Search | Sailfish OS | Running | PineTime | All Posts

Domoticz API: don't forget user's permissions!

March 30, 2021 — Nico Cartron

A quick one on how not to waste time (like I did) with Domoticz API because of user's permissions :)

The need

Yesterday I wanted to add a Zigbee button to my Home Automation system (Domoticz) - this button, placed near my bed, would allow me to switch on and off the lights in the bedroom, without having to wake up.

Not a big deal, isn't it?

Well, turns out I struggled to make this work - even though I did that plenty of times!
In the end this was a small thing (as usual) which caused trouble.

What I did

After I had my Zigbee button properly added in Domoticz, I edited it and switched its type to Selector (the button manages between 1 to 4 clicks).
I then edited the Selector actions, to launch a script which basically calls the Domoticz API, and switches on or off a switch:

But i didn't work as expected.

So I fired up a shell, logged into my Raspberry Pi, and did the same command using curl, to see what the result was:

$ curl -k "https://user:password@domoticz/json.htm?type=command&param=switchlight&idx=<YOUR_INDEX>&switchcmd=On"

... and to my surprise, I got:

<html><head><title>Forbidden</title></head><body><h1>403 Forbidden</h1></body></html>

403 Forbidden - really?

I checked the API token, but it was good, and validated it by calling another API endpoint to list the devices of a room, and it worked just fine.

What was the problem

It took me some time to figure this out, but in doubt I had a look at the user I was using to communicate with the Domoticz API (Setup > More Options > Edit Users):

Can you see it?
There's a Set Devices button on the right hand-side!!!

I completely forgot that Domoticz allowed you to specify which devices a user had access to (which makes complete sense of course) - and this includes of course the user I created for communicating with the API!!!

I added the device I was interested in, and surely enough, trying the curl command worked this time, as did the Zigbee button!

Conclusion

Don't forget the basics, as usual!
If something works apart from a specific event (device in the current case), then check the authorizations!

Hope that'll help folks who are also fighting against 403 Forbidden messages in Domoticz! :-)

Tags: Automation, Opensource

I don't have any commenting system, but email me (nicolas at ncartron dot org) your comments!
If you like my work, you can buy me a coffee!