Max retries exceeded with url: /api/user/login - Failed to establish a new connection: [Errno 113] No route to host (auth-prod.api.wyze.com)

[iamle0pard]

Describe the bug

I have not been able to use wyze-bridge to view my Wyze Cam Pan V3 due to the following message always appearing: wyze-bridge | [WyzeBridge] [API] HTTPSConnectionPool(host='auth-prod.api.wyze.com', port=443): Max retries exceeded with url: /api/user/login (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f5f469db8f0>: Failed to establish a new connection: [Errno 113] No route to host'))

Wyze did force me to enable 2FA, so I did this with an authenticator app on my phone. I tried to use the 'TOTP_KEY' to allow it to enter 2FA, but it seems that is deprecated and no longer used.

Does anyone know why I am getting this?

I have also tried: docker-compose down docker-compose up

In my docker-compose.yml file the only thing I have set is the 'volumes', which just got added after trying to find others seeing similar issues in the past, but that doesn't seem to have helped.

My password to my Wyze account does have a few special characters in it ($ and *), so I have had trouble entering it and successfully escaping it in the YML file. I attempted to double the character for these two specifically, but unsure if that worked.

Any help woudl be appreciated, thanks!

Environment (if applicable)

• Affected Camera(s): Wyze Cam Pan V3
• Affected Camera Firmware: 4.50.4.922
• Affected Bridge Version: v2.3.3 X86_64
• Bridge type:
  • [X] Docker Compose/Docker Run
  • [ ] Home Assistant
  • [ ] Other

[mrlt8]

Wyze recently retired their v3 auth endpoint, so you will need to use the api authentication endpoint by adding an API KEY/ID to your docker-compose file. You can generate your own ID and Key from the wyze developer portal by following the instructions on the wyze support site: https://support.wyze.com/hc/en-us/articles/16129834216731

environment:
    - WYZE_EMAIL=me@email.com
    - WYZE_PASSWORD=myPassword
    - API_ID=My-Unique-KeyID-From-WYZE
    - API_KEY=MySecretApiKeyFromWyze

[iamle0pard]

Thanks for the suggestion @mrlt8 - I guess I forgot to mention that I already do have those items in my docker-compose.yml file, here is what it looks like minus the actual values:

    wyze-bridge:
        container_name: wyze-bridge
        restart: unless-stopped
        image: mrlt8/wyze-bridge:latest
        volumes:
            - ./tokens/:/tokens/
        ports:
            - 1935:1935 # RTMP
            - 8554:8554 # RTSP
            - 8888:8888 # HLS
            - 8889:8889 #WebRTC
            - 8189:8189/udp # WebRTC/ICE
            - 5000:5000 # WEB-UI
        environment:
            # [OPTIONAL] Credentials can be set in the WebUI
            # API Key and ID can be obtained from the wyze dev portal: 
            # https://developer-api-console.wyze.com/#/apikey/view
            - WYZE_EMAIL=EMAIL_IS_HERE
            - WYZE_PASSWORD=PW_IS_HERE
            - API_ID=ID_IS_HERE
            - API_KEY=KEY_IS_HERE
            # [OPTIONAL] IP Address of the host to enable WebRTC e.g.,:
            # - WB_IP=192.168.1.122
            - WB_AUTH=false
            - TOTP_KEY=KEY_VALUE_HERE

When I launch it, I get this:

