-
Notifications
You must be signed in to change notification settings - Fork 52
user_data (V1 client)
To avoid HTTP_429_TOO_MANY_REQUESTS (authentication rate limit exceeded) errors it's now possible to save and restore the SessionId without re-authenticating.
#!/usr/bin/env python
import json
import io
import sys
from evohomeclient import EvohomeClient
username = '[email protected]'
password = 'yourpassword'
session_id = 'evohome-session-id.json'
# attempt to load previously saved session-id from disk
try:
with io.open(session_id, "rb") as f:
user_data = json.load(f)
except (IOError, ValueError):
user_data = None
try:
client = EvohomeClient(username, password, user_data=user_data)
for device in client.temperatures():
print(device)
except Exception as error:
sys.stderr.write('Connection failed: ' + str(error) + '\n')
sys.exit(1)
# save session-id so we don't need to re-authenticate every polling cycle.
with io.open(session_id, "wb") as f:
json.dump(client.user_data, f)For the V1 client, the following is worth understanding.
After an initial successful username/password authentication a sessionId is returned which is used for the following API calls so that consecutive calls can be made without performing re-authentication every time. This sessionId lasts for 15 minutes from the time of last use so as long as API calls are made at least this often the same session can be maintained without re-authenticating.
The sessionId and other state data required to save the session for re-use are stored in the EvohomeClient() user_data dictionary, eg client.user_data in the example code shown. This can be saved to disk for example by converting it to json as shown in the example code.
The dictionary will not be populated immediately after the initial EvohomeClient() call, rather after API requests are made such as iterating over client.temperatures() so API calls must be made first before attempting to save client.user_data. Before terminating your script you should save user_data to disk or elsewhere and attempt to restore it next time. If you cannot restore it user_data should be passed but set to None.
Please note that user_data contains other identifying account information in addition to the sessionId, including username, (email address) city, Name, userID, zipcode, street address, and country, so this file should be saved somewhat securely, such as removing group/other permissions.
If the previous sessionId has expired the client library will automatically and transparently re-attempt authentication so it's ok for your script to pass the previously saved sessionId without regard for when it was last used.
It's possible for multiple instances of EvohomeClient to be in use at once. In that case more than one sessionId can be valid at once, with each instance continuing to use its own sessionId without problems if the sessions are kept alive, eg used at least once every 15 minutes.
However there is a potential issue where if both instances have been idle for a long time and have expired and try to re-authenticate at close to the same time (within approx 10 seconds) the second instance will probably receive an HTTP_429_TOO_MANY_REQUESTS response due to rate limiting, so multiple authentication attempts within a short time period should be avoided.
In short, authentication attempts are subject to rate limiting however API calls made using an existing and still valid sessionId are not, so whenever possible you should attempt to reuse the previous sessionId.