- Posted on
Sat Nov 25, 2017 10:49 am
-
nelis249
offline
-
- Posts: 4
- Joined: Nov 23, 2017
I agree with FlyingDiver. The iOS and Android official apps shouldn't have a problem. What they do is they update their apps and publish them (say back in August) which support both new and old APIs. Then later they start updating the back end servers by which time most people have updated their apps and it functions normally. They just recently did this, as of Nov 20-ish. This is when I ran into problems, and confirmed with my unit tests.
I'm using custom code that I wrote based off of various sources. The first part to use the API is to connect/authenticate to get a security token. That token is then used for all subsequent calls (get devices, open door, close door, etc...). The authentication is still successful and the token is valid.; however, the other calls no longer work. The web service is still good as well ("https://myqexternal.myqdevice.com/api/v4/userdevicedetails/get") which results in a 200 status code. The data that it returns contains the error.
JsonResponse = "StatusCode: OK, Content-Type: application/json; charset=utf-8, Content-Length: 111)"
JsonResponse Data = {"ReturnCode":"216","ErrorMessage":"Unauthorized (216)","CorrelationId":"d3b51e2e-57c9-4bfc-8caa-064336c0cb10"}
Hence the 'unauthorized'. I suspect they changed the something in the headers and are requiring more information than just app id and security token. I've tried using fiddler to find out the calls they make from the android app but they've implemented certificate pinning and the app won't work when trying to decrypt communications.