Rules API broken?

What worked for me a few weeks ago now returns a 403 forbidden error.
All l want to do is execute a pre-existing rule. But even a GET to list my rules returns this error. I can still see them on the web. The devices API still works.

Has this API been changed or removed? If changed, is there new documentation somewhere?

Usually I am all over the API but that hasn’t been the case for the last couple of weeks. I was aware that the ability to enable and disable Rules had returned to the public API but I hadn’t noticed other changes.

I am just looking now and I can immediately see that something has definitely changed. For a long time now it was the case that the CLI, when using the default authentication flow, would only show Rules it created itself. Now it shows all the other Rules created by user tokens in the Location. Similarly using the API with a PAT now shows the Rules created using the CLI’s token.

This is actually a reversion to the behaviour it always used to have.

I’ve not seen any permissions errors yet.

I’ve always used a PAT. I tried generating a new one with all access, and get the same result - works with devices, 403 with rules. I’ve never tried CLI access - I’ll go try that and see if that sheds any light on things.

Hi, @PWBarrett
Can you share more details about the request you’re trying to execute? For example, the URL.
About executing the pre-existing Rule, I’d like to see it’s config, could you provide support access to your account and share the name of the Rule with me so I can check it out, please?

  1. Confirm the email account registered in the forum is the same one you use for SmartThings. If not, please share it with me over DM
  2. Enable support access to your account:
  1. Go to the SmartThings Web (my.smartthings.com)
  2. Log in to your Samsung Account
  3. Select Menu (â‹®) and choose Settings
  4. Toggle on Account Data Access
  5. Select the time period and confirm - In this step, please select “Until turned off”, once the team finishes, we’ll let you know so you can disable it again.

I’ve enabled support access on my account.

Here is one of the rules that previously worked from Postman (plus PAT authorization):
POST https://api.smartthings.com/v1/rules/execute/fec885d4-8d2b-4394-8329-83db7e580b21?locationId=d30fdc24-9c54-4249-8e85-80bd5e2ec835

When I try GET https://api.smartthings.com/v1/rules?locationId=d30fdc24-9c54-4249-8e85-80bd5e2ec835
I get OK but an empty list.

Thanks for the reply, @PWBarrett . I tried the email registered here in the forum and I got an error saying we don’t have access. Could you check if you enabled it correctly or if the email here is the same as in your ST app, please?

Nice! This is a good reversion and very useful.

FWIW, I am not having any issues with a GET request for a list of my rules.

Hi, @PWBarrett
I also see the empty response from the Rules API endpoint but it’s because you haven’t created any Rule using the API directly. The ones in your account are Routines (Rules created in the app), I’m checking with the engineering team if those can be reached using the public API, once I get more details, I’ll let you know.

Hi, @PWBarrett

The engineering team mentioned that the previous ability to execute Routines using the public API was a bug, which they fixed. So this is why you saw it working before, but now this is the expected behavior, only Rules created using the public API (https://api.smartthings.com/v1/rules) can be executed with the rules/execute endpoint.

Ok, I can go create a rule on the web, get its json, paste it into a web transaction to create a duplicate API version, and repeat this every time I need to tweak it. Very tedious, and puzzling why this distinction exists.
Are “routines” vs. rules documented anywhere? Because I never saw anything about that.

Routines are created using “create a routine” within the SmartThings app.

“Rules” were originally called “recipes,” although that terminology never really seem to catch on.

There’s a good technical discussion of the available documentation and the differences between the two in the following thread:

Rules vs Routines

Rules shows 403 Forbidden Error

Same problem encountered today when accessing the rules endpoint using my PAT token:

https://api.smartthings.com/v1/rules

Despite
:heavy_check_mark: Having a valid token
:heavy_check_mark: Having enough permissions (I checked all the checkboxes on permissions regarding rules)

and it works on:
https://api.smartthings.com/v1/devices

Is the Rules endpoint broken?

Yes, that would indeed return a 403. Listing rules requires a locationId filter. So add the query string ?locationId=<locationId> where <locationId> is the UUID of the SmartThings Location you are interested in (https://api.smartthings.com/locations).

2 Likes