boschsmarthome / bosch-shc-api-docs Goto Github PK

i have just started the bsh integration for fhem. getting the environmental data for a twinguard works perfectly fine but i' wondering if there is a way to get information about the battery level via the api.

also starting and stopping the test and alarm via the api would be great.

the same goes for silencing at least the group as it seems this is also possible with the bsh app.

as i don't have any of the bidcos based hardware: can the api control this hardware like it is possible with the ccu3 rpc api?

It would be great if it would be possible to provide a unique id (e.g. mac address or serial number) of the SHC via an API call, e.g. using "smarthome/public/information". This would allow other applications to identify the SHC, even if the IP has changed.

Hello,

I love this integration because the default one lacks most features.
However I noticed that my new Bosch Cover / Light control II are not showing up.

Are you planning to integrate them?

Thanks,
Lukas

Hi,
es wäre super, wenn man per API (ich nutze dazu Node-Red) die Leuchten (Stimmungs- und Bewegungslicht) ein-/ausschalten könnte. Ich habe 5 dieser Kameras und 2 davon hängen an der Terrasse und ich würde die Beleuchtung der Kameras gerne zusammen mit den anderen dort hängenden Lampen schalten können.
Kann die API dahingehend erweitert werden? Wäre super.

Viele Grüße
Stefan

Hello Bosch Community :)

I am currently trying to integrate my Somfy IO rolling shutters into the Bosch Home Control System. Unfortunately, I haven't found the right approach yet, so I'm asking you for help. The Somfy API can be found here: https://developer.somfy.com/apis-docs

As I currently understand it, I can communicate via REST API between the Bosch API and the Somfy API. I have already created an "app" in the Somfy portal.

Do any of you already have experience with integrating Somfy or similar products into the Bosch API?

My ideal is that I can control everything from my smartphone via the Bosch Client App. For example, if a room gets too warm and a Bosch thermostat reports this, I want to auto lower my rolling shutters via IFTTT etc. as an example scenario.

Thank you very much for your support in advance!

Hello,

is it possible to read the information from the ios widget "Open doors/windows" with the API?

If yes, how?

Hi there!

First of all thanks for the nice clean Rest API for your controller. It's easy too understand and to use. A special thanks for the step-by-step guides to get it running and the Postman files :)

Right now I am working together with a few other voluntary devs to develop a binding for your Smart Home devices for openHAB (https://www.openhab.org/).

https://github.com/stefan-kaestle/openhab2-addons

I am currently working on the shutter control handling. Moving the shutters up and down and setting a specific open ratio was easy enough to implement.

But what I am missing is a command to stop the shutters with an API request. As a workaround I tried to get the current state and set it immediately, but I get back the target state of the shutter rather than the current state.

Would be great to have a separate API endpoint for this. Or is it maybe possible already but not documented?

It would be very nice to enable the SHC to call a webhook or something similar to push the event of a scenario being triggered to other services. In that way, e.g., the Twist Remote would be much more powerful in advanced setups which involve more than just using the smart phone app on its own.

An example could be as follows:
On triggering of a scneario
POST - example.host/example-endpoint
with body {scenario: 'scenario name'}
and optional http header fields set

I have a certificate per your documentation and base64 encoded the password that I just set, but when I send the request (after pressing the button on the controller) I get

• Preparing request to https://bosch-smart-home-controller.fritz.box:8443/smarthome/clients
• Using libcurl/7.64.1 (SecureTransport) LibreSSL/2.8.3 zlib/1.2.11 nghttp2/1.39.2
• Current time is 2020-03-10T19:18:06.373Z
• Disable timeout
• Enable automatic URL encoding
• Disable SSL validation
• Enable cookie sending with jar of 0 cookies
• Hostname in DNS cache was stale, zapped
• Trying 192.168.188.42...
• TCP_NODELAY set
• Connected to bosch-smart-home-controller.fritz.box (192.168.188.42) port 8443 (#7)
• ALPN, offering h2
• ALPN, offering http/1.1
• successfully set certificate verify locations:
• CAfile: /etc/ssl/cert.pem
• CApath: none
• TLSv1.2 (OUT), TLS handshake, Client hello (1):
• TLSv1.2 (IN), TLS handshake, Server hello (2):
• TLSv1.2 (IN), TLS handshake, Certificate (11):
• TLSv1.2 (IN), TLS handshake, Server key exchange (12):
• TLSv1.2 (IN), TLS handshake, Server finished (14):
• TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
• TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
• TLSv1.2 (OUT), TLS handshake, Finished (20):
• TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
• TLSv1.2 (IN), TLS handshake, Finished (20):
• SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
• ALPN, server did not agree to a protocol
• Server certificate:
• subject: C=DE; O=Bosch Thermotechnik GmbH; CN=64-da-a0-02-30-fa
• start date: Sep 16 08:56:31 2018 GMT
• expire date: Sep 16 08:56:31 2020 GMT
• issuer: C=DE; O=Bosch Thermotechnik GmbH; CN=Smart Home Controller Issuing CA
• SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.

