostname = [RSDOSE2-79306589.local]
address = [192.168.0.144]
port = [3232]
txt = ["board=doitESP32devkitV1" "tcp_check=no" "ssh_upload=no" "auth_upload=no"]
And a dashboard output
curl 192.168.0.144/dashboard
{"restore_settings":true,"is_active":false,"battery_level":"high","time_error":false,"bundled_heads":false,"heads":{"1":{"supplement":"KoralAmino","state":"on","auto_dosed_today":4.5,"manual_dosed_today":0,"doses_today":4,"daily_dose":9,"remaining_days":21,"stock_level":"high","recalibration_required":false,"missed_dose":{"missed_volume":0,"total_volume":0},"daily_doses":8},"2":{"supplement":"Setup head 2","state":"not-setup","auto_dosed_today":0,"manual_dosed_today":0,"doses_today":0,"daily_dose":0,"remaining_days":0,"stock_level":"off","recalibration_required":false,"missed_dose":{"missed_volume":0,"total_volume":0},"daily_doses":0}}}
Its unclear if this also applies to the lights - I don’t have those.
Gonna share my own findings:
I’m using the ReefRun with 1 pump (for now).
All the endpoints on the cloud instance are proxied to the local device.
So instead of GET https://cloud.reef-beat.com/reef-run/{PUMP_ID}/pump/settings (with authorization header) you can do http://{PUMP_IP}/pump/settings (without auth, yikes, but easy to integrate)
Your devices are registered in the cloud and listed in the following urls:
Reef lights: https://cloud.reef-beat.com/reef-lights/library
Reef wave: https://cloud.reef-beat.com/reef-wave/library
Reef dose: https://cloud.reef-beat.com/reef-dosing/supplement
Reef dose: https://cloud.reef-beat.com/reef-dosing/bundled-supplements/reef_care (dont know what is in this one)
Reef mat: https://cloud.reef-beat.com/reef-mat/materials?include=all
Everything which you can do via the App is able to be integrated into HA. But because I don’t have all the devices, I’m only able to integrate the pump.
Would love to integrate the whole RedSea family, but I’m not that rich to buy all these devices 
1 Like
I haven’t tried to proxy the app or dump the endpoints it uses. Something to put on the list to find the needed endpoints (same goes for getting an Auth header, assuming it’s not just basic auth). Any pointers?
Happy to volunteer some time for the RSDOSE and RSWAVE family.
Speaking of no auth, the RSDOSE feature the Arduino espota port, with no auth. Just some nice local network code flashing 
No its not basic auth. Will log those endpoints tommorrow to obtain a token. I noticed they are short-lived, so probably some oAuth2 mechanism in place there.
Espota, no auth, that is terrible. Would RedSea be aware of those security flaws? We should draw their attention to fix these leaks.
Love to cooperate. You have a github username?
1 Like
To be fair I haven’t tried to push something to the OTA port, because I do kinda want the units I have working. May grab another dose and try to dump flash before continuing, for backup purposes.
Github username is @theatrus same as here
Update on the URLs I found for the reefdose after decompiling the reefbeat app.
//http://[rsdose-address]/time
//http://[rsdose-address]/description.xml
//http://[rsdose-address]/cloud
//http://[rsdose-address]/connectivity
//http://[rsdose-address]/connectivity/events
//http://[rsdose-address]/mode
//http://[rsdose-address]/logging
//http://[rsdose-address]/head/1/settings // /head/[head#]/settings
//http://[rsdose-address]/device-settings
//http://[rsdose-address]/daily-log
//http://[rsdose-address]/dosing-queue
//http://[rsdose-address]/supplement
//http://[rsdose-address]/head/1/supplement-volume // /head/[head#]/ // Same output as supplement above
//http://[rsdose-address]/hourly-log/1716249600 // /hourly-log/[epoch]
//http://[rsdose-address]/export-log
2 Likes
Beautiful. Any inclination which ones you can POST / PUT a body back to?
how to get contents from /dashboard into HA? I have ReefDose, ATO, ReefRun.