Using the API Token with python

I generated an API token and want to use it with my python but I don’t know exactly how to.

Is this the correct way? Because I can use it with any token I just think of…

headers = {'Content-type': 'text/plain', 'Accept': 'text/plain', "Authorization": "[token]"}
  e ='http://localhost:8080/rest/items/number_BME280_humidity/', humidity_string, headers=headers)

Look at how HABApp does it .

Most REST APIs output JSON, not plain text.

Yes, it’s propably the easiest if you just move your python script into HABApp and run it as a rule there.

1 Like

Okay. Is there anywhere a tutorial or description?

Another point is that I am developing a plugin for my remote and also want to use the rest API with a token. Is there anywhere a description how to use the token correctly??? @Spaceman_Spiff
I am looking for an example call

You can find the docs here. It also includes a getting started and an installation instruction.

@Spaceman_Spiff But there is no use of any token? Or am I wrong?

No(t yet), but you can use basic auth and enter credentials in the configuration files.

I am just pointing out that there is a whole package that does all the python <-> openhab integration so you don’t have to do it yourself.

@Spaceman_Spiff thanks for that…but i am looking more into the token integration and a how to for this

Just activate and use basic auth.

I have tested HABapp with the Token and that works too. Changing your password would not break HABapp and you can revoke or replace the Token without affecting the admin account.

Because the token is not used right now… And you don’t need it right now for openhab…My guessing is that the function for using a token is not active or broken?
But @Kai or @mstormi can give a hint

I am successfully using the token with Basic Authentication disabled. Without the Token the API calls do not work. Basic Authentication was added later as an option for systems that do not support the standard API Token.

1 Like

Don’t ping people, don’t annoy them.
If people want to answer or not they will or not but decision is theirs not yours.
Stating that as a moderator (not just the personal opinion of the person you pinged).

I am not annoying anyone I just want to get a correct answer of these features…

1 Like

Yes you do, you’re annoying me by pinging me.
It’s not yours but the addressee to tell if he feels annoyed, isn’t it?
So as a moderator may I kindly ask you not to ping people any more. Thank you.

1 Like

Your authorization header should be like this to use the token:

Authorization: Bearer <token>
(note the Bearer scheme)

Or alternatively you can use it as the username of a Basic authorization scheme with an empty password, example:
Authorization: Basic <base64(token + ":")>
(most libraries and tools will help you with this)

Don’t activate Basic Auth in the API Security settings unless you really need to, if you use a token, even as a Basic Auth username, you don’t need this setting enabled.


Thanks a lot @ysc

Do I need to set an value so that is not allowed to post an item update without a token? Right now i can post also without a token item updates.

This is the purpose of the advanced option in API Security settings “Implicit user role for unauthenticated requests” which is enabled by default. Disabling it would require authorization for all non-admin requests including item updates, but it doesn’t work well with UIs including the main UI, so it’s not recommended right now.

I noticed that it’s not working well with the UIs…thanks @ysc. For the hints