Rest_command - including secret value in url?

I’m trying to set up some rest commands for calling the HA API - I can make it work if I hardcode my api password, but I was hoping to use the secret instead. does anyone know if this is possible? example of what I’m trying (not working)

rest_command:
  garage_icon:
    url: http://ha.local:8123/api/states/group.garagetab?api_password=!secret api_password_url
    method: post
    payload: '{"attributes": {"entity_id": ["cover.garage_door", "media_player.roku_2_xd__12g2d0036416"], "friendly_name": "Garage", "hidden": True, "icon": "mdi:garage-open", "order": 3, "view": true}, "entity_id": "group.garagetab", "last_changed":"2017-02-08T12:56:03.848224+00:00", "last_updated":"2017-02-08T23:35:14.887961+00:00", "state": "open"}'
3 Likes

It can work, but you have to secret the entire url

rest_command:
  garage_icon:
    url: !secret super_dooper_secret_url
    method: post
    payload: '{"attributes": {"entity_id": ["cover.garage_door", "media_player.roku_2_xd__12g2d0036416"], "friendly_name": "Garage", "hidden": True, "icon": "mdi:garage-open", "order": 3, "view": true}, "entity_id": "group.garagetab", "last_changed":"2017-02-08T12:56:03.848224+00:00", "last_updated":"2017-02-08T23:35:14.887961+00:00", "state": "open"}'

Hi, how do you call the rest_command?

I’m trying to access a REST service (phlex TV) that wants the token as a parameter, but I also want to pass my own parameters:

url: 'http://127.0.0.1:5666/api.php?say&apiToken=xxxx&command={{ command }}'

In this case, I can’t just put the entire URL into secrets.yaml because I want to include the command, but I also can’t add the token from secrets.yaml. I tried using POST and including the command in the payload, but Phlex just ignores it unless it’s part of the URL. Is there really no way to generate a simple GET query that includes a secret?

1 Like

Anyone had any luck with this?
I need to add a password to an url

I know this is old, but there wasn’t a solution shown.

You could pass the secret token in when you pass the command in.
The code where you pass it, can obtain it from secrets.

That’s how I’ve done it.

If that doesn’t make sense, I can post some code examples.

Just for reference: another way to use a !secret value within a template such as the rest_command url is to create a hidden input_text based on the secret withing configuration.yaml.
Example visible in this topic: https://community.home-assistant.io/t/how-to-use-template-values-in-rest-sensor-payload/283939/3?u=myt

just a side node.

When debug mode for rest / command line sensor is on (or the command fails due to any reason),
the log output always contains the secret value clearly visible.

Hi Bruce. I didn’t follow what you are saying about passing the secret token in when you pass the command in. Can you post some sample code?