Bad return code: Unauthorized

Posted on
Wed Nov 22, 2017 7:13 pm
FlyingDiver offline
Posts: 3444
Joined: Jun 07, 2014
Location: Southwest Florida, USA

Re: Bad return code: Unauthorized

lanbrown wrote:
I opened a case with Liftmaster and I got a generic response back that they are behind in responding and asked if I still had an issue. I inquired about what that error message means and why it is not listed. For all that have this issue, you might try the same to see if we can get what is happening.


What are you going to tell them when they ask WHERE you're seeing that error? You can't tell them that it's an Indigo plugin, because this plugin uses a reverse engineered API that is in no way authorized by Liftmaster.

joe (aka FlyingDiver)
my plugins: http://forums.indigodomo.com/viewforum.php?f=177

Posted on
Thu Nov 23, 2017 11:04 am
vtmikel offline
Posts: 427
Joined: Aug 31, 2012
Location: Boston, MA

Re: Bad return code: Unauthorized

Hi-

I'm also getting the error. My iPhone app works fine with my login, on the same network as Indigo. In the past if I've exceeded my limit of requests, Liftmaster would ban me for a period of time. This doesn't seem to be the case.

I'm using Liftmaster in the options of the plugin.

Mike

Posted on
Fri Nov 24, 2017 9:04 am
nelis249 offline
Posts: 4
Joined: Nov 23, 2017

Re: Bad return code: Unauthorized

Yea I suspect they changed the API. I noticed mine stopped working a couple days ago and I noticed the myQ app on my phone was also updated recently. I doubt that is a coincidence.

Posted on
Fri Nov 24, 2017 1:59 pm
FlyingDiver offline
Posts: 3444
Joined: Jun 07, 2014
Location: Southwest Florida, USA

Re: Bad return code: Unauthorized

lanbrown wrote:
From 1200 miles apart the MyQ site returns the same address. So there only appears to be one active hosting location. If they were making changes, I do not know how they would be rolling it out in such a way that it would impact some users and not others. If different addresses were returned, that would make sense.


Doesn't need different addresses. The initial authentication step is still working. It's the next API call to get the list of devices that's failing. If they're rolling out a new API, they can flag each account to only use the new API as soon as they detect that you're using a newer version of the mobile app that can do so.

joe (aka FlyingDiver)
my plugins: http://forums.indigodomo.com/viewforum.php?f=177

Posted on
Fri Nov 24, 2017 4:49 pm
FlyingDiver offline
Posts: 3444
Joined: Jun 07, 2014
Location: Southwest Florida, USA

Re: Bad return code: Unauthorized

I'm using iOS version 3.93.3 which is only a week old. But not having the issue either.

joe (aka FlyingDiver)
my plugins: http://forums.indigodomo.com/viewforum.php?f=177

Posted on
Fri Nov 24, 2017 5:36 pm
FlyingDiver offline
Posts: 3444
Joined: Jun 07, 2014
Location: Southwest Florida, USA

Re: Bad return code: Unauthorized

lanbrown wrote:
So it's not an iOS vs Android thing. It also doesn't appear to be new app or not. Is your MyQ linked with say a Nest?


No. Nothing linked, no other devices (like lights). Just two door openers.

joe (aka FlyingDiver)
my plugins: http://forums.indigodomo.com/viewforum.php?f=177

Posted on
Fri Nov 24, 2017 7:41 pm
t-star offline
Posts: 52
Joined: Oct 26, 2007

Re: Bad return code: Unauthorized

Not sure if this will help. I am getting the error. The garage door opener we bought had the myQ built in. We did not buy the add on kit.

Posted on
Sat Nov 25, 2017 10:49 am
nelis249 offline
Posts: 4
Joined: Nov 23, 2017

Re: Bad return code: Unauthorized

I agree with FlyingDiver. The iOS and Android official apps shouldn't have a problem. What they do is they update their apps and publish them (say back in August) which support both new and old APIs. Then later they start updating the back end servers by which time most people have updated their apps and it functions normally. They just recently did this, as of Nov 20-ish. This is when I ran into problems, and confirmed with my unit tests.

I'm using custom code that I wrote based off of various sources. The first part to use the API is to connect/authenticate to get a security token. That token is then used for all subsequent calls (get devices, open door, close door, etc...). The authentication is still successful and the token is valid.; however, the other calls no longer work. The web service is still good as well ("https://myqexternal.myqdevice.com/api/v4/userdevicedetails/get") which results in a 200 status code. The data that it returns contains the error.

