API changed for 1.20.0
karllmitchell opened this issue · 13 comments
Hi,
My powerwall upgraded to 1.20.0, and my code no longer runs. Any ideas?
$ curl -s http://${powerwall_ip}/api/system_status/soe
Moved Permanently.
$ curl http://192.168.2.14/api/meters/aggregates
Moved Permanently.
Actually, it looks like http was previously acceptable, but now https is required.
I had the same problem since update of my Powerwall2 to 1.20.0 last week.
My python scripts to retrieve the data from the powerwall did not work any more.
I also found that https is now required, but when I tested it via Firefox,
Firefox complained the connection (in my private home network) was not secure:
"powerwall uses an invalid security certificate.
The certificate is not trusted because it is self-signed.
Error code: SEC_ERROR_UNKNOWN_ISSUER".
So I had to grant a "security exception" and everything went fine, as before.
To verify this, have a try e.g. with the (Linux) command line (where "powerwall" is the hostname or IP address of the Powerwall):
wget https://powerwall/api/system_status/soe --no-check-certificate
or
wget https://powerwall/api/meters/aggregates --no-check-certificate
Good luck!
For now I’ve switched to using curl -sk for my bash Powerwall->Influx scripts, and using https: instead of http:. Will see if there’s any way to authenticate at a later date. Glad it was such an easy fix.
It looks like the change to 1.20.0 has affected login credentials too. http://{$ip_addr}/api/login/Basic returns nothing. Switching to using curl -k and https gives {"code":401,"error":"bad credentials","message":"Login Error"}. When I try to log in via the wizard via a web browser, the old method also fails.
I've been told (but not tried - I'm still on 1.15.3) that {"username":"installer","password":"???????","email":"email@email.com","force_sm_off":false} works to log in. @karllmitchell can you try a login with an additional email and advise if that works?
That worked!
Specifically, setting username to installer worked. However, email was not required.
v1.20.0 made its way onto my Powerwall today. It's been a battle, but I'm making progress.
In regards to dealing with the certificate with Windows, there's a few steps:
-
Edit your local security policy and navigate to Computer Configuration / Windows Settings / Security Settings / Public Key Policies / Certificate Path Validation Settings. On the 'Stores' tab, tick both 'Per user certificate stores' and ensure the 'Root certificate stores' radio button is selected as 'Third-Party Root CAs'
-
Import the Certificate from your Powerwall into your Trusted Root Certification Authorities local certificate store
-
Edit your hosts file in Windows\System32\Drivers\Etc and add the host alias 'powerwall' for your Powerwall's IP address; ie:
192.168.1.2 powerwall
Now when accessing your Powerwall by https://powerwall you don't get any certificate errors as you both trust the certificate and are using a valid common name. The subject alternative names 'teg' and 'powerpack' are also listed in the certificate and could be used instead.
The Invoke-WebRequest command in PowerShell also has issues as it defaults to TLS 1.0. If you're using Powershell, you'll need to add this to your script:
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
To test I used Curl:
curl -s -i -X POST -H "Content-Type: application/json" -d '{"username":"installer","password":"5c#DVyq8","email":"","force_sm_off":true}' https://powerwall/api/login/Basic
But I just get a 403 bad credentials.
This does actually work in my Powershell code:
'{"username":"installer","password":"5c#DVyq8","email":"","force_sm_off":true}'
I have no idea why the curl command doesn't work.
Additionally, I had to add authentication headers to /api/sitemaster/run where as I didn't before before it would take the command.
Spoony out.
I'm using Tesla Powerwall Gateway, with firmware version 1.20.0 and have a raspberry pi running stretch, to pull the State of Charge, (soe) and write it to a file.
$ wget -q -O soe --no-check-certificate https://192.168.0.6/api/system_status/soe
Quiet operation, ignore certificate and (re)write to file "soe"
$ cat soe
{"percentage":39.1497885599822}
Thanks, AmateurCritic
I used a Node-Red command based on your suggestion
wget -q -O /root/.node-red/soe --no-check-certificate https://192.168.0.209/api/system_status/soe
Then I read the file after 2 seconds, checking the exit code of the wget
Hi,I'm struggling here. my powerwall is running 0.3.11.2 but when I use curl command below:
curl -k -s -i -X POST -H -v "Content-Type: application/json" -d '{"username”:”installer”,”password”:”*********”,"email”:”myemail@mydom.com",”force_sm_off":false}' https://192.168.x.xx/api/login/Basic
I get {"code":401,"error":"bad credentials","message":"Login Error"}
I've tried the gateway sticker password, the password created by the web interface
no user and "installer" as user. I have tried the command from my mac and linux (raspbian) all with the same results.