I have a python script running and that sends values off to the REST-API. This works great but the username and (even worse) password are in the script in plain text.
I have tried using the token. It generated OK but I have trouble implementing it. I found this script: my_headers = {'Authorization' : 'Bearer {access_token}'} and tried to add that to the ‘my_header’ but it comes back as a 401 error (access denied).
Which authentication schema do you want to use ? Basic Authentication using a token or OAUTH2 using a token ?
According to your post’s content it looks like it would be OAUTH2 ? Then you create a token like described here: [OH3] REST API Authentication Help RESOLVED ?
Yes, the token can’t be used to log into the main ui. Also, I have a password that I can remember and that token is for sure out of my league to remember!
I have seen this passing by a couple of times. I will take a look. Also in the threats @Wolfgang_S mentioned.