search

MattTW / BlinkMonitorProtocol

Unofficial documentation for the Blink Wire-Free HD Home Monitoring & Alert System
412 stars 77 forks source link

Verification flow #40

Closed JasonBSteele closed 4 years ago

JasonBSteele commented 4 years ago

Hi, after successfully logging in using https://rest.prod.immedia-semi.com/api/v4/account/login I got the following response:

{
    "account": {
        "id": XXXXX,
        "verification_required": false,
        "new_account": false
    },
    "client": {
        "id": 75555,
        "verification_required": true
    },
    "authtoken": {
        "authtoken": "XXXXXXXXXXXXXXXX",
        "message": "auth"
    },
    "region": {
        "tier": "e002",
        "description": "Europe",
        "code": "eu"
    },
    "lockout_time_remaining": 0,
    "force_password_reset": false,
    "allow_pin_resend_seconds": 60
}

I also received the following email:

We've detected a login attempt on your Blink account from: Device:
Device Name:

To confirm this was you, please enter the verification code below in your app now.

Your verification PIN: XXXXXX

This code expires 10 minutes from when it was sent. If the code is not entered, access to your account from the device will not be granted. If this login attempt wasn't made by you, we recommend you change your password now.

Notice that the Device and DeviceName are blank.

So, is this normal? Could I have avoided this by using a different value for client_specifier in my request? (I registered with a Samsung S7 Edge)

Has anyone successfully worked out the flow so I can register my client with the PIN?

fronzbot commented 4 years ago

Hey, yeah there's an endpoint for that. I have it integrated in python here

At the end of the day, you need to send a post request to:

https://rest-<region-id>.immedia-semi.com/api/v4/account/<account_id>/client/<client_id>/pin/verify

with data payload of {"pin": <key from email>}

JasonBSteele commented 4 years ago

Hey, yeah there's an endpoint for that. I have it integrated in python here

At the end of the day, you need to send a post request to:

https://rest-<region-id>.immedia-semi.com/api/v4/account/<account_id>/client/<client_id>/pin/verify

with data payload of {"pin": <key from email>}

Many thanks for this - trying to prove in Postman first, and it worked!