As of today, when you refresh an Access Token using the associated endpoint https://api.netatmo.com/oauth2/token, Netatmo servers respond with a couple of tokens : an Access Token and a Refresh Token.
If the previous Access Token is still valid, the newly returned access token is identical but its expiration time is extended for 3 hours.
In any case, the refresh token is not renewed. Starting from the 17/04/2023, this behavior will change to to be compliant with the recommendations of the RFC of the OAuth2 Authorization Framework (section 10.4) and improving the security of the data of our users.
When refreshing tokens, Access Token and Refresh Token will be automatically renewed and former tokens invalidated. What does it means for me ?
If you were already updating the tokens provided when refreshing your tokens, this change will not impact you.
If you do not update the refresh token when refreshing your Access Token, your users will be disconnected after 3 hours as the former tokens will become invalidated.
To fix it, you need to update the tokens as soon as you get the newly generated ones.
Sincerely,
Legrand - Netatmo - Bticino
Please do not reply to this email. Replies to this email message will not be read or responded to. For any further information, please contact our Support Team.
Pareil pour moi.
Et par la même occasion, je reçoit de nouveau des mail en boucle de la part de Netatmo comme quoi un appareil s’est connecté (l’histoire du cookie qui est réutilisé toutes les 3h).
Par contre impossible de désactiver la notif sur le compte Netatmo, cela avait fonctionné, mais plus maintenant…
Bonjour à tous,
Également concerné par ces mails tout les 3h depuis peu…
Mes paramètres « Changer mes paramètres mail » sous my.netatmo se remettent à On quotidiennement… Auriez-vous une solution svp🙏?
Bonjour.
Je viens de recevoir une réponse du support :
« Il n’est plus possible de désactiver cette alerte pour des raisons de sécurité, vous avez dû recevoir un email informatif (il y a un moment déjà…). Votre application tierce fait un appel « abusif » à nos API. Vous devez donc mettre à jour vos applications tierces pour résoudre cela. »
As of today, the images you get from the API, such as snapshots, vignettes or even profile images, do not expire.
For security reasons, the retrieved URLs will now expire. Starting from the 09/05/2023, you will receive, along with the image URLs, an ‹ expire_at › field. The expiration time will be set at five minutes when rolled out but keep in mind that this value can change.
As a result, you must take into account the ‹ expires_at › field that you will receive in the payload. What does it means for you ?
Impacted API endpoint are :
/homesdata when retrieving the image of each person
/getevents when retrieving snapshots and vignettes
If you do not download immediately the image URLs of these two API endpoints, you shall modify your code to handle the expiration time. Once the URLs are expired, and if you try to download the images again, you will receive a 404 HTTP error. You have to make a new API call to retrieve new URLs.
Sincerely,
Legrand - Netatmo - Bticino
Please do not reply to this email. Replies to this email message will not be read or responded to. For any further information, please contact our Support Team.
