ticklemeozmo

An API Key in the URL over SSL is hardly "unrestricted". I'm pretty sure that: //192.168.1.100/rest/nodes/12345/key/772ac1a55fab1122f3b369ee9cd31549/cmd/dof is much more secure than: //admin:admin@192.168.1.100/rest/nodes/12345/cmd/dof My first guess on any basic authentication mechanism is going to be "admin:admin". It's going to take a while before you guess my api key. Even unencrypted, the api key still gives me a fighting chance over basic authentication. With multiple API Keys, I can revoke certain devices. Rather than having to change my password on my other n-1 devices because a password leaked. Respectfully.

I like the ".anon" for /USER/WEB/ I like the API KEY for the REST interface (even just one). Especially as I look to integrate with other things. When can we expect at least the .anon portion?

So then what is the purpose of the ZigBee module and how do I use it? The SmartThings are ZigBee devices, how do I register them (or any other ZigBee device) with the ISY?

I just received my SmartThings package and confused as to how to link it to my current ISY99iZ. The SmartThings hub is capable of speaking Zigbee, so was curious if I could link them in some fashion to either a) extend the range of my network, or have some cross-pollination of devices for an uber-automated home. Has anyone tried this yet?