@jody.albritton Thanks so much for taking the time to address all of those. I think @JDRoberts should be a veteran though. 5 years using and building sounds pretty veteran to me.
I’m more than happy to retire that “web firmware” idea, believe me. It’s so abstract it’s difficult to conceptualize it at all. Didn’t see the localization either, so thanks for that!
Let’s definitely go one by one here.
That’s not the point i’m raising. The process of trial and error to work with this is a nightmare. The only way to test it is to host an endpoint on a staging box or ngrok it to localhost, and that’s installing an app which isn’t built (or built blindly). Software 101 is not to trust what you’ll receive in a payload. Couldn’t we have a nice big button in the workspace which says “Send Test Payload” for each phase, with dummy data? How do we mock this locally , for tests?
The whole thing is basically OAuth: create an app with client_id and client_secret, get access/refresh tokens, get callbacks. It’s exactly the same as a Twitter, Facebook, Twilio app. Why not just call it OAuth and follow convention?
Why on earth would anyone want to do that? Errmaaghheeerrd!
Nope. Let’s say you’ve written your code for the lifecycles, and for some reason the webhook gets a 500 error during the INSTALL phase. The UI will display “a network error occured”, meaning it didn’t complete. When you go back to the SmartApps list, your project is there, looking like it’s installed. Shouldn’t it only be seen as an “installed” app if it completes properly?
In the dialogue which appears saying “a network error occurred”. If in developer mode, display the remote response received there instead of the log? I don’t want to have to do this in “live” mode on a phone; only to stage it there. There’s a double problem here: you have to copy/paste the live log data, then get it into a readable format (e.g. JSON viewer), then unparse the error, which is a JSON-encoded error string inside a JSON object! (backslashes)
Why can’t the API tell if our own app is linking our own devices?
This is one of my biggest gripes, although i do understand the security precaution here. If we create an OAuth app which displays a permissions screen for a user to view and accept, the token we get is valid until it’s revoked. Unless i’m missing something here, don’t the docs say the only access token an app receives is the 5min one? I’ve looked over this in our logs and the only time we get it is during INSTALL and UPDATE.
Advice Erick gave me over email. Subscriptions can’t be updated - have to be deleted first, then re-created. I spent the best part of a few hours trying to understand why i got 403s using a personal access token which worked with anything else. It seems like a bit of a pointless thing.
Try them in https://jsonlint.com/ . Not a big thing but it’s annoying when you’re copying/pasting when simulating an webhook POST on local.
That’s true, and it’s largely because it’s often the only way of understanding anything (see a lot of the forum posts on here) as well as figuring out what some devices claim as capabilities (e.g. the musicPlayer example from Bose). The lock codes one is a great example of this. It’s entirely possible to set and remove lock codes on those Yale products, but - and i’m not joking on this - it took one of our guys about half a day to find the answer to something we knew we could do: Correct Z-Wave Lock API Command - #6 by awesam. The commands listed under capabilities are just lock() and unlock();
I feel your pain.