WTH: Integrations should be explicit with their level of manufacturer support

Month of "What the heck?!"
1

My WTH moment is when I have devices with what I thought are well-supported Integrations suddenly breaking because the manufacturer has perhaps suddenly closed off the secret access to their mobile app API, or changed how encryption works on the end device so local access no longer works.

I’d like all device integrations to be required to explicitly state and be honest about their level of manufacturer support so I can make informed decisions about devices I purchase. I think a tiered system with categories like:

  • Fully supported. This integration is designed to work with Home Assistant. (i.e. Frigate NVR, ESP Home)

  • Supported Cloud API. The manufacturer supports the use of, and offers public Cloud APIs for the HA Integration to use. (Tuya Cloud, Samsung SmartThings?)

  • Supported local API. As above, but with direct device control.

  • Tolerated Cloud API. The integration uses an unofficial or mobile app API, but the manufacturer is publicly supportive of the use of their API in HA. (TP-Link Tapo?)

  • Tolerated local API.

  • Reverse-engineered Cloud API. The integration uses a mobile app API and the manufacturer is unaware of its use for Home Assistant, and may restrict or block access at any time.
    This should be the default category for all integrations using Cloud APIs.

  • Reverse-engineered local API. The integration has a well-understood local API, but the manufacturer has sometimes taken steps to remove access (Local Tuya)

  • Unauthorised Cloud API.

  • Unauthorised local API.
    (Most vehicle integrations are probably in these two)

2

Revised Integration Quality Scale has been brought in. It won’t do anything about manufacturers that do a rug-pull, however.

3

Thanks. The quality scale is a good overall indicator of an integration quality, but it doesn’t appear to cover API use specifically.

The rating could mislead if a high quality integration uses an unofficial API and the manufacturer does, as you say, a rug pull: Just because it works with HA and the integration is written well, it doesn’t mean the manufacturer is happy about it. (The recent problems with a certain US garage door opener come to mind…)

4

The scale is a good idea. But there is a way how to easily mitigate these issues. Always prefer devices that can be controlled locally. Doesn’t matter if it’s official support, reverse engineered or whatever. As soon as you set up the device, block it’s internet access on your router (VLAN). If it’s controlled locally, why should it go to internet anyway. And then it doesn’t matter if the manufacturer changes his mind and decides to block local access - he just can’t force update to your device without internet.

5

Totally local control is the ideal of course, but not always possible with all devices. There are few, if any, local only Internet blocked options for say, vehicle telemetry.

And in some areas, household solar inverters, for example, have full local control support but are required to be Internet connected for metering and grid load shedding requirements.