POST /smarthome/clients HTTP/1.1
Host: bosch-smart-home-controller.fritz.box:8443
User-Agent: insomnia/7.1.1
Content-Type: application/json
Systempassword: XXXXXXXXXXXX
Accept: /
Content-Length: 1424

| {
| "@type": "client",
| "id": "oss_test",
| "name": "OSS test",
| "primaryRole": "ROLE_RESTRICTED_CLIENT",
| "certificate": "-----BEGIN CERTIFICATE-----\rxxxxxxx\r-----END CERTIFICATE-----"
| }

• upload completely sent off: 1424 out of 1424 bytes

< HTTP/1.1 401 Unauthorized
< x-mbs-platform-state: 100
< date: Tue, 10 Mar 2020 19:03:57 GMT
< content-length: 0
< Cache-Control: no-cache, no-store, must-revalidate
< connection: close

• Closing connection 5
• TLSv1.2 (OUT), TLS alert, close notify (256):

This is a log from Insomnia, but Postman has the same result. Any ideas what is missing?

Hi.
I followed your instructions on the setup of postman. I think it might be beneficial to include advice to edit the pre-request script variables and the request body before sending the new client request. :)

After doing so however, I'm getting:

Error: write EPROTO 139987876223616:error:140943F2:SSL routines:ssl3_read_bytes:sslv3 alert unexpected message:../../vendor/node/deps/openssl/openssl/ssl/record/rec_layer_s3.c:1407:SSL alert number 10

in the postman console. This seems to be an ssl handshake error. From here:

10  | unexpected_message |  Received an inappropriate message This alert should never be observed in communication between proper implementations. This message is always fatal.

Could you perhaps provide the command you used to generate the .key and .crt files?

Hi,

it would be very nice to add some API to grab a picture from the Smart Home Eyes camera. It could be integrated in some other automation software like openhab.

Additionally it would be perfect to add a web hook to get notified on detected movements.

Thanks

Hello dear Bosch-Team,

after getting awesome support and debugging an application using your API, we found that with the version switch (I guess from 2.5 to 2.6) the field shcIpAddress has been removed from the API call to https://x.x.x.x:8446/smarthome/public/information --no-check-certificate. Since the integration relies on that field, my home automation with all my Bosch products is broken now.

The Bosch mobile application itself has a field which is called "IP-Adresse des Smart Home Controllers". This field is always empty. So I guess the app is expecting that field in the same way.

Can you provide some more information? Is the removal for purpose or will we see the field again inside responses?

tschamm/boschshc-hass#42

First of all: Thank you for providing the API to us, you're my personal hero now!

I'm new to postman and using certificates so please forgive me if the solution to my problem is quite obvious.

What i did so far:

1. I downloaded openssl for win10 64bit from https://slproweb.com/products/Win32OpenSSL.html
2. ran C:\Program Files\OpenSSL-Win64\bin\openssl.exe as administrator and used the following commands:
   genrsa -out bshc.key 2048
   req -new -key bshc.key -out bshc.csr
   x509 -req -days 36500 -in bshc.csr -signkey bshc.key -out bshc.crt
3. via the last step i set the password to MeinPassw0rt and after that i installed it on win10
4. I did as described in "How to use the Bosch Smart Home Postman Collection".
5. after these steps i tried to add new client as suggested.
   So I went to Collections and klicked on "New Client (read our Terms and Conditions, see description)"
6. I created a new environment and within i set the variable system_password_base64 to the "Key:" printed onto the back of my SHC (e.q. myHardwareKey) and back to the New Client tab i selected it from the drop-down menu in the top right corner.
7. There under "Pre-request Script" i modified the "postman.setEnvironmentVariable("host", "192.168.0.10"); that it fits my IP of the SHC (192.168.178.10).
8. The last thing i did was inserting the content of the bshc.crt file under "Body" -> "certificate".
   Under "Params" is nothing entered, and under "Headers" 'Content-Type' and 'Systempassword' are checked.

