Traeger WiFire Unofficial API Help Needed!

Hi there!

Out of the desire to tinker, the sickness of cramming everything I possibly can into Home Assistant, and my love for cooking I decided to try to reverse engineer the Traeger WiFire API after getting the inspiration from this reddit post. I am not an expert at this, and have never done this before therefore I am looking for help as this unofficial API is far from done.

Here is what I have accomplished thus far. After doing some noodling with Charles to see what the iOS traeger app sends out in requests I was able to sniff out the following API endpoints:

  • https://1ywgyc65d1.execute-api.us-west-2.amazonaws.com/prod/mqtt-connections
    • This endpoint is responsible for establishing the token. Using Insomnia (similar to Postman) I was able to make a POST request to this endpoint with the following headers, while copying the Authorization token from my app. Keep in mind the response mentioned that the token will expire, and it does. I tried to require the Token using AWS documentation for Signature Version 4, but only made it past Task 1, and not sure it is right

Request Headers:

POST /prod/mqtt-connections HTTP/1.1

Host: 1ywgyc65d1.execute-api.us-west-2.amazonaws.com

Content-Type: application/json

Content-Length: 0

Connection: keep-alive

Accept: */*

User-Agent: Traeger/2 CFNetwork/1125.2 Darwin/19.4.0

Authorization: eyJraWQiOiI2Y0dhUVRibHhBVzc2NCtQT2pWUGxmbjJqREtyNkc2R2hMZkc3dGhOUTVNPSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJiOGE2MThhNC1hNTQ4LTQ4MTgtYTFjOC05ZjcwZjM0ODQ0M2IiLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiY3VzdG9tOnYyX3VzZXJfaWQiOiJlMDIyYzY2Zi0wNzFlLTQ5OWMtYjg1ZS02Zjc2ZjJkNmZiZGQiLCJpc3MiOiJodHRwczpcL1wvY29nbml0by1pZHAudXMtd2VzdC0yLmFtYXpvbmF3cy5jb21cL3VzLXdlc3QtMl8xRkMzYUp1QzMiLCJjb2duaXRvOnVzZXJuYW1lIjoibWlndWVsQG1pZ3VlbGFyaW9zLmNvbSIsImdpdmVuX25hbWUiOiJNaWd1ZWwiLCJhdWQiOiIyZnVvaGp0cXYxZTYzZGNrcDV2ODRyYXUwaiIsImV2ZW50X2lkIjoiYWIzZDUxOTctYThmMS00MDU5LTlkMjQtM2JlOGQyNWE1ZDdjIiwiY3VzdG9tOnYyX3VyYmFuX2FpcnNoaXBfaWQiOiJhNzIxMDE5OC02ZjI2LTQ2NjMtODQ0Mi1iMDM3OWU4ZWJhYWIiLCJ0b2tlbl91c2UiOiJpZCIsImF1dGhfdGltZSI6MTU4NzQxMTE4OSwiY3VzdG9tOnYyX2N1c3RvbWVyX2lkIjoiYWJ1d1pxVkFQNEZnTXdRZ3NzMDlxbnpHVVgiLCJleHAiOjE1ODk1MDc2MTMsImlhdCI6MTU4OTUwNDAxMywiZmFtaWx5X25hbWUiOiJSaW9zIiwiZW1haWwiOiJtaWd1ZWxAbWlndWVsYXJpb3MuY29tIn0.cfbg4f8PpVCkIN2CUfkGze5ZCAbFc9q4GtBlniC6Wr5EiRYM1fDe9XGfyxoht6DxDo2iDvVGIBHk3peOTn3EGI-o5U2rNnrNnKpsQ9QJw3OpHfMHOHpF8W-xz4E7xktQd8xNaQGquK5ssGGi8O01IbQ1YHIraEOt_K9TDGEsvFuMeD5iSVFJ78cSbaB162js8eqxmJ4-I99fuZ9YEuLqr8fR-yMbtMXWxBYvkGRnMWYePzJltTsomHGq6ILp08Faqg-m6eZJEXeqDmPDvhaJOCpBfNX5CVGAuToYti3KkIobht5nuhVsWv3yU1-RMJNUWwB6v_XCcWZnI47yntGQMg

