Consider using websocket API locally to avoid the need for API keys

[0xabu]

(Thank you for writing/maintaining this script. This is not an issue, just an FYI / feature suggestion. Feel free to close or ignore it.)

Assuming that the script is running from a privileged account on the NAS itself, you might be interested to know that it's possible to access the websocket API over a local Unix domain socket (/var/run/middleware/middlewared.sock) without the need for any configured credentials (API key etc.) that might leak to be used remotely. I've written a proof-of-concept script that does this. Unfortunately I'm not aware of an HTTP-equivalent counterpart, so it would be a pretty substantial change to your code.