So after pushing the pairing-button on the SHC, running back to my PC and hitting "SEND" i got the following:

I'm sure that my mistake has something to do with my usage of the certificate (or maybe postman in general).

Any help would be great. Thank you in advance and thank you again for releasing the API!

Hi,

is there any way you could release an icon pack for the icons that are used in ios/android Bosch shc app?

Currently i am building a wall mounted device that makes use of the Bosch shc API. In order to reflect
certain states/locations/types of devices that you are able to set via the mobile app, id love to use your icons without breaking any copyright and hopefully be able to publicize the project.

Thanks,
Jakob

Hi!

Wäre es möglich für die Zukunft in einem "offenen" Modus das Kamerabild direkt via rtsp auszugeben?
Das wäre eine große Erleichterung vor allem für Leute die diese Kamera in ihr bestehendes Überwachungssystem einbinden möchten.

LG Niklas ;-)

Hi,

I followed the instructions on "How to use the Bosch Smart Home Postman Collection".
The public information request (https://{{host}}:8446/smarthome/public/information) works as expected.

But as soon as I send the request to create a new client (Port 8443), I get the following response:

"Could not get any response
There was an error connecting to https://192.168.178.36:8443/smarthome/clients.
Why this might have happened:
The server couldn't send a response:
Ensure that the backend is working properly
Self-signed SSL certificates are being blocked:
Fix this by turning off 'SSL certificate verification' in Settings > General
Proxy configured incorrectly
Ensure that proxy is configured correctly in Settings > Proxy
Request timeout:
Change request timeout in Settings > General"

The SSL certificate verification is turned off and there is no proxy. The same error appears when requesting anything on port 8444.

Here is the output of the public information json:

{
    "apiVersions": [
        "1.0"
    ],
    "softwareUpdateState": {
        "@type": "softwareUpdateState",
        "swUpdateState": "NO_UPDATE_AVAILABLE",
        "swUpdateLastResult": "UPDATE_SUCCESS",
        "swUpdateAvailableVersion": "",
        "swInstalledVersion": "9.16.1457-11868",
        "swActivationDate": {
            "@type": "softwareActivationDate",
            "timeout": 604800000
        }
    },
    "claimed": true,
    "country": "DEU",
    "tacVersion": "DEU-10",
    "shcIpAddress": "192.168.178.36",
    "clientIds": [
  // manually removed client ids //
    ],
    "featureToggles": {
        "http-rest.api": false,
        "app-store-rating.ios": true,
        "water-leakage-sensor.pairing": false,
        "siri-shortcuts": false,
        "app-logging": false,
        "app-analytics": false,
        "shading.slats.values": false,
        "plugcompact.pairing": false,
        "cameras.extension": true,
        "shading.advance.menu": true,
        "app-store-rating.android": true,
        "homekit-activation": false,
        "whitegoods.pairing": true,
        "plug.automation.condition.onoff": false,
        "cloud.tokenvalidation": true,
        "hue.automation.condition.onoff": false
    },
    "connectivityVersions": [
        {
            "name": "claiming",
            "minVersion": 1,
            "maxVersion": 1
        },
        {
            "name": "noncePairing",
            "minVersion": 1,
            "maxVersion": 1
        },
        {
            "name": "buttonPairing",
            "minVersion": 1,
            "maxVersion": 1
        }
    ]
}

What could be the problem? The http-rest.api-setting (false) looks suspicious, but I have no idea how to toggle it.

Thanks in advance,
Patrick

Hi team,

when clicking on the link to the OpenAPI Documentation from the Readme file, I just receive an error message from you CloudFront -> S3 setup with Access Denied.

Can you please take a look.

Br,
Chris

Ich möchte die Daten von unseren Twinguards mittles C# und der API auszulesen, da ich diese dann weiterverarbeiten und in einer Datenbank speichern möchten.
Leider bekommen wir beim Verbindungsversuch die folgende Fehlermeldung:

System.Net.WebException: The SSL connection could not be established, see inner exception.
---> System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
---> System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception.
---> System.ComponentModel.Win32Exception (0x80090327): Beim Verarbeiten des Zertifikats ist ein unbekannter Fehler aufgetreten.
--- End of inner exception stack trace ---
at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm)
at System.Net.Security.SslStream.ProcessAuthentication(Boolean isAsync, Boolean isApm, CancellationToken cancellationToken)
at System.Net.Security.SslStream.AuthenticateAsClient(SslClientAuthenticationOptions sslClientAuthenticationOptions)
at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Boolean async, Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
--- End of inner exception stack trace ---
at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Boolean async, Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.GetHttpConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken)
at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken)
at System.Net.Http.HttpMessageHandlerStage.Send(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.Http.SocketsHttpHandler.Send(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.Http.HttpClientHandler.Send(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.Http.HttpMessageInvoker.Send(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.Http.HttpClient.SendAsyncCore(HttpRequestMessage request, HttpCompletionOption completionOption, Boolean async, Boolean emitTelemetryStartStop, CancellationToken cancellationToken)
at System.Net.Http.HttpClient.Send(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationToken cancellationToken)
at System.Net.HttpWebRequest.SendRequest(Boolean async)
at System.Net.HttpWebRequest.GetResponse()
--- End of inner exception stack trace ---

Es scheint mir so, als wenn es hier irgendein Problem mit dem Zertifikat gibt, vielleicht hat hier jemand eine Idee? Leider habe ich in den anderen Beiträge nichts brauchbares bezüglich des Verbindungsaufbaus gefunden.

Hi there, is there something ongoing already to support the version two of the shutter/switch (in wall)?

https://www.bosch-smarthome.com/at/de/produkte/geraete/licht-rollladensteuerung/

Is it possible to include the lightlevel information into the api so that it can be changed without the need to use the BOSCH app?

Great structured repo, really like the postman collection!

It would be great, if one read the current lightlevel. Since it's possible to change the sensitivity of the motion sensor through the app, I guess that there must be some kind of light level information?

Announcement: The Smart Home Controller update scheduled for May 2021 will no longer support API 1.x.

All clients must therefore migrate to API 2.1, which is already available on the Smart Home Controllers.

The API changes between 1.x and 2.x are mostly marginal, but all requests including an HTTP header with "api-version : 1.0" will no longer work.

• New REST APIs for the intrusion detection system need to be added to the Postman collection.
• "api-version" header must be changed to "2.1"
• Provide a change log

Hi, I know long polling is encouraged, but what's the actual disadvantage of short polling? There doesn't seem to be rate limiting, is that a change that we should expect? Or is it simply to preserve battery?

Hello Bosch Dev Team,

I'm trying to use the "new client" request from the Postman collection but I'm kind of lost :-(
Here is what I've tried so far:

• I've replaced {{system_password_base64}} with my base64 encoded system password. I double-checked this several times and compared it to the given examples mentioned in the closed issues. I even changed my system password in the app to make sure it is correct.
• I've replaced {{client_id}} and {{client_name}} with "myapp" and "MyApp" for testing
• I've copied over the certificate from the pre-request script note to the "certificate" field in the request body
• I've replaced {{shc_secure}} with: https://192.168.178.7, https://192.168.178.7:8443, https://192.168.178.7:8444, https://192.168.178.7:8443/smarthome and
  https://192.168.178.7:8444/smarthome
• I've pressed the button on the controller until the lamp blinks and sent out the request

Results:

• https://192.168.178.7 -> timeout, as expected
• https://192.168.178.7:8443 -> 404 not found
• https://192.168.178.7:8443/smarthome -> { "@type": "JsonRestExceptionResponseEntity", "errorCode": "AUTHENTICATION_FAILED", "statusCode": 401 }
• https://192.168.178.7:8444 and https://192.168.178.7:8444/smarthome -> Could not get any response

So I'm assuming https://192.168.178.7:8443/smarthome is the correct endpoint, but I don't know what to do with the error message :-( As mentioned above I'm 99,9% sure the base64 encoded password is correct and the cert is just a copy of the example.

Any ideas?

