Unable to get Shelly to authenticate REST API

stefanlod · February 10, 2025, 9:41am

Hi everyone, trying to work out what to do here. I have a Shelly unit set up to undertake a GET request from my HA server.

I’m using the following script, which calls the REST API with the token (redacted), then logs the response to the console.

Shelly.call(
        "HTTP.GET",
        { 
            url: "http://192.168.XXX.XXX:8123/api/",
            headers: {
                "Authorization": "Bearer TOKEN_REDACTED",
                "Content-Type": "application/json"
            }
        },
        function(response) {
          console.log(response);
          }
    );

But when I run the script, HA logs the following:

2025-02-10 20:25:33.780 WARNING (MainThread) [homeassistant.components.http.ban] Login attempt or request with invalid authentication from shellyplus2pm-MAC_ADDR.local (192.168.XXX.XXX). Requested URL: '/api/'. (Plus2PM/1.4.4 (ShellyOS))

On the Shelly side, I get the following response from the HA server:

"Date": "Mon, 10 Feb 2025 09:34:11 GMT",
"Referrer-Policy": "no-referrer",
"Server": "",
"X-Content-Type-Options": "nosniff",
"X-Frame-Options": "SAMEORIGIN"
},
"body": "401: Unauthorized"
}

Initially I thought there might be something weird going with my token. So I ran the same GET request via cURL and I got a completely valid response.

Why would I be getting a 401 error in this case?

stefanlod · February 11, 2025, 1:15am

I’ve found the solution! In Shelly, HTTP.GET takes no headers. Instead, you need to use HTTP.REQUEST:

Shelly.call(
        "HTTP.REQUEST",
        { 
            method: "GET",
            url: "http://192.168.XXX.XXX:8123/api/",
            headers: {
                "Authorization": "Bearer TOKEN_REDACTED",
                "Content-Type": "application/json"
            }
        },
        function(response) {
          console.log(response);
          }
    );