[+] Running 2/1
 - Network wyze-bridge_default  Created                                                                            0.7s
 - Container wyze-bridge        Created                                                                            0.0s
Attaching to wyze-bridge
wyze-bridge  |
wyze-bridge  |
wyze-bridge  | [!] WARNING: TOTP_KEY is deprecated
wyze-bridge  |
wyze-bridge  |
wyze-bridge  |
wyze-bridge  | 🚀 DOCKER-WYZE-BRIDGE v2.9.3 X86_64
wyze-bridge  |
wyze-bridge  | [WyzeBridge] 🔍 Could not find local cache for 'auth'
wyze-bridge  |  * Serving Flask app 'frontend'
wyze-bridge  | [WyzeBridge] ☁️ Fetching 'auth' from the Wyze API...
wyze-bridge  |  * Debug mode: off
wyze-bridge  | [WyzeBridge] WARNING: This is a development server. Do not use it in a production deployment. Use a production WSGI server instead.
wyze-bridge  |  * Running on all addresses (0.0.0.0)
wyze-bridge  |  * Running on http://127.0.0.1:5000
wyze-bridge  |  * Running on http://172.20.0.2:5000
wyze-bridge  | [WyzeBridge] Press CTRL+C to quit
wyze-bridge  | [WyzeBridge] [API] HTTPSConnectionPool(host='auth-prod.api.wyze.com', port=443): Max retries exceeded with url: /api/user/login (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f01e232c500>: Failed to establish a new connection: [Errno 113] No route to host'))
wyze-bridge  | [WyzeBridge] [API] Cool down for 20s before trying again.
wyze-bridge  | [WyzeBridge] [API] HTTPSConnectionPool(host='auth-prod.api.wyze.com', port=443): Max retries exceeded with url: /api/user/login (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x7f01e231ce00>: Failed to establish a new connection: [Errno 113] No route to host'))
wyze-bridge  | [WyzeBridge] [API] Cool down for 20s before trying again.
Gracefully stopping... (press Ctrl+C again to force)
Aborting on container exit...
[+] Running 1/1
 - Container wyze-bridge  Stopped                                                                                 11.2s
canceled

I thought maybe I was rate limited, but I left it turned off for the last 6 hours so am unsure how to fix this. I can try to reboot my host PC, but am not sure why that would be an issue as I did have the wyze-bridge working for a while, but then this issue appeared and now it won't seem to go away.

[iamle0pard]

Ok after a restart, I am now getting this:

2024-06-02 16:27:52 [WyzeBridge] [API] code='1000' msg='Invalid credentials, please check username, password, keyid or apikey' method=POST path=/api/user/login
2024-06-02 16:27:52 [WyzeBridge] [API] Clearing credentials. Please try again.
2024-06-02 16:27:52 [WyzeBridge] [API] Cool down for 20s before trying again.
2024-06-02 16:28:07 [WyzeBridge] Stopping 0 streams
2024-06-02 16:28:07 [WyzeBridge] 👋 goodbye!
2024-06-02 16:28:12 [WyzeBridge] Credentials required to complete login!
2024-06-02 16:28:12 [WyzeBridge] Please visit the WebUI to enter your credentials.

My password has both a $ and an * in it, how do I properly escape these? I thought I saw an old post that indicated you simply double the characters, so if it were:

WYZE_PASSWORD=pa$sw*rd

then I should put this in the docker-compose.yml file:

WYZE_PASSWORD=pa$$sw**rd

Is that correct? If so, that is what I'm already trying to do, but it doesn't seem to be working.

[mrlt8]

So I did a little testing, and I believe you only need to double the $ character if it comes before a letter (e.g. $$alpha but only alpha$).

if your password was pa$sw*rd$* you would only need to double the first $ since it comes before the letter s:

- WYZE_PASSWORD=pa$$sw*rd$*

would output pa$sw*rd$*

[iamle0pard]

@mrlt8 thank you so much for the help! I do think that helped me fix the WYZE_PASSWORD to be correct, but I realized that the machine I am running this from is using a public VPN and while connected to it I cannot successfully login to https://auth-prod.api.wyze.com/api/user/login, even if I try it myself using their documentation and a CURL request.

When I disconnected from the VPN, it worked instantly.. 🤦

So, now I either have to switch to a host machine that I'm ok with not being behind a VPN, or have a process where I start the wyze-bridge while off the VPN, then connect back to the VPN once the wyze-bridge is running. I'm not sure how long that will last (like how often it might need to re-login)..

At least I've now figured out what was going on.. thanks so much for being proactive and helping. I truly appreciate it! 🙏

EDIT: I also wanted to mention I did disable 2FA, which I thought was required - not sure if that helped, but adding it here in case someone else has a similar issue and wanted to also try that

[mrlt8]

IIRC, the ip/vpn restriction only applies to https://auth-prod.api.wyze.com. The refresh endpoint should be fine: https://api.wyzecam.com/app/user/refresh_token.

[iamle0pard]

Since I got this working by installing it on a system that is not behind a VPN, I am going to close this. I'm sure there are other ways to accomplish what I needed, but it was simplest to just use that approach as this system is still internal to my network and not exposed to the public.