Regards,
Florian

Hi All,

after exchange of Controller Ver.1 to the new Ver.2 I ran into trouble.
Neither Google was able to help, nor every solution posted so far on Ver.1 worked out.
No chance to connect Controller II to Iobroker.
Classical message: Start pairing. Activate pairing on Bosch Smart Home Controller by pressing button until flashing.

Anybody suffering from the same ? Furthermore: Any solutions ??

Thanks in advance

Hey, i Hope somebody can help me.
I wants to connect SHC with nodered.
i become the error 401.
witch password i needed, the original from the app...? Its doesnt work..

Hello,

i am trying to setup the system.
I do not have the certificate and key to add in postman.
Where can i get this from?

Hi, is there a way to trigger the siren on the smoke detectors directly? I am not talking about testing the detector but have the siren ring for a specified amount of time. I know there are the builtin mechanisms with your motion detector and app. But in my case I want to reuse my Hue motion detectors to do the job.

Cheers, Christian

Hello,

I get the following error when using the function "GET /devices --> List all available Devices" of the "Bosch Smart Home Local API": "https://apidocs.bosch-smarthome.com/local/#/Devices/get_devices"

TypeError: NetworkError when attempting to fetch resource.

I am using the IP address of my home controller (192.168.111.20) as "shcIp" and API version = 1.0

Could you please help on this? Is there further documentation/examples of this API?

Thank you and regards

I think the docmentation under https://github.com/BoschSmartHome/bosch-shc-api-docs/tree/master/postman is missing the important instruction that you need to set a header "Systempassword" with the value {{system_password_base64}} if you want to add a new user.

Hi, this is a great resouce for smart home by Bosch, but is there something similar for the Smart Garden by Bosch (Indego mowers), I'm involved in building an integration for indego mowers and would like to build on top of official documentation rather than reverse engineering!

Dear all,

My log is filled with info messages like these:

(13934) State value to set for "bshb.0.openDoorsAndWindows.all.open" has to be stringified but received type "object"

After update to the latest js version. Does anybody else have this?

My whole system seems knocked out by this

Hello,

I try to pair a new client. Button pressed. Request below. But always get
{
"@type": "JsonRestExceptionResponseEntity",
"errorCode": "PROPERTY_VALIDATION_FAILED",
"statusCode": 400
}
What is wrong? Please help.

Request:
{
"@type": "client",
"id": "oss_Test",
"name": "OSS Test",
"primaryRole": "ROLE_RESTRICTED_CLIENT",
"certificate": "-----BEGIN CERTIFICATE-----/rMIIDbTCCAlWgAwIBAgIUQXWQFFWC1L4MZdQGDqMqeP2mH4owDQYJKoZIhvcNAQELBQAwRTELMAkGA1UEBhMCREUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAgFw0yMzAxMjYyMTE1NTNaGA8yMDUwMDYxMjIxMTU1M1owRTELMAkGA1UEBhMCREUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN1jX8vsVOuyZ239b0xJRq1ttYaL9+qNLXYfRaoJj6DAHl6fB1QUGsHOdmtvLtRn9sh7NPdbpG7RhiYCUNxAXvLIN7tO+64isGQ7lEYmsYkcXBqOD8sP+F1l/j5q+loqxm4nFkeXelda/UgwLCtxKp32+hX4XC4N/4lwhloZ4Kmive4GaNxQ2+q0IpEFDUVUAbwJxy+22QtO88nT4JYjfOQaV18Z7tZgpwwAqJdmIlVUMLmC4mjJ0WcAwdsa3GdAprDyP1PKVBU+EZNG0k1ebhsxLDm1pwFRKSyyjVMyugK8p5Qy9whYCDFzS/1KThQ9SwELR6arWgLm1GJmHSY6dNsCAwEAAaNTMFEwHQYDVR0OBBYEFAJeavp+Yjn6pJttIqBG497NII7wMB8GA1UdIwQYMBaAFAJeavp+Yjn6pJttIqBG497NII7wMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAEd0muTwqp6iaiXtFFXVdOOIoPMXPIXqFIJyychzz+5QV5sXCMhOIGmZWnOe0q5fdRvPw+NqSHprMEWebYVkJLFEYe+UrQBM3JetmFCPGlcWHr/p0EpHE7HKwFttS1E3CrjUXAaAzvj7Bf6v9XVNlQxKs0obPtskX+ANIKxqWog0CqLHlhVKfo1qYcBxji/g/OkkcLvR64GAgfrTJrLMNbkiPJpm6dbNk05MChXOpWadDtvX7npldf9jBf3g4YngzgoLso27oke3g7kcCmAmWJsHWiD2hS9DwFZ563nU+2Id7nWQW7R7dDkyTiF4IP+RMyuCmCN3ie/+tseQfPYrs3o=/r-----END CERTIFICATE-----"
}