JsonResponse = "StatusCode: OK, Content-Type: application/json; charset=utf-8, Content-Length: 111)"

JsonResponse Data = {"ReturnCode":"216","ErrorMessage":"Unauthorized (216)","CorrelationId":"d3b51e2e-57c9-4bfc-8caa-064336c0cb10"}

Hence the 'unauthorized'. I suspect they changed the something in the headers and are requiring more information than just app id and security token. I've tried using fiddler to find out the calls they make from the android app but they've implemented certificate pinning and the app won't work when trying to decrypt communications.

Posted on
Sat Nov 25, 2017 11:12 pm
jay (support) offline
Site Admin
User avatar
Posts: 15683
Joined: Mar 19, 2008
Location: Austin, Texas

Re: Bad return code: Unauthorized

Just checked - my luck has also run out.

I knew when I bought this garage door opener that I shouldn't have... :(

Jay (Indigo Support)
Twitter | Facebook | LinkedIn

Posted on
Sun Nov 26, 2017 1:26 pm
vtmikel offline
Posts: 427
Joined: Aug 31, 2012
Location: Boston, MA

Re: Bad return code: Unauthorized

lanbrown wrote:
nelis249 wrote:
Hence the 'unauthorized'. I suspect they changed the something in the headers and are requiring more information than just app id and security token. I've tried using fiddler to find out the calls they make from the android app but they've implemented certificate pinning and the app won't work when trying to decrypt communications.


Why not use the regular browser based site and use Fiddler?



Not a bad idea. When SSL pinning was a problem while I built the August plugin, I used a decompiler on the Android app to reverse the API. A web version might be easiest to figure out what has changed. Let me know if I can help.

Posted on
Mon Nov 27, 2017 9:59 pm
nelis249 offline
Posts: 4
Joined: Nov 23, 2017

Re: Bad return code: Unauthorized

Whoops sry vtmikel. I meant to post here and sent it private, lol.

I've tried the website already. The problem with chamberlin (and maybe liftmaster) is that they are using a frontend to communicate with the backend. The myQ app on android talks directly to myqexternal.myqdevice.com. All of chamberlins website activity goes to mychamberlain.com. They probably have some proxy parsing and rewriting data. So I googled around and found a decompiler. They've obfuscated it a lot so it's going to take me a bit. I did find the appId though and it does appears to have been changed.

Posted on
Tue Nov 28, 2017 6:42 am
FlyingDiver offline
Posts: 3444
Joined: Jun 07, 2014
Location: Southwest Florida, USA

Re: Bad return code: Unauthorized

https://github.com/Einstein42/myq-garage/issues/22

That's the first report of this issue I've seen for any of the other Python implementations of the MyQ code.

joe (aka FlyingDiver)
my plugins: http://forums.indigodomo.com/viewforum.php?f=177

Posted on
Tue Nov 28, 2017 9:49 am
FlyingDiver offline
Posts: 3444
Joined: Jun 07, 2014
Location: Southwest Florida, USA

Re: Bad return code: Unauthorized

As a followup to the error report in the previous post, I found a posting for the SmartThings interface with a possible fix.

Anyone who has this error should try this pre-release version: https://github.com/FlyingDiver/Indigo-M ... /tag/7.1.9

joe (aka FlyingDiver)
my plugins: http://forums.indigodomo.com/viewforum.php?f=177

Posted on
Tue Nov 28, 2017 9:53 am
NewfD90 offline
Posts: 57
Joined: Mar 17, 2017

Re: Bad return code: Unauthorized

7.1.9 installed and working for now (initial status request was successful).

Thanks!

Posted on
Tue Nov 28, 2017 10:45 am
jay (support) offline
Site Admin
User avatar
Posts: 15683
Joined: Mar 19, 2008
Location: Austin, Texas

Re: Bad return code: Unauthorized

Bingo - opened, closed, status request all work.

Great job!!!

As a note, this is not uncommon: a lot of the APIs out there are starting to require authorization tokens (OAuth and others) to be present in the headers either as an option to the GET/POST or as a replacement. The Rachio API requires this. It's not a bad idea and goes a long way towards standardizing this kind of programmatic authentication/authorization IMO. Too bad they just didn't explicitly tell people about it... :roll:

Jay (Indigo Support)
Twitter | Facebook | LinkedIn

Who is online

Users browsing this forum: No registered users and 1 guest