Set Value on Windhager Heating System

Hi,

I got a new Heating System from the Austrian Company "Windhager". They use a controling System called "Infinity" which includes a WEbServer.

It is possible to use http request to get values from the system.

E.g.: Preset Temperature of the Hot Water:

Request:
http://192.168.1.220/api/1.0/datapoint/1/15/0/98/1

Answer:

{
    "OID": "/1/15/0/5/51/0",
    "groupNr": 5,
    "maxValue": "75.0",
    "memberNr": 51,
    "minValue": "10.0",
    "name": "05-051",
    "step": "0.5",
    "stepId": 1,
    "subtypeId": -1,
    "timestamp": "2019-09-12 20:01:42",
    "typeId": 13,
    "unit": "°C",
    "unitId": 1,
    "value": "60.0",
    "writeProt": false
}

The big question is now how a put request could look like to set "value" to a different value.
Or is this not possible at all?

Br,
Johannes

If you have an API address, did you find that from the manual or by following the browser actions on that webserver. If so, can’t you use that to set the temperature there and see how it got processed on the browser side, then imitate it with node-red?

The webinterface looks like the following:

The link to get to the datapoint I found in a thread.

I made a wireshark trace, I guess this will help someone with more knowledge on API :slight_smile:

I got it working.

I have put an "INJECT" with the "Line based Value" (OID and Value) and feeding a webrequest (put) with the URI.

It looks like a mixture of Heatmiser and Siedle in interfaces... In order to find the API endpoints you need some reverse engineering is needed, no wireshark needed at all:
0. Open the developer tab in the browser (can’t remember the shortcut in chrome, but right mouse button on the page, then inspect element)

  1. Click the network tab, then click the button for “keep registrations open” or something sounding like that
  2. Go back to the page and do any actions.
  3. When sending the form go back to the network tab and see where it sent a POST or PUT request to. That address is what you need in Node-RED. If needed replicate headers (content-type specifically) and body.
  4. Repeat for any action you want to clone functionality of in Node-RED

Sorry if any of that is unclear I’m not at a computer at the moment

Ok, so via Node Red I can already send the new value.

Now I have a new question: I want to send a message via Pushover and in the message I want to put the url. would this be possible? If yes, how does the http put with json data look like?

Br,
Johannes

You would not do like that, you would just send a simplified message with the required value via Pushover to NR. Then in NR, your message will be received, NR will pick the value from the message, insert it into the url and send it to your heater

1 Like

Is this a solution which is also secure?

[{"id":"77a499b5.95d6a8","type":"http in","z":"d2043ed8.8e731","name":"Freigabe Warmwasser ĂĽber Pushover","url":"/URL/","method":"get","upload":false,"swaggerDoc":"","x":230,"y":2360,"wires":[["56a70069.e84e"]]},{"id":"56a70069.e84e","type":"change","z":"d2043ed8.8e731","name":"","rules":[{"t":"set","p":"payload","pt":"msg","to":"payload.secret","tot":"msg"}],"action":"","property":"","from":"","to":"","reg":false,"x":520,"y":2360,"wires":[["c7c1670a.2d67e8"]]},{"id":"c7c1670a.2d67e8","type":"switch","z":"d2043ed8.8e731","name":"","property":"payload","propertyType":"msg","rules":[{"t":"eq","v":"SECRET","vt":"str"}],"checkall":"true","repair":false,"outputs":1,"x":710,"y":2360,"wires":[["2894ce30.b8e9f2"]]},{"id":"e2f07685.94b768","type":"inject","z":"d2043ed8.8e731","name":"","topic":"","payload":"","payloadType":"date","repeat":"","crontab":"","once":false,"onceDelay":0.1,"x":360,"y":2460,"wires":[["5cd10a7.5bd30f4"]]},{"id":"c9485616.e46898","type":"pushover api","z":"d2043ed8.8e731","keys":"c0b0085c.ca2b88","title":"","name":"Warmwasser Info","x":810,"y":2460,"wires":[]},{"id":"5cd10a7.5bd30f4","type":"change","z":"d2043ed8.8e731","name":"","rules":[{"t":"set","p":"payload","pt":"msg","to":"Warmwasser niedrig und keine Sonne vorhergesagt","tot":"str"},{"t":"set","p":"url","pt":"msg","to":"URL-with-SECRET","tot":"str"},{"t":"set","p":"topic","pt":"msg","to":"Warmwasser niedrig","tot":"str"},{"t":"set","p":"url_title","pt":"msg","to":"Freigabe Warmwasser","tot":"str"}],"action":"","property":"","from":"","to":"","reg":false,"x":580,"y":2460,"wires":[["c9485616.e46898"]]},{"id":"401b3a4b.652104","type":"http response","z":"d2043ed8.8e731","name":"","statusCode":"","headers":{},"x":1130,"y":2360,"wires":[]},{"id":"2894ce30.b8e9f2","type":"template","z":"d2043ed8.8e731","name":"","field":"payload","fieldType":"msg","format":"handlebars","syntax":"mustache","template":"<html>\n <head></head>\n <body>\n <h1>Warmwasserfreigabe durchgefĂĽhrt</h1>\n </body>\n</html>","output":"str","x":900,"y":2360,"wires":[["401b3a4b.652104"]]},{"id":"c0b0085c.ca2b88","type":"pushover-keys","z":"","name":""}]