I am using Home Assistant to control my 5 Bosch Thermostat II instances. As described in this issue, I receive the error "WRONG_THERMOSTAT_GROUP_MODE" when I try to switch them all off at the same time. Does anyone know what exactly causes this error?

I'm trying to use curl to register a client to the controller.
I've converted everything from the postman doc to the command, but it keeps returning a 401.
Any hint on what could be missing here?

Contents of the request.json

{
  "@type": "client",
  "id": "oss_homebridge_plugin",
  "name": "OSS Homebridge plugin",
  "primaryRole": "ROLE_RESTRICTED_CLIENT",
  "certificate": "-----BEGIN CERTIFICATE-----\rxxxxx\r-----END CERTIFICATE-----"
}

openssl req -x509 -nodes -days 9999 -newkey rsa:2048 -keyout client-key.pem -out client-cert.pem

CONTROLLER_IP=192.168.0.6
PASSWORD=xxxxxxxxx

# Press the pairing button

curl -sk -X POST\
  -H "Content-Type: application/json"\
  -H 'Expect:'\
  -H "Systempassword: $(echo "${PASSWORD}" | base64)"\
  --key client-key.pem --cert client-cert.pem\
  --data-binary @request.json\
  "https://${CONTROLLER_IP}:8443/smarthome/clients" -vvv

I also tried omitting --key and --cert, but no matter what I do it always yields into:

*   Trying 192.168.0.6...
* TCP_NODELAY set
* Connected to 192.168.0.6 (192.168.0.6) port 8443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: C=DE; O=Bosch Thermotechnik GmbH; CN=64-da-a0-10-ae-8c
*  start date: Mar 21 15:10:27 2021 GMT
*  expire date: Mar 22 15:10:27 2023 GMT
*  issuer: C=DE; O=Bosch Thermotechnik GmbH; CN=Smart Home Controller Issuing CA
*  SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
> POST /smarthome/clients HTTP/1.1
> Host: 192.168.0.6:8443
> User-Agent: curl/7.64.1
> Accept: */*
> Content-Type: application/json
> Systempassword: xxxxxxxxxxxxxxxx
> Content-Length: 1347
>
* upload completely sent off: 1347 out of 1347 bytes
< HTTP/1.1 401 Unauthorized
< Strict-Transport-Security: Max-Age=31536000; includeSubDomains
< x-mbs-platform-state: 100
< X-XSS-Protection: 1; mode=block
< Content-Security-Policy: Default-Src 'none'; Frame-Ancestors 'none'
< date: Tue, 21 Dec 2021 10:06:44 GMT
< X-Content-Type-Options: nosniff
< content-length: 0
< Referrer-Policy: strict-origin-when-cross-origin
< Cache-Control: no-cache, no-store, must-revalidate
< X-Frame-Options: sameorigin
< connection: close
<
* Closing connection 0
* TLSv1.2 (OUT), TLS alert, close notify (256):

This is more a question than an issue:
Following the docs, the poll_id is invalidated after 5 minutes of inactivity. Does it matter if I unsubscribe from long polling?Skipping the unsubscribtion step will improve the speed when closing the library.

Hi there,

We are currently preparing a binding to integrate the Bosch devices into openHAB. The documented API at https://apidocs.bosch-smarthome.com/local was very helpful for the implementation, thanks for that! :)

But I am still missing more detailed information about the specific data chunks. E.g. "purity" in the state of the AirQualityLevelService. It is a number, but is a higher number better? What is the range (0-10, 0-100,...)? Is this detailed information already documented somewhere?

