Http shortcut - avoid security warning

Aim: Use a shortcut to trigger a shelly relay that has a web password.

Shelly automation devices can be triggered by accessing a url. So “http://user:pass@ipaddress/relay/0?turn=on” will activate a relay. It works great on chrome on a Mac but fails using safari on Mac or iOS.

Safari pops up a login screen to enter the username and password along with a warning that the password will not be encrypted.

Does anyone know a way to get around this problem? Unfortunately the Shelly app doesn’t appear to be accessible to shortcuts.

It looks like you should be able to POST with a JSON payload containing the credentials. I would expect that would work better than putting the credentials into the URL. I would also hope, that you are using local IP addresses only.

https://shelly-api-docs.shelly.cloud/gen1/#common-http-api

Try passing the credentials as an Authorization header instead of the url.

Here’s an example:
https://www.icloud.com/shortcuts/0f6372919a314232861e7e1d5983a7dd

Perfect - Thank you @supermamon so much, it works like a charm - sharing the example really helped - now I just have to understand how it works :slight_smile:

edit - in case it helps anyone else…

I’m a beginner in using Shortcuts and how to link actions, here are the bits I found out to make it work - if there is a better way, someone please chime in.

In the [Get contents of URL] Action it is necessary to add a header.

Key = Authorization
Text = Basic [Space] [then touch ‘Select Variable’ and choose the output of the Encode with Base64 action]

Having selected Base64 Encoded you can long press on it in the Get Contents of URL action and change the name to something that makes more sense like ‘Credentials’.

The first time it runs it will ask you to allow the connection to the IP address, After that it should just work.