Rest_command - including secret value in url?

mconway · February 12, 2017, 9:56pm

I’m trying to set up some rest commands for calling the HA API - I can make it work if I hardcode my api password, but I was hoping to use the secret instead. does anyone know if this is possible? example of what I’m trying (not working)

rest_command:
  garage_icon:
    url: http://ha.local:8123/api/states/group.garagetab?api_password=!secret api_password_url
    method: post
    payload: '{"attributes": {"entity_id": ["cover.garage_door", "media_player.roku_2_xd__12g2d0036416"], "friendly_name": "Garage", "hidden": True, "icon": "mdi:garage-open", "order": 3, "view": true}, "entity_id": "group.garagetab", "last_changed":"2017-02-08T12:56:03.848224+00:00", "last_updated":"2017-02-08T23:35:14.887961+00:00", "state": "open"}'

jivesinger · January 25, 2018, 2:18pm

It can work, but you have to secret the entire url

rest_command:
  garage_icon:
    url: !secret super_dooper_secret_url
    method: post
    payload: '{"attributes": {"entity_id": ["cover.garage_door", "media_player.roku_2_xd__12g2d0036416"], "friendly_name": "Garage", "hidden": True, "icon": "mdi:garage-open", "order": 3, "view": true}, "entity_id": "group.garagetab", "last_changed":"2017-02-08T12:56:03.848224+00:00", "last_updated":"2017-02-08T23:35:14.887961+00:00", "state": "open"}'

anon35356645 · February 7, 2018, 3:38pm

Hi, how do you call the rest_command?

wklink · November 30, 2018, 11:31pm

I’m trying to access a REST service (phlex TV) that wants the token as a parameter, but I also want to pass my own parameters:

url: 'http://127.0.0.1:5666/api.php?say&apiToken=xxxx&command={{ command }}'

In this case, I can’t just put the entire URL into secrets.yaml because I want to include the command, but I also can’t add the token from secrets.yaml. I tried using POST and including the command in the payload, but Phlex just ignores it unless it’s part of the URL. Is there really no way to generate a simple GET query that includes a secret?

marciogranzotto · January 8, 2020, 2:19pm

Anyone had any luck with this?
I need to add a password to an url

jivesinger · February 3, 2020, 6:11am

BruceH5200 · February 2, 2021, 11:53am

I know this is old, but there wasn’t a solution shown.

You could pass the secret token in when you pass the command in.
The code where you pass it, can obtain it from secrets.

That’s how I’ve done it.

If that doesn’t make sense, I can post some code examples.

myT · January 17, 2022, 8:49am

Just for reference: another way to use a !secret value within a template such as the rest_command url is to create a hidden input_text based on the secret withing configuration.yaml.
Example visible in this topic: https://community.home-assistant.io/t/how-to-use-template-values-in-rest-sensor-payload/283939/3?u=myt

mk-maddin · January 17, 2022, 9:44am

just a side node.

When debug mode for rest / command line sensor is on (or the command fails due to any reason),
the log output always contains the secret value clearly visible.

JeffersM · September 16, 2023, 2:27pm

Hi Bruce. I didn’t follow what you are saying about passing the secret token in when you pass the command in. Can you post some sample code?