403 Forbidden - New security feature ? #14
Comments
bactisme
changed the title
|
Hi ! It's indeed not norking. Looks like they've finally demomissioned the old API that was being used by the previous version of the mobile app. My assumption is that they're just denying the requests through their WAF (Imperva). The new mobile app, is making use of a different endpoint (https://customers.securitasdirect.es/owa-api/graphql), has been quite rewritten and they've added 2FA on top, so quite a challenge rewritting the current code ... BR, |
|
Hi, Are you interested or do you know people that can be interested in building a new library around it? Best, |
|
Hi all, Thanks |
|
This HomeAssistant component https://github.com/guerrerotook/securitas-direct-new-api already makes use of the new API. The component gets registered as a trusted device through the 2FA and seems to renew the token from time to time so it does not expire. Take a look at the code ... I've been playing a bit with Node-Red and I've managed to pass the 2FA and get the hash token, but I haven't had time to figure out how to refresh the token as this developer does, so the thing keeps working without having to go through the 2FA again ... Right now, I don't feel like re-coding this python package ... not sure what @nragon thinks ... he's actually the one that turned this project into proper python code :) |
Hello,
Everything was working correctly, but few days ago, I cannot anymore connect and get my alarm state.
requests.exceptions.HTTPError: 403 Client Error: Forbidden for url: https://mob2217.securitasdirect.es (...)If I visit the URL, It seems that they implemented a new security layer, provided by imperva.com.
Is it working for you?
Do we know why? Or how to deal with this security feature?
The text was updated successfully, but these errors were encountered: