External JSON API Issue Topic is solved

[quiggles]

I'm trying to update a Lux value from outside my network using

http://USERNAME:[email protected] ... &svalue=99

The dummy virtual ID is correct and if I try internally with the local IP address rather than MYDDNSHOST.ddns.net it works, but I keep getting

401 Unauthorized

What's going wrong? Do I need to turn on external access somewhere? Ports are opened and forwarded on my router.

Cheers
Gary

[stlaha2007]

Sorry to say, security (however very basic) is preventing your action.

I suggest you read other posts to get your security at an even higher level, or get your whishes in line. Then you will understand why its working by ipaddress on the intranet/local network and not from the internet.

[jake]

Very cryptic reply. I run into the same issue and have posted a couple times in another thread about this subject. I unfortunately never received an answer on them. I also would like to turn on the light at the front door through Tasker when my phone disconnects from my car Bluetooth at the moment that I arrive at home.

[quiggles]

I agree - cryptic reply!

It must be Domoticz providing the 401 error as there are no other web servers on port 8080, and there wouldn't be a timeout rather than a reply if it hadn't reached a server.

[stlaha2007]

Sorry guys, but these questions in some simular cases, are reoccuring.

Again, not so cryptic.
- Read the manual (settings/system setup/half way !)
- Check wiki's about remote access (eg vpn/nginx)
- search the forum (prefer browser as eg. tapatalk doesnt work well)

I mentioned security because the way you made Domoticz available with portforwards in your router. It is not what you want! Basically said: leave your house and let the frontdoor wide open.

[quiggles]

Ok.....

"Read the manual (settings/system setup/half way!)"
I have done but was asking for assistance as it doesn't seem to be doing what it says it should be doing. The documentation is good but the whole point of forums is to help clarify things.

"Check wiki's about remote access (eg vpn/nginx)"
Would you be kind enough to point me in the right direction for that?

"I mentioned security because the way you made Domoticz available with portforwards in your router. It is not what you want!"
Appreciate the concerns about security, but I just want to get it working first then I will tie the security down - with loads of security on to start with it's difficult to ascertain why it isn't working.

[robpow]

Check if you have forms-based authentication enabled instead of basic auth in Domoticz settings.

Or you could send a basic auth header as described here:
https://www.domoticz.com/wiki/Domoticz_ ... horization

Matt

[stlaha2007]

[quote=quiggles]
As basic start:
[/quote]
localhost adress 127.0.0.1 is filled in so locally theres no authentication, expand this with your default intranet network mostly 192.168.0.*.
Then other then that MUST authenticate. Basic Authentication is done with proper header (see formentioned wiki about JSON)

Or formbased login, presents you a webpage (you dont want that with JSON requests)

When you setup {open}VPN also enables you to include that range as a private network, so authentication isn't needed. Google for OpenVPN raspbian will get you up and running in 30minutes!

Secure remote access with nginx is halfway mostright colom on domoticz.com/wiki/

[stlaha2007]

And security starts with everything closed, and open whats relay necessary, even Microsofts firewall starts this way. It makes you think in advance instead of look surprised when you forget to close that one hole.

Yes i'm a SysAdmin, and i'm stunned by fellow workers who start open and THEY DO forget about that 1 hole. And i have seen Corperate Networks go down in seconds because of that 1 hole.

[wergeld]

I am having a similar issue due to allow-origin errors. Trying to pull in domoticz data into another application. Failing miserably.

[quiggles]

Aha RobPow nailed it...

Check if you have forms-based authentication enabled instead of basic auth in Domoticz settings.

As soon as I changed to basic auth it started working - thanks!

Don't I feel dumb now!

However I shall take on the advice about security as well!

[stlaha2007]

Aha RobPow nailed it...

Check if you have forms-based authentication enabled instead of basic auth in Domoticz settings.

As soon as I changed to basic auth it started working - thanks!

Don't I feel dumb now!

However I shall take on the advice about security as well!

Don't feel dump... Glad you looked again and got it working.

Sometimes (thats why i mentioned read the manual and wiki ) it's hard to understand, and reading stuff more than one time, let that "virtual lightbulb above your head" shine

[Andrex]

Sorry to say, security (however very basic) is preventing your action.

I have DomoticZ behind nginx reverse proxy that provide HTTPS. Is in this case safe to use the login form and so to call the API like this: HTTPS://example.com/json.htm?username=M ... tchcmd=Off

If yes, how do I bypass the 401 Unauthorized?

Thanks!

[stlaha2007]

In short: Depends. As long as the form with user and pass are encrypted for external access, it can be save.

Encryption depends on your certificates, so that must be setup really good.

Ask yourself, must others have the access to your home other then yourself. If yes, please expose Domoticz. If not, use an VPN.

For myself, i don't expose my Domoticz to the outside, as it eventually invites hackers to control your house To look it wpuld be save to setup with users within Domoticz with Look permissions or with a small set of switches they should be able to access and control.

I use a VPN with password and certificates to access my internal network, and then i also need to login to domoticz and other devices. In short multi-level security.

[philchillbill]

@andrex

in the json you don't put username=xxx:password=yyy in the URL, just the xxx:yyy without the keywords username and password. That's why you're getitng unauthorized because it thinks your're logging in to basic auth with a username of "username=xxx" and a password of "password=yyy". And they are not your username and password

[Andrex]

@andrex

in the json you don't put username=xxx:password=yyy in the URL, just the xxx:yyy without the keywords username and password. That's why you're getitng unauthorized because it thinks your're logging in to basic auth with a username of "username=xxx" and a password of "password=yyy". And they are not your username and password

Sorry for the very late reply, but I forgot to thank you!