Request forbidden (403) despite correct credentials

[Chew]

This is a rather unique scenario that I can't seem to figure out.

I keep getting a Request forbidden despite the credentials being 100% correct. There is no MFA enabled.

I tried packet sniffing. The email and password are correct.

I tried enabling debug mode to see. The password and email (and API Key) match what was shown in my packet sniffing.

I tried performing the request manually in postman using only the x-api-key header and the payload from the packet sniffing. It works fine.

I tried using CURL on the Homebridge server. It works fine.

curl --location --request POST 'https://auth-prod.api.wyze.com/user/login' \
--header 'x-api-key: WMXHYf79Nr5gIlt3r0r7p9Tcw5bvs6BB4U8O8nGJ' \
--header 'Content-Type: application/json' \
--data-raw '{
    "email": "account email",
    "password": "md5 3 times (why, wyze?) password"
}'

Why is it specifically not working through Homebridge? Any advice or tips would be greatly appreciated.

I messed around with the config but in most cases, it doesn't seem to be affecting anything:

{
    "name": "Wyze",
    "username": "account email",
    "password": "account password",
    "refreshInterval": 10000,
    "platform": "WyzeConnectedHome",
    "authApiKey": "WMXHYf79Nr5gIlt3r0r7p9Tcw5bvs6BB4U8O8nGJ",
    "appVersion": "2.19.24",
    "phoneId": "my phone ID via packet sniffing"
}

Debug output:

[5/6/2021, 5:40:15 AM] [Wyze] Refreshing devices...
[5/6/2021, 5:40:15 AM] [Wyze] Performing request: user/login
[5/6/2021, 5:40:15 AM] [Wyze] Request config: {"method":"POST","url":"user/login","data":{"email":"account email","password":"account password"},"baseURL":"https://auth-prod.api.wyze.com","headers":{"x-api-key":"WMXHYf79Nr5gIlt3r0r7p9Tcw5bvs6BB4U8O8nGJ"}}
[5/6/2021, 5:40:16 AM] [Wyze] Request failed: Error: Request failed with status code 403
[5/6/2021, 5:40:16 AM] [Wyze] Response (Forbidden): {"description":"Request forbidden."}
[5/6/2021, 5:40:16 AM] [Wyze] Error getting devices: Error: Request failed with status code 403

The email and password found in the request config are identical to my prior instances of packet sniffing and manual testing.

I've not had this issue with any other plugins.

[Z1mDMan]

I am also seeing this behavior:

[06/05/2021, 10:01:28] [Wyze] Request failed: Error: Request failed with status code 403 [06/05/2021, 10:01:28] [Wyze] Response (Forbidden): {"description":"Request forbidden."} [06/05/2021, 10:01:28] [Wyze] Error getting devices: Error: Request failed with status code 403

nothing has changed in my config:

{ "name": "Wyze", "username": "[myuser]", "password": "[mypass]", "refreshInterval": 10000, "platform": "WyzeConnectedHome" }

I started seeing this after a reboot of my pi.

I'm willing to troubleshoot however I can.

[EddieDSuza]

I am seeing the same error with 2FA enabled and disabled :(

[Chew]

The issue is 100% user agent blocking.

Setting a bogus User-Agent header fixes the issue:

In the _performLoginRequest I have to set "User-Agent" to my current user agent, as an example, and everything works fine.

[EddieDSuza]

Where is the User-Agent Value that needs to be updated ?

[Chew]

I just forked it and added it myself.

See the commit here: https://github.com/Chew/homebridge-wyze-connected-home/commit/31e055fc27dd01b373cceaac26b1c1a5a52e7a24

If you want to install it (I also threw in #35) just run sudo npm install -g Chew/homebridge-wyze-connected-home, it should overwrite this one.

[EddieDSuza]

Seeing the below error

pi@homebridge:/var/lib/homebridge $ sudo npm install -g Chew/homebridge-wyze-connected-home
npm ERR! code 128
npm ERR! command failed
npm ERR! command git --no-replace-objects ls-remote ssh://git@github.com/Chew/homebridge-wyze-connected-home.git
npm ERR! Warning: Permanently added the RSA host key for IP address '140.82.112.3' to the list of known hosts.
npm ERR! git@github.com: Permission denied (publickey).
npm ERR! fatal: Could not read from remote repository.
npm ERR! 
npm ERR! Please make sure you have the correct access rights
npm ERR! and the repository exists.

npm ERR! A complete log of this run can be found in:
npm ERR!     /root/.npm/_logs/2021-05-07T00_53_36_868Z-debug.log

[Chew]

Looks like something is wrong with your SSH key. May need to force HTTPS if you never set one: https://gist.github.com/taoyuan/bfa3ff87e4b5611b5cbe

