Die XML-API führt einen neuen Security Mechanismus ein. Siehe Release Notes unten.

Wirkt sich das irgendwie auf die standardmäßige Funktion der Homematic Integration von Symcon aus, oder ist die unabhängig von der XML-API?

Release Notes 2.0:
This is a new major release of the XML-API addon which in addition to some important bugfixes and feature changes also comes with some important security improvements which however also introduce :warning: breaking changes :warning: compared to XML-API v1.

These security improvements introduce a mandatory, stateless API token mechanism which requires users to first register for a new API token via a new tokenregister.cgi function and then this token key can be used in applications to query the XML-API in its usual way (cf. RFC: Kommende XML-API CCU Addon 2.0 Version - HomeMatic-Forum / FHZ-Forum). However, every user/developer is requested to read all changes carefully.


  • :warning: breaking change: complete overhaul of all API functions of XML-API for improved security. Now all API calls are secured by stateless token based authentication forcing users to specify a valid sid=XXXXXXXX security token identifier. For registering, revoking and listing API tokens new tokenregister.cgi, tokenrevoke.cgi and tokenlist.cgi API functions have been added to XML-API. This should greatly improve the general security in a CCU if the XML API addon is installed, especially if the WebUI might be exposed for remote access and thus should address #29 and #31.
  • rework of the main API description page to contain more detailed documentation about every API function including their supported parameters including links with a forwarded session id identifier.
  • added new option to run programs with condition check (#60)
  • unify behaviour regarding virtual remotes and add query parameter (#11)
  • retrieve min/max values only when sysvar is numeric (#46)
  • updated mastervalue.cgi to fix #19 (#58)
  • LastDPActionTime added to output of state.cgi (#52, #47, #48)
  • add substitution for %5E (^) (#64)
  • Allow values for combined parameters (#69)

Die XML API ist ein addon.
Symcon braucht kein addon um mit der CCU zu reden.
Symcon nutzt die offizielle, ab Werk integrierte, RPC-API der CCU.
Wer noch PHP Scripte nutzt um z.b. mit dem XML API Addon die Systemvariablen zu lesen, der hat wohl auch noch Symcon 2.7.
So lange gibt es schon ein Modul von mir um die Systemvariablen auszulesen; natürlich ohne XML API Addon :wink:

1 „Gefällt mir“

Perfekt. Ich denke die ist noch aus IO-Broker1 Zeiten auf der Homematic :slight_smile: