Next Example

Example 1: Authenticating your app

The API uses the OAuth standard for authentication. We will demonstrate the PIN based method. The sequence of calls is depicted in the diagram below:

7VpZb+M2EP41eUyhw1Lsx5xtgR7BZoFtHymJtonQokDRR/bX75Aa6qKTGInsaNsYhi2O6CE5883HGcpn4fVq96skxfJPkVF+FnjZ7iy8OQsC359M4EtLnirJxQW0tGAhWYadGsED+05R6KF0zTJadjoqIbhiRVeYijynqerI5oJ3hyjIwqpvBA8p4a70G8vUspJOg7iR/0bZYmmH8eNZdadUT1ZHRudkzdW5EeFaV8TqwlXtvKppf/+E7RDbBck7M/ouxKojkLRsTIWrZTgtHCMRMqOyI+Isf2ybLbwF10kh4If6arW7ply7z3omSiI/jqYko2Q2SWfeeaXn7tDutT0lzXFy71UZVio3hK9x+TQVCaUgu7z//SyIOQx0lbENXC70Jc0zPQXBYAZ4F4ZrdXA8WC5JoS/XK/4Hm1MwGrSuCirZiipjUY7i+0Z2tV0yRR8KkuqfbiEYQLZUKw4tvx5lQ6WiNjYOME7jJQgwKmAs+aThg91tkGBsTbC5bbDreyhbtnAbXaCQIBgWterGFXCB3jjQMxjoLc/c0A3lAgwH4mvO9DJ/Wlv70ZhsHTm2dizbsgeEwKWUYgvNlJOyZGklvGN6ROhyDHvNuvbyLVZbBrO01LZXaIWD2gsJvGWvOyZLgKP3FUC1hzUu12oJS2cpUUzkBxIHzWA3wSblidjeNoIrI4Ab2sygFqbehqyVXnK20NSfCKU05bd9l3CRPtbj6sHe7SxJOSxw01W0z/L40/uKRq2T+z62QWE1lGItU4o/arN8T48Dlr4iReSCKkeRwUG9nLdBY/p6KIEGSDe0E1ses8xVwtzUgyJK359DRF0LLqptN/TMS3dWUjzS1p35HO98RGxaSrLWDpC6W6EZ7gvNY0SmpYURU1nUo34/PpDK0KzD2ssusbHX34kiDDjKu9efH8NJdMfUP9ZHcP0vXHu/+FGM7dbufYOmegOBwcoMo7y8K1Zk8SLeBmfCSR8jNqZeocIhGMzHiGlBwiDBY6VZmFrLnOokeMsArpCKQZF2EpxkpFzCwE7kQkoI/bQE672paYEFagjpRoWhIA6t4CQgsoT0IooM0o4PolkPREfcBn03fbeFlZMcFUIqAAEYEtLw/1pRFY8q0ffHn+nHveQtCHHOr2yPx7GXm+l/oRmT+mgo8NalqUWVMNhd5Oc6ta+akO6bY4IK2TCwR8zBAYFCQEhNU3BdFA2Ljm6zDWe2PZ7N9jg8GT2HuBNstoF7AGUZMAFsPcN+EG5a3vK3OcAjiemg6wB4E3R9Co4x7NfHxIplmYESJwnlVyR9XEixzrNOXaFf72ECPEjFqTVnhy8DxoSd62i7kV1gWL7T8ee1olpxz/NiPi8BjkNvjngs+xMVKfU5ykewsB1oX5Fymaa01InpV6iItQD5tJB0w8S65HpRhRQbOPfXBHyybPVgovXgmcawRPsyiRrwDU6i9ROWPmBOQaJuEVvDotp2v9A5MKTGhYGJuSHNDq2RUcKZnAbHZw3zsZCx+/Dw9UkczbIgTH2SzMh8NgXm//8d0017hUjs5tXHOqZzzO8eMYz9gcPEpgavbIC+LbEGtZe7AX6D5wl6FOQ5p6hWuB3SXQHlSt3j85FD71GBrb2tm22UvPeZg6PoiGS2r4YYdzoZWbOfIJ10zOUeTdXZ5F90e2BO6Z5iNTlmL9sYV+wNkYS2E8zn0PgBwdxPKGqUDZ+DOqt2D9Z6WPpMRDtJ5phh02edN1M3NJu/Q1Xdm7+1hbc/AA==

Let's get started with the first request to obtain our ecobeePin. Note that you will need your API Key, which can obtained when you create your app in the ecobee portal through the developer panel.