[Z1mDMan]

I tried forcing HTTPS per that threat and I still get this:

pi@homebridge:~ $ git config --global url."https://github.com/".insteadOf git@github.com: pi@homebridge:~ $ git config --global url."https://".insteadOf git:// pi@homebridge:~ $ sudo npm install -g Chew/homebridge-wyze-connected-home npm ERR! code 128 npm ERR! command failed npm ERR! command git ls-remote ssh://git@github.com/Chew/homebridge-wyze-connected-home.git npm ERR! /bin/bash: /root/.bashrc: Permission denied npm ERR! Warning: Permanently added the RSA host key for IP address '140.82.113.3' to the list of known hosts. npm ERR! git@github.com: Permission denied (publickey). npm ERR! fatal: Could not read from remote repository. npm ERR! npm ERR! Please make sure you have the correct access rights npm ERR! and the repository exists.

npm ERR! A complete log of this run can be found in: npm ERR! /root/.npm/_logs/2021-05-07T12_44_23_011Z-debug.log

[Z1mDMan]

I added my pi's RSA key to my GitHub account and I was able to install this. Thanks @Chew!

[wjstone]

Tired running on mine and i'm getting this:

pi@homebridge:~ $ sudo npm install -g Chew/homebridge-wyze-connected-home npm ERR! code 128 npm ERR! command failed npm ERR! command git --no-replace-objects clone ssh://git@github.com/Chew/homebridge-wyze-connected-home.git /root/.npm/_cacache/tmp/git-clone-609903c0 --recurse-submodules --depth=1 npm ERR! fatal: could not create leading directories of '/root/.npm/_cacache/tmp/git-clone-609903c0': Permission denied

npm ERR! A complete log of this run can be found in: npm ERR! /root/.npm/_logs/2021-05-07T15_31_02_545Z-debug.log

Edit

I changed the permissions on the folder and that seems to have fixed it

[mo-hamdan]

Hi,

I tried all of your generous above solutions and nothing worked with me :( even tried to change my email and pass and also doesn't work, need your kind advises

=====

hoobs@hoobs:/usr/local/lib/node_modules $ sudo npm install -g Chew/homebridge-wyze-connected-home npm WARN deprecated axios@0.19.2: Critical security vulnerability fixed in v0.21.1. For more information, see https://github.com/axios/axios/pull/3410

• homebridge-wyze-connected-home@0.6.0 updated 1 package in 7.117s

====

here's my config

=====

        "platform": "WyzeConnectedHome",
        "plugin_map": {
            "plugin_name": "homebridge-wyze-connected-home"
        },
        "name": "Wyze",
        "username": "xxx",
        "password": "xxx,
        "refreshInterval": 10000,
        "mfaCode": ""

=====

And still giving same frustrating error

=====

5/8/2021, 4:00:35 AM [Wyze] Request failed: Error: Request failed with status code 403 5/8/2021, 4:00:35 AM [Wyze] Response (Forbidden): {"description":"Request forbidden."} 5/8/2021, 4:00:35 AM [Wyze] Error getting devices: Error: Request failed with status code 403

[mo-hamdan]

Hi,

I tried all of your generous above solutions and nothing worked with me :( even tried to change my email and pass and also doesn't work, need your kind advises

=====

hoobs@hoobs:/usr/local/lib/node_modules $ sudo npm install -g Chew/homebridge-wyze-connected-home npm WARN deprecated axios@0.19.2: Critical security vulnerability fixed in v0.21.1. For more information, see axios/axios#3410

• homebridge-wyze-connected-home@0.6.0 updated 1 package in 7.117s

====

here's my config

=====

        "platform": "WyzeConnectedHome",
        "plugin_map": {
            "plugin_name": "homebridge-wyze-connected-home"
        },
        "name": "Wyze",
        "username": "xxx",
        "password": "xxx,
        "refreshInterval": 10000,
        "mfaCode": ""

=====

And still giving same frustrating error

=====

5/8/2021, 4:00:35 AM [Wyze] Request failed: Error: Request failed with status code 403 5/8/2021, 4:00:35 AM [Wyze] Response (Forbidden): {"description":"Request forbidden."} 5/8/2021, 4:00:35 AM [Wyze] Error getting devices: Error: Request failed with status code 403

@Chew can you advise me please :-| this is actually I reached borderlines of solving this issue ...

