Add http (socks) proxy support

[zzz676]

Bosch servers have recently been unavailable from some countries for connection from this integration. For this reason, there is a request to add the ability to use a proxy server to connect to Bosch servers.

[ekutner]

I don't remember that the appliances themselves have an option to configure a proxy, how do they connect to the HC servers in this case? How does the mobile app connect to the appliances when not connected to wifi?

[zzz676]

I don't remember that the appliances themselves have an option to configure a proxy, how do they connect to the HC servers in this case? How does the mobile app connect to the appliances when not connected to wifi?

The devices themselves connect without problems, as does the proprietary Home Connect application. The problem, as I understand it, is precisely the connection through their API, through which the integration works.

[moskovskiy82]

I don't remember that the appliances themselves have an option to configure a proxy, how do they connect to the HC servers in this case? How does the mobile app connect to the appliances when not connected to wifi?

The devices themselves connect without problems, as does the proprietary Home Connect application. The problem, as I understand it, is precisely the connection through their API, through which the integration works.

Exactly. Furthermore a local only mode is supported by the HomeConenct. You can enable it in the app settings. See #353

[ekutner]

@zzz676 How do you know the appliances connect to the HC cloud? The mobile app can connect to them directly, without connecting to the HC cloud server, when they are on the same wifi network. The whole scenario doesn't make sense to me, if HC are blocking some countries then the appliances should be blocked too, why would they only block API access but still allow the appliances to connect from the same countries?
Have you reached out to HC about this?
What error is generated when the integration is connecting to the API?

As already discussed in #353 I have no plan to reverse engineer the local protocol, so unless HC officially support local API access it's not going to happen.

[alexbilevskiy]

TL;DR
Set up VPN on your home router and redirect traffic for api-rna.home-connect.com, singlekey-id.com (both needed for auth flow) and api.home-connect.com (used by integration, ip address is the same as api-rna...) via vpn.

How do you know the appliances connect to the HC cloud?

From official home connect app (with wifi disabled)

The whole scenario doesn't make sense to me, if HC are blocking some countries then the appliances should be blocked too, why would they only block API access but still allow the appliances to connect from the same countries?

Actually it's been like this for a while now. The funny thing is that even mobile app works fine (except authorization part), but not api.

What error is generated when the integration is connecting to the API?

With vpn disabled, this error is shown

2024-04-08 19:09:53.884 ERROR (MainThread) [aiohttp_sse_client.client] fetch https://api.home-connect.com/api/homeappliances/events failed: 403

When requested with curl, there is 403 in plain html:

[alex@home ~]> curl https://api.home-connect.com/api/homeappliances/events
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
</body>
</html>

and this is with vpn

[alex@home ~]> curl https://api.home-connect.com/api/homeappliances/events
{
  "error": {
    "key": "401",
    "description": "Authentication is possible but has failed or not yet been provided."
  }
}

[ekutner]

That's really strange.
To be honest I would accept a PR that add this but doubt it will be something I get to do myself in the foreseeable future.
You may want to consider a workaround by adding a routing rule on your Home Assistant server that would direct traffic for api.home-connect.com (IP addresses 18.193.228.33, .124.235.66, 18.196.116.41) to the VPN. That's all you really need because the authentication is done from your browser which already support proxy definitions.

[zzz676]

TL;DR Set up VPN on your home router and redirect traffic for api-rna.home-connect.com, singlekey-id.com (both needed for auth flow) and api.home-connect.com (used by integration, ip address is the same as api-rna...) via vpn.

How do you know the appliances connect to the HC cloud?

From official home connect app (with wifi disabled)

The whole scenario doesn't make sense to me, if HC are blocking some countries then the appliances should be blocked too, why would they only block API access but still allow the appliances to connect from the same countries?

Actually it's been like this for a while now. The funny thing is that even mobile app works fine (except authorization part), but not api.

What error is generated when the integration is connecting to the API?

With vpn disabled, this error is shown

2024-04-08 19:09:53.884 ERROR (MainThread) [aiohttp_sse_client.client] fetch https://api.home-connect.com/api/homeappliances/events failed: 403

When requested with curl, there is 403 in plain html:

[alex@home ~]> curl https://api.home-connect.com/api/homeappliances/events
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
</body>
</html>

and this is with vpn

[alex@home ~]> curl https://api.home-connect.com/api/homeappliances/events
{
  "error": {
    "key": "401",
    "description": "Authentication is possible but has failed or not yet been provided."
  }
}

Thank you for your reply. Couldn't answer, was unavailable. I confirm, everything is the same for me.