Public
Documentation Settings

myStrom

REST API

All myStrom devices offer a REST API (REST = representational State Transfer).

The interface allows you to access/control the device directly from your local network independently of myStrom. That means you don’t need a myStrom account or the myStrom app.
With this documentation you can integrate myStrom devices in almost any environment.

Important Note about Auto-Generated Code

Please note that the auto-generated code snippets may not always be accurate. In particular, the code generated for "Python - http.client" will mention HTTPSConnection, while this type of connectivity will not work. There is a bug report submitted to Postman about that, but it was not fixed yet. Therefore you have to manually replace it with HTTPConnection, as in the example below:

Plain Text
conn = http.client.HTTPConnection("{{dev_ip}}")

MAC address

Often in these requests you will see a number like this 200AD4074I68. This is the MAC address of the device without any delimiters.

Important note for Buttons

Keep in mind that for the Button or Button+ to respond to any of these requests they have to be in the configuration mode:

  • Button: (Re-)Connect the button to a power source with the provided USB cable. Press the button and after some time it should become visible in the network.
  • Button+: Open the back of the button by rotating it clockwise. Remove the batteries and reinsert them. The Button+ should now be visible.

Detect myStrom devices

To discover a myStrom device in your network, you mus listen on UDP port 7979. Each myStrom device will broadcast a message (buttons only if they are in the configuration mode). The first 6 bytes contain the mac address of the device and the following two bytes are a number that corresponds to the device type. See below for the list of type Numbers.

Security

myStrom Switches & myStrom LED Strips have theire own web interface where a user can specify an API access token. If such a token is specified, any request must have header set accordingly. E.g. curl -H "Token: XXXXX" 192....... In order to access the web interface simply visit the devcies ip address in your webbrowser.
When the devcies are in wifi mode, you can also manually connect to these devices by connecting to their wifi network, visit the web interface at 192.168.254.1 and set the wifi the device should connect to and its password directly in the web interface.

For all other devices API is transparent and has no authentication. If someone has access to your local network, they will be able to control your myStrom devices.
Please apply strong security mechanisms to protect your network.

The CORS protection

In order to increase security by preventing unwanted execution of malicious HTTP requests to devices from browsers, e-mail clients, etc. with specially prepared scripts and URLs, CORS protection was introduced.

This mechanism works in a simple way to minimize its impact on external integrating systems. If the HTTP request in the header contains the Accept-Encoding field then the same request should also have a Referer or Origin header field starting with http://{target device ip}. If the Referer or Origin field does not match the expected value or is missing in the case of a request with Accept-Encoding then the request is rejected. If the request is made without the Accept-Encoding header then the Referer and Origin fields do not need to be provided.

Some requests cannot be performed if the Accept-Encoding header is given even if the correct Referer and Origin values are given. This are mainly requests that allow you to change the device state by using the GET method.

It also means that the query from the browser by simply entering the IP address of the device and operations on the REST API will not work.

You can disable this mechanism if you are not a developer of a more integration system available to a larger number of users, otherwise you run the risk of unwanted REST API operations that may lead to data acquisition or operations on the user's device.

To disable protection using the curl utility, make the following request:

curl -i -X POST http://{deviceip}/api/v1/protection/disable

To re-enable protection, follow the command below or reset the device to factory settings:

curl -i -X POST http://{deviceip}/api/v1/protection/enable

Security does not work in the self AP mode.

Protection has been implemented or will be introduced starting with the following firmwares:

  • WS2/WSE/WRS/WLL 3.82.56
  • WRB 2.59.32
  • WBP/WBS 2.74.36

LEDs blinking patterns

Block Diagram

Block Diagram