I've created certs following the postman instructions connecting to the public information on port 8446 works without issue (even if I add the certificate to that port). However connections on port 8443 or 8444 result in the following error:

Error: write EPROTO 8203879879560:error:10000416:SSL routines:OPENSSL_internal:SSLV3_ALERT_CERTIFICATE_UNKNOWN:../../third_party/boringssl/src/ssl/tls_record.cc:587:SSL alert number 46

I converted the crt/key into a pem and ran the request as curl command (see below)

curl -kv --cert ~/Downloads/client/client.pem https://192.168.1.103:8443/smarthome/clients --data '{ "@type": "client", "id": "oss_haas", "name": "OSS HomeAssistant", "primaryRole": "ROLE_RESTRICTED_CLIENT", "certificate": "-----BEGIN CERTIFICATE-----\r<removed>\r-----END CERTIFICATE-----" }'
This resulting in the Bosch Controller responding with:

`* Trying 192.168.1.103:8444...

• TCP_NODELAY set
• Connected to 192.168.1.103 (192.168.1.103) port 8444 (#0)
• ALPN, offering h2
• ALPN, offering http/1.1
  Enter PEM pass phrase:
• successfully set certificate verify locations:
• CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
• TLSv1.3 (OUT), TLS handshake, Client hello (1):
• TLSv1.3 (IN), TLS handshake, Server hello (2):
• TLSv1.2 (IN), TLS handshake, Certificate (11):
• TLSv1.2 (IN), TLS handshake, Server key exchange (12):
• TLSv1.2 (IN), TLS handshake, Request CERT (13):
• TLSv1.2 (IN), TLS handshake, Server finished (14):
• TLSv1.2 (OUT), TLS handshake, Certificate (11):
• TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
• TLSv1.2 (OUT), TLS handshake, CERT verify (15):
• TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
• TLSv1.2 (OUT), TLS handshake, Finished (20):
• TLSv1.2 (IN), TLS alert, certificate unknown (558):
• error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown`

Which suggests the Bosch controller is expecting the certificate to be signed by a known certificate authority and rejecting the request as it's a self signed certificate.

Any thoughts on what I need to do?

The certificate on the Smart Home controller has expired and API access therefore is no longer working.

How to you update certificates on the controller?

Version 9.16 has introduced relative humidity to room thermostats and twinguard, which are now shown in the room view of the app. How do you get these states within the REST API?

Hi there,

The shutter control binding for openHAB is complete, thanks for helping with issue #34 :)

I am now working on the binding for the thermostats. The getters for the temperature and the valve tappet are well documented and are no problem.

But I wonder if there is a way to set the desired temperature on a thermostat. As it is possible via the Bosch Home app I hope it is just missing in the documentation as well.

The Ledvance RGBW Bulbs do not expose the HueColorTemperature service via the API so correct setting of white hue (or color temp) is not possible via API, although it is possible via app.

Using the HSBColorActuator service does not work either as it only "mixes" white temps via RGB LEDs.

{
        "@type": "device",
        "rootDeviceId": "xxx",
        "id": "xxx",
        "deviceServiceIds": [
            "CommunicationQuality",
            "HSBColorActuator",
            "MultiLevelSwitch",
            "BinarySwitch"
        ],
        "manufacturer": "LEDVANCE",
        "roomId": "hz_5",
        "deviceModel": "LEDVANCE_LIGHT",
        "serial": "xxx",
        "profile": "GENERIC",
        "iconId": "icon_philips_roomlightcontrol",
        "name": "Stehlampe mitte",
        "status": "AVAILABLE",
        "childDeviceIds": []
    }

Related: tschamm/boschshc-hass#17

I followed the instructions to create a new client which worked fine.
However, aside from the "Public Information" request I only receive the following "bad certificate" responses:

Error: write EPROTO 13412:error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:c:\users\administrator\buildkite-agent\builds\pm-electron\postman\electron-release\vendor\node\deps\openssl\openssl\ssl\record\rec_layer_s3.c:1407:SSL alert number 42

The certificate and key are added for both ports 8443 and 8444 in postman settings.

This is how the create client request payload looked like:

Any ideas?

Hi there,

Two of our users have an issue with our openHAB binding for Bosch devices: stefan-kaestle/openhab2-addons#62

I was wondering if there is some requirement for the long polling that we are missing, e.g. a new subscription is necessary after 24 hours?

Hi,
I got a 201 after paring with a token and a url.
But I can't access anything excluded the public info.

do i have to put the token in the header or what I have to do to acces the device list or anything else ?

Thx

In the last weeks Bosch has released serveral new devices like the Light / Shutter Control II, Smoke Detector II, Room Thermostat II, Outdoor Siren, Door contact II, Door Contact II Plus, and Thermostat II.

