stream/meter sever

[egomes951]

Hello,

I have been using my Enphase solar system for a few years without any major problems. To monitor the system, I am using Node Red. Since my Envoy is running version D7.6.175 (f79c8d), I have to go through the entire process of authentication and obtaining tokens, and every minute I am using the "/ivp" API /meters/readings" to get values.

I'm trying to use the events sent by the stream/meter server, but I always get a 401 unauthorized error message, even though I can see it perfectly in the browser.

For testing purposes I am using cURL.

Can someone help me please ?

Thanks EG

[Matthew1471]

Hello EG,

"/stream/meter" has been restricted to installers only in newer firmware.. there's already information on that in this project's documentation. A username that is known to be an "installer" will get a JWT that has installer permissions.. an "owner" token will not be able to access that URL anymore.

As for /ivp/meters/readings/ that should be working fine.. do the examples work perhaps the MySQL one which is based off reports rather than readings?

Internally the stream end-point just uses /ivp/meters/reports on a timer.. so you're not missing anything by not being able to view the stream end-point without an installer token.

[egomes951]

Hi,

In the browser it works fine, I just can not reproduce it using cURL

[Matthew1471]

..and you are using the same Enlighten e-mail address and password?

With curl you will need to try to at least add on the JWT token (although you will probably have to send that to check_jwt endpoint first and then get a sessionId and provide that as a cookie to the stream endpoint - not all Enphase endpoints across all IQ Gateway versions support a bearer token being automatically provided)..

-H "Authorization: Bearer mytoken123"

and then when you have a valid session making your /stream/meter request with:

--cookie "sessionId=oQd.."

You could also try collecting the cookie and presenting the cookie by using curl's cookiejar functionality : https://stackoverflow.com/questions/30760213/save-cookies-between-two-curl-requests

Enphase do provide some curl info in their document but I suspect if /stream/meter is not allowing the Bearer shortcut and you have to play with check_jwt and then present that cookie to the stream request you might have to come up with something outside that document using the commands and options I listed above.

Have you tried using the library this repo provides to debug before trying to get it working in apps that aren't covered by this repo? curl isn't a very fun way to interact with the Enphase API and this project shows how easy the Python library is to use.

[egomes951]

(...) and are you using the same email address and password as Enlighten? (...) -> Yes, using the same credentials

(...) With curl, you will need to at least try to add the JWT token (although you will probably have to send it to the check_jwt endpoint first and then get a sessionId and provide it as a cookie to the stream endpoint - not all Enphase endpoints in all versions of IQ Gateway support a bearer token being provided automatically).. (...) --> When I call the API https:///auth/check_jwt to verify the token, I save the cookie with the sessionId to a file to use later.

with this cookie I able to call the production API without passing the without passing the Authorization Bearer header.

The strange thing is if I copy the sessionID form the browser and put it in the cURL command like this "curl -k https://envoy/stream/meter --cookie "sessionId:" it works, but not with the sessionID that i obtain with the cURL command to validate the token: curl -k -i -H "Accept: application/json" -H "Authorization: Bearer " "https://envoy/auth/check_jwt" -b cookie -c cookie

[egomes951]

Doing some more research, the token obtained using the cURL commands is different from the one obtained using the web page.

I've just tested to access the stream/meter SSE using the token obtaind by cURL and I've got the same unauthorized error.

[Matthew1471]

Don't share the signature but https://jwt.io/ will show you the payload to inspect. You should be able to work out the type of tokens being issued via that. I suspect the tokens that work are "installer" and the ones that don't are not.