somecomfort icon indicating copy to clipboard operation
somecomfort copied to clipboard

Published 20 hours ago verified publisher icon kk7ds

HTTP Response Code 401 means Unauthorized

Open ClifHouck opened this issue 8 years ago • 4 comments

Based on the HTTP protocol, a status code of 401 means an unauthorized request was made. However, somecomfort seems to interpret this code to mean the client is being rate-limited by Honeywell's server. I ran into this when I typo-d my password. Seems counter-intuitive to immediately assume 401 means rate-limiting is happening.

ClifHouck avatar Oct 10 '16 04:10 ClifHouck

Mainly refering to this line: https://github.com/kk7ds/somecomfort/blob/master/somecomfort/client.py#L405

ClifHouck avatar Oct 10 '16 04:10 ClifHouck

Definitely agree it's counter-intuitive, but that behavior is based on my experience with it in practice. Their API is really not well-behaved in any way, and they pretty much return 401 for just about everything. Since you can sometimes get a 401 just because you hit something (even like the KeepAlive) too quickly, and then shortly thereafter continue to use the API with the same credentials, it's really hard to tell a useful difference between responses :/

kk7ds avatar Oct 10 '16 04:10 kk7ds

Understandable. Wish Honeywell would actually create an official publicly consumable API for their thermostats.

Maybe update/change the exception thrown to call out the ambiguous way Honeywell uses 401?

ClifHouck avatar Oct 10 '16 19:10 ClifHouck

The exception message is more descriptive but not accurate. "somecomfort.client.APIRateLimited: You are being rate-limited. Try waiting a bit." Yet I can login with a web browser after that.

JerryWorkman avatar Nov 14 '17 01:11 JerryWorkman