It would be great if you can update the API docs to describe all services of the new devices. Otherwise devices/services have to be reverse engineered from Postman, which may affect the stability/quality for Bosch devices in the different open source platforms (home assistant, openhab, iobroker).

Error Code

We observed a bug in the behavior of the Room Climate Control, when an assigned TRV is in low mode.
The TRV enters and reports low mode, if a shutter contact sensor of the same room is opened.

When the RoomClimateControl is being in mode 'low': true, 'operationMode': 'AUTOMATIC', the RoomClimateControl accepts a PUT call with {'@type': 'climateControlState', 'operationMode': 'AUTOMATIC'}. After that, the RoomClimateControl reports via long polling a state {'path': '/devices/roomClimateControl_hz_3/services/RoomClimateControl', ..., '@type': 'DeviceServiceData', 'state': {'schedule': ..., 'operationMode': 'AUTOMATIC', 'summerMode': False, 'low': False, '@type': 'climateControlState', ...}, 'deviceId': 'roomClimateControl_hz_3'}.
Via the API, it is then not possible anymore to distinguish that an assigned TRV device is still in low mode and does not accept a new setting. If one tries to call a PUT on {"@type": "climateControlState", "setpointTemperature": 20.5}, the result we observe is
{"@type":"JsonRestExceptionResponseEntity","errorCode":"WRONG_THERMOSTAT_GROUP_MODE","statusCode":400}.

We observed another inconsistency related to this bug: When the RoomClimateControl is in low mode, the TRV doesn't accept input via the API. Calling a PUT on {"@type": "climateControlState", "setpointTemperature": 20.5}, the result we observe is
{"@type":"JsonRestExceptionResponseEntity","errorCode":"WRONG_THERMOSTAT_GROUP_MODE","statusCode":400}.
This is somewhat inconsitent to using the buttons on the TRV, where the setpoint temperature can be set, even if the window is open (which is shown correctly in the display of the TRV device).

This repository seems to support API version 2.1 only. The public information of my Bosch Smart Home Controller shows me, that it runs on API version 2.5:

{
    "apiVersions": [
        "2.5"
    ],
    "softwareUpdateState": {
        "@type": "softwareUpdateState",
        "swUpdateState": "NO_UPDATE_AVAILABLE",
        "swUpdateLastResult": "UPDATE_SUCCESS",
        "swUpdateAvailableVersion": "",
        "swInstalledVersion": "10.4.2272-21994",
        "swActivationDate": {
            "@type": "softwareActivationDate",
            "timeout": 604800000
        }
    },
    "macAddress": "xxx",
    "claimed": true,
    "country": "DEU",
    "tacVersion": "DEU-12",
    "shcIpAddress": "xxx",
    "clientIds": [
        "xxx",
        "xxx",
        "xxx"
    ],
    "featureToggles": {
        "app-store-rating.ios": true,
        "protect-plus.fuchsia": false,
        "homekit-twinguardvoc": false,
        "psm.pc.pairing": true,
        "smart-light.pairing": true,
        "homekit-bwth": false,
        "wls.pairing": true,
        "shading.advance.menu": true,
        "analytics.toggle.bronze": true,
        "outdoor-siren.pairing.ebony": true,
        "smlo.release": true,
        "app-store-rating.android": true,
        "homekit-plugcompact": false,
        "cloud.tokenvalidation": true
    },
    "connectivityVersions": [
        {
            "name": "claiming",
            "minVersion": 1,
            "maxVersion": 1
        },
        {
            "name": "noncePairing",
            "minVersion": 1,
            "maxVersion": 1
        },
        {
            "name": "buttonPairing",
            "minVersion": 1,
            "maxVersion": 1
        }
    ]
}

I suspect this as the root cause for the problem, that I cannot register a new device following the steps described in the Postman Collection:

{
    "@type": "JsonRestExceptionResponseEntity",
    "errorCode": "PROPERTY_VALIDATION_FAILED",
    "statusCode": 400
}

Could this issue be caused due to the mismatch of API version numbers or do I miss any important step here?

Dear Bosch Team,

what are the states the smoke detector can take in alert mode? In my IOBroker it shows IDLE_OFF. What would be the alarm state?

Thanks!