[iarroniz]

Hi, I tried all of your generous above solutions and nothing worked with me :( even tried to change my email and pass and also doesn't work, need your kind advises

hoobs@hoobs:/usr/local/lib/node_modules $ sudo npm install -g Chew/homebridge-wyze-connected-home npm WARN deprecated axios@0.19.2: Critical security vulnerability fixed in v0.21.1. For more information, see axios/axios#3410

• homebridge-wyze-connected-home@0.6.0 updated 1 package in 7.117s

==== here's my config

        "platform": "WyzeConnectedHome",
        "plugin_map": {
            "plugin_name": "homebridge-wyze-connected-home"
        },
        "name": "Wyze",
        "username": "xxx",
        "password": "xxx,
        "refreshInterval": 10000,
        "mfaCode": ""

===== And still giving same frustrating error

5/8/2021, 4:00:35 AM [Wyze] Request failed: Error: Request failed with status code 403 5/8/2021, 4:00:35 AM [Wyze] Response (Forbidden): {"description":"Request forbidden."} 5/8/2021, 4:00:35 AM [Wyze] Error getting devices: Error: Request failed with status code 403

@Chew can you advise me please :-| this is actually I reached borderlines of solving this issue ...

Mo-hamdan did you fix it ? I am having same problem and is hard for me follow Chew, relatively new on this

[mo-hamdan]

HI @iarroniz

I gave up actually, currently I'm relying on Wyze iOS app to deal with bulbs till someone advises me further...

[mcherinx]

I keep running into error: sudo npm install -g Chew/homebridge-wyze-connected-home npm ERR! code 128 npm ERR! command failed npm ERR! command git clone ssh://git@github.com/Chew/homebridge-wyze-connected-home.git /root/.npm/_cacache/tmp/git-clone-7e037357 --recurse-submodules --depth=1 npm ERR! fatal: could not create leading directories of '/root/.npm/_cacache/tmp/git-clone-7e037357': Permission denied

npm ERR! A complete log of this run can be found in:

[amd989]

@mo-hamdan I was on the same boat until I could not take Wyze's app anymore. Just managed to install wyze plug flasher on all my bulbs, from there, I flashed Tasmota, then used homebridge-mqtt-thing to have them show up in homebridge (through an MQTT broker). It supports adaptive lighting and now I can set up automations and scenes within the Home app.

Now looking into doing the same with Wyze Sense, then the cameras with RSTP, and Wyze will go bye bye. HTH

[TJTorola]

@Chew That worked for me (I manually patched the change in skipping over any npm issues) Is there a PR open to upstream that fix?

[mo-hamdan]

@mo-hamdan I was on the same boat until I could not take Wyze's app anymore. Just managed to install wyze plug flasher on all my bulbs, from there, I flashed Tasmota, then used homebridge-mqtt-thing to have them show up in homebridge (through an MQTT broker). It supports adaptive lighting and now I can set up automations and scenes within the Home app.

Now looking into doing the same with Wyze Sense, then the cameras with RSTP, and Wyze will go bye bye. HTH

@amd989, Ohhh this is too much advanced solution for me :-) I'll not be able for sure to do it but seems fun and will run specially in regards of avoiding api/auth issues, I'll give it a try on one of my Wyze bulbs, thanks in advance...

[mo-hamdan]

@Chew That worked for me (I manually patched the change in skipping over any npm issues) Is there a PR open to upstream that fix?

Hi @TJTorola can you please elaborate which patch solution worked with you? if you have a time please visit my comment in above which I explained for all the tries I did already and which also thankfully mentioned by @Chew and it also failed due to "forbidden (403)" issues...

[Chew]

@TJTorola I can open one but it doesn't really look like much is going on in this repo anymore 😢

[MikeThomas123456]

@Chew - Your fork fixed the issue. Hopefully it'll get merged in as a parameter in the config to set the User-Agent

[MikeThomas123456]

I forked the @RMCob fork (added support for outdoor plug, contact sensor, & motion sensor) and added @Chew's header fix. No more 403 Forbidden and access to Outdoor Plug.

You can install with sudo -E -n npm install -g MikeThomas123456/homebridge-wyze-connected-home-op

[Z1mDMan]

Thanks @MikeThomas123456 I will check it out later. So far @Chew version worked for me.

[MikeThomas123456]

Thanks @MikeThomas123456 I will check it out later. So far @Chew version worked for me.

Agree, Chew’s version works well too but it lacks the code for the outdoor plug, which is what I’m trying to use. :)

[Chew]

Battle of the forks I see 😂

[mo-hamdan]

Thanks a lot @MikeThomas123456 now worked perfectly with me.

[TJTorola]

Maybe one of these forks should work towards getting verified? https://github.com/homebridge/verified. Seeing as this repo is inactive and unusable without the patch to fix these 403 errors.

[Chew]

I have no plans to actively maintain my fork, but you are free to use my fix.

[Z1mDMan]

It’s too bad that we probably won’t see official homekit support from Wyze anytime soon

[ghostdogg47]

What's the process to get MikeThomas123456's fix into the official plugin?

