Http shortcut - avoid security warning

Aim: Use a shortcut to trigger a shelly relay that has a web password.

Shelly automation devices can be triggered by accessing a url. So “http://user:pass@ipaddress/relay/0?turn=on” will activate a relay. It works great on chrome on a Mac but fails using safari on Mac or iOS.

Safari pops up a login screen to enter the username and password along with a warning that the password will not be encrypted.

Does anyone know a way to get around this problem? Unfortunately the Shelly app doesn’t appear to be accessible to shortcuts.

1 Like

It looks like you should be able to POST with a JSON payload containing the credentials. I would expect that would work better than putting the credentials into the URL. I would also hope, that you are using local IP addresses only.

Try passing the credentials as an Authorization header instead of the url.

Here’s an example:

1 Like

Perfect - Thank you @supermamon so much, it works like a charm - sharing the example really helped - now I just have to understand how it works :slight_smile:

edit - in case it helps anyone else…

I’m a beginner in using Shortcuts and how to link actions, here are the bits I found out to make it work - if there is a better way, someone please chime in.

In the [Get contents of URL] Action it is necessary to add a header.

Key = Authorization
Text = Basic [Space] [then touch ‘Select Variable’ and choose the output of the Encode with Base64 action]

Having selected Base64 Encoded you can long press on it in the Get Contents of URL action and change the name to something that makes more sense like ‘Credentials’.

The first time it runs it will ask you to allow the connection to the IP address, After that it should just work.

1 Like

It is working for me too. Thanks a lot. But I have to be at home on the same network as the Shelly device in order for this shortcut to work.
Is there any way to operate this shortcut while I am not home?

I don’t think it is possible without Shelly providing shortcut support directly into their app and using their cloud access to get to the device you want to control.

I suppose if you had a static ip on your internet connection and port mapped a firewall rule to the Shelly device it might work with a bit of tinkering.

Your challenge is accessing a private range IP address from outside (on another private range IP address provided by your mobile network)

Maybe if you had a VPN running…

1 Like

I just found this document. Don’t know if I can get it to work. But I’ll give it a try. Wish me luck!

I got it to work:

You will need an api key (from user settings when you log into the cloud) - your server might be different to the one in the screenshot:

The apikey and device Id have been truncated for obvious reasons :slight_smile:

1 Like

That’s great @Philrob .
I also got it to work on my iphone through Apple Shortcuts.