MobiLinc Connect supports IFTTT Maker Channel!

[InsteonNut]

We are very excited to announce that MobiLinc Connect now supports the IFTTT Maker Channel and other REST services for your MobiLinc Connect ISY controllers.

 

We have a brand new API available for the DIY user. If you have an active MobiLinc Connect account you can send and receive commands to your ISY through MobiLinc Connect with the following REST call:

https://diy.mobilincconnect.com/isy/cmd?username={MobiLincConnectEmail}&password={MobiLincConnectPassword}&uuid={ISY-UUID}&command={RestCommand}

Replace the following parameters with your specific MobiLinc Connect account settings:

 

{MobiLincConnectEmail} = Your MobiLinc Connect email address. Example: myemail@gmail.com

{MobiLincConnectPassword} = Your MobiLinc Connect password. Example: mypassword

{ISY-UUID} = Your ISY's UUID without colons that is connected to your MobiLinc Connect account. Example: 0021b9123456

{RestCommand}* = Replace with any rest command that the ISY supports. The return result is the ISY rest return result. Example: nodes/20 1B 59 1/cmd/DOF

 

Full example to turn a light with address of 20 1B 59 1 OFF:

https://diy.mobilincconnect.com/isy/cmd?username=myemail@gmail.com&password=mypassword&uuid=0021b9123456&command=nodes/20 1B 59 1/cmd/DOF

*NOTE: For the rest command, /rest/ is assumed. Do not include /rest/ for the command. Simply start with the rest command to the ISY after /rest/.

For example, "command=nodes/20 1B 59 1" will return the node information for device 20 1B 59 1.

 

 

IFTTT integration:

- Log into your IFTTT account and create a new Recipe.

- Pick the "IF" trigger. Example, "Amazon Alexa".

- Pick "Say a specific phrase".

- Enter "my office light off".

- Select Create Trigger.

- Select "That".

- Select the Maker Channel.

- Select "Make a web request".

- Enter in the formatted URL from above for the URL example for turning a device with address 20 1B 59 1 off.

- Set the Method to "GET".

- Leave Content Type and Body as is (empty).

- Select "Create Action".

 

Now you can say "Alexa, trigger my office light off" and your Echo will trigger your IFTTT recipe to send the DIY command to your ISY. Alexa is just one example as an IFTTT trigger. IFTTT supports over 500 different types of triggers.

 

We'd love to hear from you in the replies below what triggers you are using to send commands to your ISY! Maybe you'll give us and others reading some fun ideas to play with.

 

Wes

[MWareman]

Wes,

 

I've very concerned that your implementation forces the user to expose the users Mobilinc Connect password to the IFTTT servers. I worked closely with Michel and Benoit to ensure that their IFTTT implementation specifically avoided this issue - and uses an easily revocable key discrete from the users main credentials to provide a secure and function connection from IFTTT/Maker.

 

I will also add that the ISY Portal implementation does not force the REST API and device IDs onto the users. Just pick a device, scene or program, select the action to take and assign a command alias. The API call simply specifies the command alias and key.

 

Choices are good of course. I congratulate you on the success - but do caution that there are some potentially significant holes in the current implementing.

 

Michael.

[InsteonNut]

Hi Michael,

 

Agreed, however, regardless if you use an Auth Token or your credentials, you are still exposing a path to your ISY via IFTTT servers. Just no way around it. A token is slightly better in the sense that you can, in theory, revoke it if you thought it was compromised. Or, just change your password.

 

I'm open to input on this and will add token generation/support to my list.

 

The raw rest command was done on purpose to give the maximum flexibility to the DIY user while remaining future proof. Want to add in ELK support to your IFTTT? It's supported without having you wait on us to add support for it in a backend configuration.

 

Wes

[MWareman]

Wes,

 

Mostly agree - but its a security necessity to never reuse passwords between services. Would you advocate using the same password for your email, Mobilinc Connect, and also for Amazon - and say its all still secure? The token (while opening a path) still presents a unique credential that if compromised with the party its shared to does not allow the attacker to change the password itself, and lock the valid user out. There are good (security) reasons for it. I do appreciate your considering it.

 

Wearing my security 'hat' - I have always strongly advised people not to share their Portal (or ISY) password with IFTTT. The same necessarily holds true for the Mobilinc Connect password.

 

That being said - in ISY Portal I can set any device, scene or program as the target of an alias - with any action I want. If I chose to, I could have a IFTTT call arm my Elk - or trigger my zwave locks, or control my garage door all without having to touch the rest API - and without having to expose the dangerous programs to an attacker who obtained my credential from IFTTT.

 

I do appreciate that by accepting plain API calls you don't have to persist a database of mappings. I haven't spent the time to analyse the risk of this approach - I hope your doing a lot of escaping and validation!

 

The raw rest command was done on purpose to give the maximum flexibility to the DIY user while remaining future proof. Want to add in ELK support to your IFTTT? It's supported without having you wait on us to add support for it in a backend configuration.

 

How does a user PREVENT some API calls from being able to be run thru your API. I have many that I simply don't want to be made available (like my Elk and door locks!) to all IFTTT administrators. With the tokenized approach, I only make available via the API specific events I want to make available - all the other programs, devices and scenes are kept secure, even if the authentication token gets compromised. There is a lot of security value to this approach. I can even make available a programs 'RunThen' without allowing 'If' to be executed at all - even if the credential is compromised. It's all components of 'defense in depth'.

 

Everyone can make their own decision of course - but if all a user wants to do is incoming IFTTT event processing then they can do so now directly to ISY using an almost identical structure (now that ISY supports intermediate certs - valid certs can be had very inexpensively) - again if the user is willing to share their ISY password with IFTTT, and risk that a compromise open up the entire ISY API to abuse. I don't know many people that were willing to do this. I doubt many will be via this current implementation either.

 

Michael.

[InsteonNut]

Thanks Michael, appreciate all the comments and feedback. We do understand the token argument and will consider adding it.

 

For the open rest path to the ISY, this was specifically designed and implemented this way to allow our users the most flexibility without having to wait for us to implement specific requests on the server-side to support. This wasn't just for IFTTT purpose, our vision for this API is beyond just one connected service.

 

Wes

[jdsmeak]

I have been trying to get this to work through my MobiLinc account, but every configuration that I try I cannot seem to get it to work. Are there any other tips or configurations on the ISY side that I need to have enabled to make this work? The app on my iPhone works flawlessly to trigger ISY, and I followed the instructions above completely. Any assistance would be greatly appreciated!

[InsteonNut]

Hi jdsmeak,

 

Would you email us at support@mobilinc.com with screenshots of your IFTTT setup showing the IFTTT Maker web service line that triggers your ISY item? We'll be happy to take a look and offer suggestions.

 

Wes