search

vloschiavo / powerwall2

Tesla Powerwall 2 - Local Gateway API documentation
Apache License 2.0
278 stars 50 forks source link

POST to api/operation fails: User does not have adequate access rights #45

Closed terafin closed 2 years ago

terafin commented 3 years ago

On the most recent firmware - this command: curl -k --header "Authorization: Bearer SK_MY_BEARER_TOKEN==" -X POST -d '{"mode":"self_consumption","backup_reserve_percent":24.6}' https://THE_IP/api/operation

Seems to fail with this error:

{"code":403,"error":"Unable to POST to resource","message":"User does not have adequate access rights"}%

It worked a while ago (as I was using this in http://github.com/terafin/mqtt-tesla-bridge), but it seems quite dead now.

I've tried various forms of installer logins (resetting password on GW, etc). Am I missing something, has anyone had any success with POSTs to change mode?

BJReplay commented 3 years ago

See discussion at #34

Control needs to be via the cloud API - which is itself problematic at the moment.

terafin commented 3 years ago

@BJReplay thank you! Yikes... that's less than stellar. I'll follow along there. Cheers!

BJReplay commented 3 years ago

@terafin make sure you follow the discussions at https://github.com/timdorr/tesla-api/discussions/ and the instructions at https://tesla-api.timdorr.com/ but note that Tesla seem to be making it harder and harder to use the cloud API.

My controller is using Tom Hollander's auth library https://github.com/tomhollander/TeslaAuth and is currently able to renew a token, but new login attempts fail.

terafin commented 3 years ago

Note this seems to work, when I nabbed the installer cookie from logging in as an installer (and toggling the gateway)...

curl -k --cookie "AuthCookie=XXXXXX==; UserRecord=XXXXXXXXYYYY=="  -X POST -d '{"mode":"self_consumption","real_mode":"self_consumption","backup_reserve_percent":24.6}' https://MY_IP/api/operation
terafin commented 3 years ago

Will watch for how long this auth cookie + userrecord lasts for...

terafin commented 3 years ago

Looks like around 10 hours or so

McBoerny commented 3 years ago

The following works for me (example using session cookie):

curl -k -O -c cookies.txt -X POST https://IP-Powerwall/api/login/Basic -H "Content-Type: application/json" 
-d "{\"username\": \"customer\",\"email\": \"your.login@mail.address\",\"password\": \"yourPassword\"}"

curl -k -O -b cookies.txt https://IP-Powerwall/api/meters/aggregates

Note: I had to reset the Powerwall and enter the new customer password to get it working, but YMMV.

terafin commented 3 years ago

Yup, works great for that request, but doesn’t seem to work for a POST to the operation endpoint

BJReplay commented 3 years ago

Yup, works great for that request, but doesn’t seem to work for a POST to the operation endpoint

yeah, customer login allows you to stop and start, but not change modes. Still need installer mode (which still needs a physical switch toggle) for that - so you're really forced to use the telsa (cloud) API that the phone apps use.