Accept-Language: en-us

Accept-Encoding: gzip, deflate, br

Empty Request Body

Response Body

{

 "expirationSeconds": 3600,

 "expiresAt": 1589507945,

 "signedUrl": "wss://aqmix2am7g1w-ats.iot.us-west-2.amazonaws.com/mqtt?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIAYCV2Q4WGIHLZMUVY%2F20200515%2Fus-west-2%2Fiotdevicegateway%2Faws4_request&X-Amz-Date=20200515T005905Z&X-Amz-SignedHeaders=host&X-Amz-Signature=b171c0356e15cdf773c2346bee1fe5ebdfec4e8eef4900926f07659d4531593e&X-Amz-Security-Token=FwoGZXIvYXdzEEoaDNdMzOZvol%2Fr4aahOSLAA1GqpglpkWnZ5EjOOtSm9w%2BCMo9mnU9IbcxN4rriTo%2FiLBFkCrYqHh0ZqXhMX%2BktGwBARVLUauyEhzC2BtoCWm8cq6ViOwtPMHJR0fNyfLWKACKPS1RGdQnQwepKXzapGvYpOPSlsR39rmEOKt3TUqC%2FbKAKFo%2F2lIC0pAOof4n3kOPZMikN%2BcKy0swwDWJkbJQuJcm3%2BwbtCUA37LRERf1E4Z2ViXa%2BY8fpOiT8VnsFlNIjQM%2FGpvyUPzHxSgBUj0DSraOFVVndb0%2F6z%2BqTj9ymaCmsaSjMTSsbOaODoAWOApb0PiErYISxn1KNaohDv6P6Q8VM2wrbPEEl55qoQ72K%2FiUwHP8J7J0uWW6NAlltBhlUhRCOXkOI88z0OXmUXrDdMnEAFBmz6GVXEXTBl0W2Pr%2FkcFRXp2FQpVIVHWKsZiXnCxAjNxeTIfnDzNRjCTaKJarbdn2ULf8B8QgdfXZGLaByv4dYNXTzrz7O%2BMtLwvwu3Ea4N0sHsR%2BrPwbbrmVFObn9mx0lGO7E2cTA%2F0PKHt4ScmpWIMKoYB7Daqr1ooFqSonW9%2FPmx%2BiWr%2Be7nCY6hfDvy08HGRnhaBi9cBYo2dL39QUyLfHtgzkzPOFaGdKiu8sVvuaz8ws46Ebh1Gr7LETdE5enDOnVC19wxcyvtqIyYA%3D%3D"

}

  • i tried making a basic REST binary_sensor, but it didn’t work.

  • i tried using cURL instead of insomnia from HA CLI with the Authorization token but got a response that i was missing a Signature header, and a few other headers. Need to do this cURL command again to figure out what exactly was sent back and update this post.

  • https://1ywgyc65d1.execute-api.us-west-2.amazonaws.com/prod/things/801F12C87E2B/commands

    • If I just copy the authorization token, and I can actually send POST request to this endpoint using Insomnia to control the Traeger app and it works! Still need to figure out more of the commands.
    • Found out the following commands

// This command simply keeps the connection alive, but haven’t tried to make a REST sensor of this.

{

“command”: “90”

}

// This command will change the temperature of the grill to 170 degrees F

{

“command”: “11,170”

}

// This command will shutdown the grill

{

“Command”: “17”

}

// This command set a timer

{

“Command”: “12,00000” // 00000 will be the time in seconds for the timer. When you want to reset the time just send all 0’s.

}

Currently i am unable to READ any of the temperature data from the grill which sucks, and I desperately need help with this. I tried to use wireshark to get the traffic going from my grill out to the internet, but was unsuccessful mostly because I am not experienced with using wireshark, so if someone can help me with this that would be great! To me reading the temperature is probably the most important part of this exercise.