Does anyone have experience with the Sensors from Roost?
I am looking at using the Garage Door Sensor and integrating it with Home Assistant, but I am not able to find any information regarding the device and if it talks MQTT etc.
I am looking at using the Garage Door Sensor and integrating it with Home Assistant, but I am not able to find any information regarding the device and if it talks MQTT etc.
3 Likes
I canât find anything online between HA and Roost. Might have to build a new component for it?
Hi,
Did u have any luck with this?
Also interested in a component for this or the specs for the API.
Supposedly there is a way through IFTTT. However, I get errors logging into the roost platform through IFTTT.
The problem with IFTTT is it only works in USA. They had to change server because of GDPR. Therefore API no longer works but Iâm sure the must be a way with the European server.
Bumping this thread. I have been using IFTTT with my Roost smoke alarm sensor/battery, works great. But I just got the following email from IFTTT:
Next week, the Roost Smart Battery service will be removed from IFTTT as the Roost Smart Battery team no longer supports it.
Anyone know of another way to integrate with Home Assistant?
Just got a roost Water sensor since a Insurance company is giving them to their customers, anyone know if these are cutom firmware hackable to something Home assistant can use ?
2 Likes
Recent response directly from Roost when asked about APIs or integrations:
Hi wrkn,
At this time we have no plans for integration. I apologize for the inconvenience! We certainly thank you for your input and we regularly assess new feature requirements based on customer input and will consider integrations if a sufficient number of customers request it.
All the best,
The Roost Customer Care Team
As a workaround, they suggested to use the email and/or SMS alert feature in the Roost phone app, and trigger automations from those notifications.
Roost seems to be going the way of most other cloud based IOT companies by restricting access or not providing any kind of API or third party integrations. Iâll be receiving my roost water sensor soon and will take a look to see what hardware it has and if we can reverse engineer some of the API calls it makes back to the roost servers.
@Hafthor_Hilmarsson_O @wrkn @Jan_Willem_Maas
TLDR: we can fetch various sensor data from this sensor by finding a device key and then making rest api calls to the Roost servers
MORE DETAILS:
I recently received my roost water sensors and it appears that although there is no public API, the integrated api seems to be reasonably easy to reverse-engineer/replicate using rest api calls to the roost server. I was successfully able to make calls to the server to retrieve sensor data, alert data, and account information. The trick is to get the âBearerâ key after logging into your Roost account. This is a little tricky to retrieve because Roost doesnât have a website for login, rather we need to capture the web request via the mobile app using a network traffic proxy like burpsuite (maybe also possible to just use developer tools in a browser if you know the api call to make). After getting the âBaearerâ key we can use the rest api integration in Homeassistant to fetch the data, or we could put in the effort to create a full integration for homeassistant (or for HACS).
1 Like
Interesting approach. Tell us more!
What is the IP address of the Roost server? What is the structure of the different calls? How do I recognise the bearer token when I see it?
I do not have Burp Suite, but use Wireshark in stead. I am tracking my iPhoneâs traffic, but cannot really make heads or tails of it (novice WS user). Many thanks, Jan Willem
@Jan_Willem_Maas
Hereâs my process:
- Get Burpsuite Community Edition
- Follow this to setup a proxy through burpsuite. Then follow this to allow https connections. Process should be very similar for android
Note here: make sure the setting is set to âIntercept is offâ instead of âonâ like the article mentions. - Login to the Roost app as normal (Burpsuite will log the network requests)
- Once logged in look in Burpsuite for the last âPOSTâ to the googleapis.com address (This will have an
idTokenwhich is theBearerthat you will need to use for future requests)
With that token you can POST a request to a number of endpoints like so:
When making the request be sure to append âBearerâ to the front of the token in theAuthorizationheader.
Let me know if youâre able to get it to work. Iâd be glad to work with you on this to make a new integration!
Hi, I have managed to find my authorization bearer code using Burp Suite Community Edition. Works well. However using Postman for my POST request I get 400 Bad Request, Invalid session.
In Postman I have tried:
https://us-central1-roostprod.cloudfunctions.net/getAddress
Headers:
Content-Type: application/json
Accept: application/json
User-Agent: Roost-Consumer-Prod/35 CFNetwork/1126 Darwin/19.5.0
Accept-Encoding: gzip, deflate
Authorization: bearer âmy very long bearer tokenâ without quotes
Body (raw)
{âconsumerâ:true}
I have taken these from Burp Suite output:
What I am doing wrong. Should I use another app, not Postman?
@Jan_Willem_Maas Postman should work fine although i really like RESTED (There should also be a chrome version) . Did you try capitalizing the âBâ in âBearerâ? Iâm not sure if that would matter.
If that doesnât work, it may be necessary to make a call with postman/rested to the googleapi login url before trying to post to a different endpoint.
Unfortunately it appears that the Bearer key times out, so it may not be reliable for use in an official integration. And because sms is the only form of authentication (that i know of) for the Roost app, it might not be feasible to make a reliable integration for this 
Iâd be open for suggestions though! It seems like there would be an alternate authentication method (other than sms) but it might take some digging to discover it (if it exists).
Any luck with getting anything to work with the Roost Smart Sensor? I would really like to be able to automatically log the temperature data that the sensor provides.
@blp1018 I gave up on this for now. It wasnât worth my time to try to discover an undocumented authentication method that may not exist.