Roost Smart Sensors | Roost Home Telematics

Does anyone have experience with the Sensors from Roost?


I am looking at using the Garage Door Sensor and integrating it with Home Assistant, but I am not able to find any information regarding the device and if it talks MQTT etc.
3 Likes

I can’t find anything online between HA and Roost. Might have to build a new component for it?

Hi,
Did u have any luck with this?

Also interested in a component for this or the specs for the API.
Supposedly there is a way through IFTTT. However, I get errors logging into the roost platform through IFTTT.

The problem with IFTTT is it only works in USA. They had to change server because of GDPR. Therefore API no longer works but I’m sure the must be a way with the European server.

Bumping this thread. I have been using IFTTT with my Roost smoke alarm sensor/battery, works great. But I just got the following email from IFTTT:

Next week, the Roost Smart Battery service will be removed from IFTTT as the Roost Smart Battery team no longer supports it.

Anyone know of another way to integrate with Home Assistant?

Just got a roost Water sensor since a Insurance company is giving them to their customers, anyone know if these are cutom firmware hackable to something Home assistant can use ?

3 Likes

Recent response directly from Roost when asked about APIs or integrations:

Hi wrkn,

At this time we have no plans for integration. I apologize for the inconvenience! We certainly thank you for your input and we regularly assess new feature requirements based on customer input and will consider integrations if a sufficient number of customers request it.

All the best,
The Roost Customer Care Team

As a workaround, they suggested to use the email and/or SMS alert feature in the Roost phone app, and trigger automations from those notifications.

Roost seems to be going the way of most other cloud based IOT companies by restricting access or not providing any kind of API or third party integrations. I’ll be receiving my roost water sensor soon and will take a look to see what hardware it has and if we can reverse engineer some of the API calls it makes back to the roost servers.

@Hafthor_Hilmarsson_O @wrkn @Jan_Willem_Maas

TLDR: we can fetch various sensor data from this sensor by finding a device key and then making rest api calls to the Roost servers

MORE DETAILS:
I recently received my roost water sensors and it appears that although there is no public API, the integrated api seems to be reasonably easy to reverse-engineer/replicate using rest api calls to the roost server. I was successfully able to make calls to the server to retrieve sensor data, alert data, and account information. The trick is to get the ‘Bearer’ key after logging into your Roost account. This is a little tricky to retrieve because Roost doesn’t have a website for login, rather we need to capture the web request via the mobile app using a network traffic proxy like burpsuite (maybe also possible to just use developer tools in a browser if you know the api call to make). After getting the ‘Baearer’ key we can use the rest api integration in Homeassistant to fetch the data, or we could put in the effort to create a full integration for homeassistant (or for HACS).

1 Like

Interesting approach. Tell us more!
What is the IP address of the Roost server? What is the structure of the different calls? How do I recognise the bearer token when I see it?
I do not have Burp Suite, but use Wireshark in stead. I am tracking my iPhone’s traffic, but cannot really make heads or tails of it (novice WS user). Many thanks, Jan Willem

@Jan_Willem_Maas
Here’s my process:

  • Get Burpsuite Community Edition
  • Follow this to setup a proxy through burpsuite. Then follow this to allow https connections. Process should be very similar for android
    Note here: make sure the setting is set to “Intercept is off” instead of ‘on’ like the article mentions.
  • Login to the Roost app as normal (Burpsuite will log the network requests)
  • Once logged in look in Burpsuite for the last “POST” to the googleapis.com address (This will have an idToken which is the Bearer that you will need to use for future requests)
    With that token you can POST a request to a number of endpoints like so:

    When making the request be sure to append “Bearer ” to the front of the token in the Authorization header.

Let me know if you’re able to get it to work. I’d be glad to work with you on this to make a new integration!

Hi, I have managed to find my authorization bearer code using Burp Suite Community Edition. Works well. However using Postman for my POST request I get 400 Bad Request, Invalid session.

In Postman I have tried:
https://us-central1-roostprod.cloudfunctions.net/getAddress

Headers:
Content-Type: application/json
Accept: application/json
User-Agent: Roost-Consumer-Prod/35 CFNetwork/1126 Darwin/19.5.0
Accept-Encoding: gzip, deflate
Authorization: bearer “my very long bearer token” without quotes

Body (raw)
{“consumer”:true}

I have taken these from Burp Suite output:
Screenshot 2020-07-20 at 15.49.35

What I am doing wrong. Should I use another app, not Postman?

@Jan_Willem_Maas Postman should work fine although i really like RESTED (There should also be a chrome version) . Did you try capitalizing the ‘B’ in “Bearer”? I’m not sure if that would matter.

If that doesn’t work, it may be necessary to make a call with postman/rested to the googleapi login url before trying to post to a different endpoint.

Unfortunately it appears that the Bearer key times out, so it may not be reliable for use in an official integration. And because sms is the only form of authentication (that i know of) for the Roost app, it might not be feasible to make a reliable integration for this :confused: I’d be open for suggestions though! It seems like there would be an alternate authentication method (other than sms) but it might take some digging to discover it (if it exists).

Any luck with getting anything to work with the Roost Smart Sensor? I would really like to be able to automatically log the temperature data that the sensor provides.

@blp1018 I gave up on this for now. It wasn’t worth my time to try to discover an undocumented authentication method that may not exist.