[DebuOKC]

Good morning has anyone gotten this working with the Beta of HOOBS 4?

[matts-newmorn]

$20 to someone who gets a version of this working on Hoobs again. With the color bulb support.

[Bom342]

Thanks to @MikeThomas123456. I am back in business.

[sisuwest]

@MikeThomas123456 and @Bom342 I am quite the Noob at this stuff. I’ve had Hoobs up and running got some time now, but this darn 403 error is keeping things from going. I’ve read through this post and see a fix, but I have no idea how to implement it. Since I only run this on Hoobs, how do I get this working?

[Bom342]

I know little more than you do, and any advice I give you will be seen to be really rudimentary by most readers, but in the interest of giving back and helping out, I will tell you what little I know. I don't know what Hoobs is or what hardware you're running on, but I assume you have installed Homebridge on some Linux system. I assume you have a terminal window into which you can enter commands, like you did when you installed Homebridge. Or Hoobs (??). On this command line you will copy and paste the string of commands for your version of the Wyze plugin (there are two different ones) shown in the postings above. For example, "sudo -E -n npm install -g MikeThomas123456/homebridge-wyze-connected-home-op". Paste it in and hit .

[sisuwest]

@Bom342 HOOBS (Homekit Out Of The Box System) is a nearly plug and play version of Homebridge. Basically I flash their system on an SD card and then plug it into a Raspberry Pi. From there I can add any service I want (like Wyze Connected Home Op).

All was great until recently. This forum post makes it seem like @MikeThomas123456 's command is a simple thing to do. Because HOOBS runs it all, I can't access it directly on their system. The only way to input code is via Terminal on my Mac.

I used ssh hoobs@hoobs.local to get in as this post says to do. From there I added the code you listed above and got this-

npm WARN deprecated axios@0.19.2: Critical security vulnerability fixed in v0.21.1. For more information, see https://github.com/axios/axios/pull/3410

• homebridge-wyze-connected-home-op@0.5.3 added 9 packages from 11 contributors in 21.823s

I restarted the service and am still getting-

[Wyze] Response (Forbidden): {"description":"Request forbidden."} [Wyze] Error getting devices: Error: Request failed with status code 403

[Bom342]

We are two blind people struggling in the dark. Maybe someone better informed will chime in. But, which Wyze plugin are you using? Who is the author of it? Is it @rmcob or @misenhower?

[sisuwest]

@Bom342 I've used both. This particular one is the one by @RMCob

I've added sudo -E -n npm install -g MikeThomas123456/h a few times, and it seems to load fine, but I'm still getting 403 errors.

[Bom342]

Beats me. That's what I did. And it worked. By any chance have you ever installed Homebridge and the Wyze plugin on any other computer? Or is this the only one?

[sisuwest]

@Bom342 at one point I had Homebridge on a Raspberry Pi, but when I found Hoobs, I switched to that. So much easier!

[Bom342]

My problems started when I installed a second copy of Homebridge. It was as if the Wyze servers didn't want to deal with a second Homebridge on my account. Is your Pi version still around? Does it generate those errors?

I don't really know if this matters, but it might be worth your trouble to create a new account at Wyze and try to join with your Hoobs install from a different email address. Or, maybe, delete your Wyze account and recreate it with the same email address. Be sure the Pi version is not running.

I had three installations and have been able to revert to just one on a BeagleBone. It doesn't sleep, like the Mac does.

[sisuwest]

@Bom342 Nothing else is running. I only have a single Pi and everything was flashed to Hoobs.

No way am I creating a new account. I have 55 devices and I won't be adding them back anytime soon.

[Bom342]

Then, as an experiment, create a new Wyze account and put one device in it, just to see if it generates the same error.

[DebuOKC]

Ok so I’m not a noob to any of this but this one is driving me bonkers … got past the 403 error and now I’m getting: Error request Failed with status code 400. Basically saying too many failed attempts….. this is mind boggling annoying.

[sisuwest]

@DebuOKC how did you get past the 403 error?

[DebuOKC]

@DebuOKC how did you get past the 403 error?

I haven't ... its driving me bonkers

[ndejong5]

Why has this not been added yet? Unfortunately I can’t install a fork on Hoobs so I am left stranded.

[Bom342]

I expect the simple answer is because no one gets paid to do it, and people contribute what they do out of generosity and the needs they have in their own systems. What would be the incentive for someone to try and solve this problem if they have never seen it?

[ndejong5]

@Bom342 I get that but the issue has been resolved in a fork. I don’t know much about all this but I was just curious why it has not been implemented in the main code. No disrespect just curious.

[iguillen]

What do you mean main code? This project is is most likely dead since the maintainer hasn't participated in some time. You're better off manually installing one of the forks.