Errors "401 Unauthorized" and "400 bad request"

[freakadings]

First of all: Thank you for providing the API to us, you're my personal hero now!

I'm new to postman and using certificates so please forgive me if the solution to my problem is quite obvious.

What i did so far:

1. I downloaded openssl for win10 64bit from https://slproweb.com/products/Win32OpenSSL.html
2. ran C:\Program Files\OpenSSL-Win64\bin\openssl.exe as administrator and used the following commands: genrsa -out bshc.key 2048 req -new -key bshc.key -out bshc.csr x509 -req -days 36500 -in bshc.csr -signkey bshc.key -out bshc.crt
3. via the last step i set the password to MeinPassw0rt and after that i installed it on win10
4. I did as described in "How to use the Bosch Smart Home Postman Collection".
5. after these steps i tried to add new client as suggested. So I went to Collections and klicked on "New Client (read our Terms and Conditions, see description)"
6. I created a new environment and within i set the variable system_password_base64 to the "Key:" printed onto the back of my SHC (e.q. myHardwareKey) and back to the New Client tab i selected it from the drop-down menu in the top right corner.
7. There under "Pre-request Script" i modified the "postman.setEnvironmentVariable("host", "192.168.0.10"); that it fits my IP of the SHC (192.168.178.10).
8. The last thing i did was inserting the content of the bshc.crt file under "Body" -> "certificate". Under "Params" is nothing entered, and under "Headers" 'Content-Type' and 'Systempassword' are checked.

So after pushing the pairing-button on the SHC, running back to my PC and hitting "SEND" i got the following:

I'm sure that my mistake has something to do with my usage of the certificate (or maybe postman in general).

Any help would be great. Thank you in advance and thank you again for releasing the API!

[philbuettner]

Hi, thank you, but that was a decision of the company. I have just published the documentation here. To be precisely, my boss must be your personal hero. :)

I guess the mistake is at your sixth point. The 'system password' is the one you had assigned when you set up the controller. If you set up a new Bosch Smart Home App, the App will also ask for this password. This password you need to encode to base64 to get the {{system_password_base64}} variable.

[freakadings]

That was quick!

I used my raspberry pi to quickly convert the systemPW to base64, wrote it directly to the Pre-request Script and now i'm getting a Bad request error 400.

[philbuettner]

This might be, because of the certificate. Take a closer look to the example certificate. Behind -----BEGIN CERTIFICATE----- and in front of -----END CERTIFICATE----- you will find a carriage return \r. Did you set this in yours?

[freakadings]

In fact i thought they were part of your certificate. I changed it and now it's working. "201 created" was returned and the user was created and appears within the app under "mobile devices" (bzw. "Mobilgeräte"). Thank you very much!