I create a HTTP Input and listen there for a special "SECRET" in the URL which I am checking with a switch. The Output of the Switch I am using to trigger the action (not in this flow) and sending via Template and a http response a Message back to the browser.

No this isn't secure.

Ok, any hints?

I have made an adoption, not sure if there is a better way to do it.

I create now a random secret, which is sent then to Pushover. The URL works only 1-time and also expires after 1 hour.

I think I do not really understand what you have done so far so a bit of assuming & guessing:

  • your heating system is reacting to http requests and those are performed locally in your network (NOT via internet)
  • you would like to trigger such requests by sending some "keywords" or "secrets" via an app in your mobile device
  • the keywords or secrets are received by Node-RED, decoded and correct action is taken LOCALLY, like setting the hot water temperature

For this I don't think Pushover is the correct choice. I could not find a Pushover node that can let Node-RED receive messages from an app, only send out. I would look for another service that allows two-way communication like Telegram, Pushbullet, Pusher etc etc

The security of such solution is highly dependent on the service you select, I assume, for this application like setting the water temperature, it should be good enough to be trusted, I mean it is not integrating with your e-banking solution

And then you do not have to send a randomized secret, just send the temperature value you want, the push service will encrypt the whole message, then let Node-RED insert that received value into the url and PUT the request to the heating system

This means that you have exposed Node-RED web server to internet? It is absolutely not recommended, sooner or later "something" will happen, there might be vulnerabilities that you do not know about and a special composed url request might give access to your whole network

So please, first thing, remove that port forwarding in your router and use a solution using an external service like described above

Yes, you are fully right with your assumptions.

Pushover has for me the advantage, that it is very simple to use so that also my parrents can use it. With Telegram and Pushbullet it is getting much more complicated.

IT would be much easier if I could get somehow a "VPN-on-Demand" running on iOS. Because then I could easily disable the ReverseProxy for Node Red and Home Assistant and execute the commands via VPN locally in the network.

I have a Unify USG (L2TP) and OpenVPN as Docker on my UnRaid, but it seems that I need a MAC (which I do not have) to configure Profiles for "VPN-on-Demand".

Ok, made a lot of research this weekend and now I think I have a solution which works.

Node Red is now closed completely.
Home Assistant is protected via Letsencrypt Reverse Proxy, only allowing connections from a corporate lan public IP, as there is no option for VPN.
iPhones are configured with "VPN-On-Demand", starting automatically, when I am using HA on my iPhone outside my Home Network.

So I could still reuse the "HTTP Put" to Node Red if I also configure "On-Demand-VPN" for Node Red.

I see, you have a vpn connection available to your home network, that is a great advantage. I guess your HA server is then on the same network so connection with NR on the same should not be a problem

I use HA for one main reason, it has very good support for zwave. But when I integrate HA with NR I use MQTT. Similar to this:

iPhone VPN <-> My home network <-> HA Lovelace <-> HA Server with MQTT support <-> NR with MQTT

Properly configured both HA and NR are automatically updated when common devices/objects are changing statuses. Besides I get automatic reconnections in case needed and I have NR checking and controlling that HA is alive. NR will then restart HA if needed etc etc

Yes, I have HA and NR in the same subnet. Also an MQTT-Broker.
And I have L2TP VPN to my Router.

I am using HA for Lovelace and also integration into several products (Velux Windows, Z-Wave,...) and NR for Automation but also for some integration stuff.

Connection between NR and HA I am using a HA-plugin in Node Red.