CraftyChops
Members
-
Joined
-
Last visited
Reputation Activity
-
Hi everyone,
Just a quick update: I've managed to update the Node-RED flow to handle the new encrypted password requirement for the Sunsynk API (using RSA encryption with a dynamic public key, based on the PHP example shared earlier). It's working perfectly now, pulling stats without issues.
@Gary Waterworth (GitHub: gdwaterworth ==> https://github.com/gdwaterworth/Home-Assistant---E-Linter-Logger---Sunsynk), thanks for the original repo! Since it's marked as no longer maintained, would you prefer I submit a pull request with these changes, or should I fork it and maintain a separate version? Happy to share the updated flow JSON either way.
Details on changes below. Let me know if anyone wants the full export (sanitised for sensitive info).
Cheers,
Bjorn
Short Summary of Changes
Updated token endpoint to /oauth/token/new.
Added nodes to generate nonce/sign, fetch dynamic public key, and encrypt password using Node.js crypto module (RSA_PKCS1_PADDING).
Revised headers to prefer "deflate" encoding and match latest working User-Agent/Accept values to avoid compression errors.
Modified login request to use the base64-encoded encrypted password instead of plain text.
Ensured compatibility with existing flow structure; tested on Python-free Node-RED (uses built-in crypto). No other major alterations—stats pulling resumes as before.
-
Seems like it died this morning...
Doing some investigations, manually logging into https://api.sunsynk.net/ there are 2 changes that I am seeing:
URL changed from https://api.sunsynk.net/oauth/token to https://api.sunsynk.net/oauth/token/new
Payload password seems to be some kind of hash:
{"username":"[email protected]","password":"v4o9WZhlL5UI8dyq7Qt46+tubAYsPssTiBgw8wS8UR2K99fRI8srmaGP1INp5uoZj+xSIZbB96apbeEqVuta45yNmvGj8gSdPiN72Dej0cDv37lo4xHS3IV5KBVo8KOYMFXsNG50JL5nBOUlXsnPE+a2F9jMAUZBgKHo0wL4TQ1lmmG/pGPNlBBPK/frfGRmfnzcfUSY2+/UEHOYj2OF9nI2/qgohTN/nHB6FSyNowO2WhCnSmg1UVksWU0OueVxcE0oiRZfm52gCbiAK1TM8iA9MxPhBsk617kaGJF0dNV7pvxrKTn4ybeCrZSxLfW6FFUcwVO8l3InfvmdRXKoPcCuqSI8uYX3QQPRaVwcA+j3a9g28/Fq0kf/d7ZWKlauzKwJCZxhOgoqOckJ5KjuI46364bef2UG+7/DfrPajjttgfHCv4wRBlnas02dgqXWvY1ISydcivh35Dyjp7Y8ioW5W2KECmKJ/pcXvnD7NAF5Hyx8TJK9S8yqyOfx+SwgwukZcUse/YU6es7D0koAAjqymbwbFky/FKBg3owzV0xLgXZs+4Awq9u8pl2szGIiQQV5VYjBBDVMxM/tIW8quRfzskj9IUM/WOMSpCSN8XUFJ9EVkxybprVYDNjEA2RtVJ8dehc=","grant_type":"password","client_id":"csp-web","source":"sunsynk"}
This hash password changes every time, so using this static value does not work - I suspect we will have to manually calculate the hashed password the same way they do it on the site.