I ran into the same problem and although these posts helped point me in the right direction, my solution was slightly different.
TLDR; I had to change the Security Level under Security->Settings from “I’m Under Attack!” to “Medium” (I didn’t try any of the other levels)
Some background:
Once I got the personal access token from the SmartThings page, I used it in the Home Assistant Integration setup and got an error in the UI like: SmartThings could not validate the webhook URL…
In the logs:
ERROR (MainThread) [homeassistant.components.smartthings.config_flow] API error setting up the SmartApp:
{'requestId': 'xxx', 'error': {'code': 'ConstraintViolationError', 'message': 'The request is malformed.', 'details':
[{'code': 'TargetNon200Error', 'target': 'https://homeass.xxx.com/api/webhook/xxxxx',
'message': 'Target did not respond with a 200 status. Upstream status code=403', 'details': []}]}}
In CloudFlare, I traced it to this error under Security->Events:
The Action taken of ‘Managed Challenge’ was tripping Home Assistant up. I already tried disabling the Bot Fight Mode and tried adding a WAF Skip rule matching the /api/webhooks path but that didn’t work. It turned out that the ‘Security Level’ Service was kicking in and that comes in before the custom rules added in WAF.
It was not clear from the ‘Traffic Sequence’ box on the right where this came in but apparently it supercedes everything. When I went under Security->Settings, the first entry was for Security Level and changing that fixed it:
Hello everyone,
I had the same issue and I tried every hits here without any luck, before finding my own one.
I have my own domain and SSL, issued by third party. No Cloudflare.
I found this How to Install SSL Certificate on NGINX Server which pointed me out to the right direction: creating a crt bundle, merging SSL domain certificate and intermediate + CA certificate in a single fullchain.pem cert file
I updated the new fullchain.pem file on my HA and rebooted
Smarthings registration could be finally be completed!
Hi, I recently added some country restrictions on cloudflare and just found that this was why smartthings stopped working. May I ask you how you can add this /api/webhook exception to my WAF rule on cloudflare?
Same here. Currently got public ddns thru synology.me with reverse proxy. For now I can access remotely to main page but can’t to /api/… can some tell me should I add additional settings there? Already added external and internal IP
I tried all the suggestions from previous replies and didn’t work and started looking at my cloudflare config after reading this one. Turns out I had to lower the minimum TLS version from 1.3 to 1.2 and then it worked.
DAMN! After several days I figured out what was the problem thanks to your post. In my case I created a WAF rule on Cloudflare who accepts only connection coming from my country. I had to temporary disable that rule as Smartthings connection is coming from Ireland. THANK YOU!