To access the developer panel, click on the 'Developer' tab located in ecobee's right-hand-side portal menu. Then create a new app by clicking 'Create New', select 'ecobee PIN' as the Authorization Method and click Save. Make note of the API Key. The process for this is illustrated below.

For the next few steps, we have created a series of JavaScript forms that perform real calls to the ecobee API. Responses for each call can be observed as well as the actual JavaScript used to make the call.

Step 1: Obtaining your Pin and Authorization Code

Paste the application's API key below and press 'Submit'.

API Key:

Response JSON:

If all goes well, you should receive a response below that contains an ecobeePin and code along with a few other fields.

(Step 1 response JSON will appear here)

The JavaScript below was used to carry out this request:

							
var apiKey = $('#apiKey').val();	
var url = "https://api.ecobee.com/authorize?response_type=ecobeePin&client_id=".concat(apiKey).concat("&scope=smartWrite");	
$.getJSON(url,  function(data) {
	var response = JSON.stringify(data, null, 4);
 	$('#authorizeResponse').html(response);
});                			
                			

Copy your ecobeePin as seen in the response above. At this point, goto ecobee.com, login to the web portal and click on the 'My Apps' tab. This will bring you to a page where you can add an application by authorizing your ecobeePin. To do this, paste your ecobeePin and click 'Validate'. The next screen will display any permissions the app requires and will ask you to click 'Authorize' to add the application. The process for this is illustrated below.

For your convenience, the code (the Authorization Code) from the previous response along with your API Key has been pre-populated in the next request form below.

Now that you have authorized your app using your ecobeePin, the next step is to obtain your access_token.

Step 2: Obtaining your Access Token and Refresh Token

Ensure that both the API Key and Authorization Code fields are populated and press 'Submit' to perform an API call to obtain an Access Token. This token will be needed for all future API calls.

API Key:

Authorization Code:

Response JSON:

If all goes well, the response below should contain the required tokens needed to make further API requests.

(Step 2 response JSON will appear here)

The JavaScript below was used to carry out this request:

apiKey = $('#apiKey').val();
authCode = $('#authCode').val();

var url = "https://api.ecobee.com/token"
var data = "grant_type=ecobeePin&code=".concat(authCode).concat("&client_id=").concat(apiKey);

$.post(url, data, function(resp) {
	var response = JSON.stringify(resp, null, 4);
	$('#tokenResponse').html(response);
}, 'json');	
                			

Your app must remember the access_token and refresh_token values. The access_token is used to make API requests, and the refresh_token is used to obtain another valid access_token once the current access_token expires. An access_token expires in 60 minutes, while a refresh_token takes one year to expire.

Let us take a look at how to perform a token refresh.

Step 3: Performing a Refresh Token

Like in Step 2, the API Key has been pre-populated for your convenience. This time, copy the refresh_token returned in the response of Step 2 into the 'Refresh Token' field. Press 'Submit' to obtain a new set of tokens.

API Key:

Refresh Token:

Response JSON:

If all goes well, you will receive a new access_token and refresh_token in the response below.

(Step 3 response JSON will appear here)

The JavaScript below was used to carry out this request:

		
apiKey = $('#apiKey').val();
refreshToken = $('#refreshToken').val();
   
var url = "https://api.ecobee.com/token";
var data = "grant_type=refresh_token&code=".concat(refreshToken).concat("&client_id=").concat(apiKey);
  	
$.post(url, data, function(resp) {
	var response = JSON.stringify(resp, null, 4);
  	$('#refreshTokenResponse').html(response);
}, 'json');										
							

Every time you refresh your token, your app must remember the new pair of access and refresh tokens from the result.

Recommendation: When you start a new working session with your user, it is a good idea to refresh your access_token, since there may be a high likelihood that your previous access_token may have expired.

Now let us get some thermostat details with our next example.

Next Example