Getting logged out of API

Hi there

I'm using a script to pull my energy usage from my Glowmarkt and graph it for me. Since I don't like storing my credentials unencrypted, I generate an initial token interactively with

https://api.glowmarkt.com/api/v0-1/auth

and then have my script generate a new token from the old every hour with

https://api.glowmarkt.com/api/v0-1/auth/newToken


That works fine mostly, but quite regularly I get the response:

{"valid":false,"error":"User is not logged in"}

and I have to interactively log in again. This always corresponds with getting logged out of the app on my iPhone as well, most recently at 9:15am today. Is this when the servers get rebooted or similar? Is there any way tokens could be preserved across this event? It means I end up with gaps in my data which have to be manually repopulated

Comments

  • You can obtain a new token programmatically with:

    #!/bin/bash
    
    curl -X POST -H "Content-Type: application/json" -H "applicationId: b0f1b774-a586-4f72-9edd-27ead8aa7a8d" \
    -d '{ "username": "notme@example.com", "password":"SomethingSecretHere" }' \
    "https://api.glowmarkt.com/api/v0-1/auth" | jq '.token' > token
    
    

    I'm using `jq` as an easy way to parse the JSON that's returned.

    https://stedolan.github.io/jq/

  • Thanks - that's basically what I'm doing to get my first token. To use that every time would require me to store my email and password in the script, unencrypted, which is a big security no-no though.

    It's much better practice to use refresh tokens, but that relies on the server not periodically forgetting them, which is what's happening here

  • please raise a ticket for this at support@glowmarkt.com


    Thanks

  • For anyone who also had this issue, an update to the API was issued on 1st July which seems to have fixed it!

  • Chris, can you provide more detail on how you get this to work? I would also like to renew the token before it expires, rather than generate a new one after the old one expires. I can find hints to this and requests for it, but no documentation. I've tried using cURL to test the URL you have to .../newToken by substituting the -d'{userid and password}' with -d "token: myverylongstringofatoken" with and without curly braces to no avail. I also tried substituting the -d with -H to put the token in the header but that also produced an error. The best I got was "error":"User is not logged in".

    It really would be useful for automation if the token was either permanent, or if the renew just continued if it was used regularly (like an IP address is renewed behind the scenes by DHCP).

  • edited December 2021

    You have to send the existing token as a header, same as most other API calls, so it's

    curl https://api.glowmarkt.com/api/v0-1/auth/newToken -H "Content-Type: application/json" -H "applicationId: b0f1b774-a586-4f72-9edd-27ead8aa7a8d" -H "token:OLDVERYLONGTOKEN"

    That certainly works for me. If you're getting "User is not logged in", it probably means a problem with the existing token. Either it's not valid, or there's a formatting error

  • Chris, thanks for the response and the tip. I'm using node-Red rather than cURL but if it works with cURL, then I'm happy to spend time working out how to translate cURL into message parts for a function node in node-Red, which I've now done. I had to add a GET to the statement above to get it to work but it's looking good now.

    I'll carry on with the flow in node-Red and post a link to it when I'm finished. One thing I will also do is to put in some error checking to confirm that the token is working and then generate a new one before the current one expires, since the expiry date and time is delivered with the token itself. Thanks again for your help.

  • No problem. CURL usually defaults to GET if you don’t include a -d but I’m glad you got it working

Sign In or Register to comment.