EDIT - 4 Jan 2015
IFTTT finally began using Ruby on Rail's built-in CSRF protections sometime around November 2014. I wasn't paying any attention to this and had lost track of this blog post, so my apologies to everyone who responded hoping for a solution. I had no idea that there were many people making use of this post.
Because of the nature of CSRF protection there have to be some changes to how we proceed as we will have to retrieve a CSRF token from the server that will be sent as a header with later GET and PUT calls after authentication.
So, the following command should be run first off which will establish a session cookie and will output the CSRF token that we'll be using in subsequent calls:
curl "https://ifttt.com/login" -b ifttt.cookies -c ifttt.cookies | grep csrf
This will generate the cookie file and will tell us the CSRF token and the name of the parameter that will be expected to be sent with the login POST. I've updated the JSON object below with an example, but you'll have to update it with the value returned when you run the command. At this point you've probably already realized that it's not going to be as easy as it was to just issue a POST to log in and then keep everything going. You'll probably want to use these commands as a guide as you program your own uses using scripting languages of one sort or another to store the CSRF token for subsequent use.
The other change that you'll note in the other requests below the the inclusion of a new header, X-CSRF-Token, which is the same token given to us on this first request. It will need to be present to have any interaction with the IFTTT webserver.
IFTTT.com is a fantastic site. It is a simple automation engine based on many commonly used Internet applications and has a number of really cool applications. However, it also has a number of shortcomings: you can't AND or OR triggers together, and you can't control one recipe from another.
To try and get around some of these issues, I'm working on a simple web service on my development box that will hopefully resolve some of these issues. Playing around with the website a bit, I've recovered the following bits of their API that will hopefully help me eventually control existing recipes from other recipes.
The basic workflow so far is to use cURL to establish an authenticated session with IFTTT.com, interact with my personal recipes, and then logout. The session is maintained through the use of a cookie file, ifttt.cookies. The list of personal recipes is downloaded to ifttt_personal.xml.
To begin, the initial authentication uses the following file, ifttt.json, to hold the POST variables for login.
To establish an authenticated session (checked via cookie, should redirect 302 on success):
curl -X POST -d @ifttt.json "https://ifttt.com/session" -H "content-type:application/json" -b ifttt.cookies -c ifttt.cookies -i
To retrieve XML file of recipes:
curl "https://ifttt.com/myrecipes/personal.xml" -H "X-CSRF-Token:Thisisatokenyougotfromtheserverasdetailedintheeditabove=" -b ifttt.cookies -c ifttt.cookies > ifttt_personal.xml
To Activate/Deactivate a recipe (grab id from ifttt_personal.xml):
curl -X PUT "https://ifttt.com/myrecipes/personal/<recipe_id>/activation?enabled=true&variant=icon" -H "content-length:0" -H "X-CSRF-Token:Thisisatokenyougotfromtheserverasdetailedintheeditabove=" -b ifttt.cookies -c ifttt.cookies -i
To Force Run a recipe (grab the id from ifttt_personal.xml):
curl -X PUT "https://ifttt.com/myrecipes/personal/<recipe_id>/force_run" -H "content-length:0" -H "X-CSRF-Token:Thisisatokenyougotfromtheserverasdetailedintheeditabove=" -b ifttt.cookies -c ifttt.cookies -i
To logout (delete session from cookie file, should redirect 302):
curl "https://ifttt.com/logout" -H "X-CSRF-Token:Thisisatokenyougotfromtheserverasdetailedintheeditabove=" -b ifttt.cookies -c ifttt.cookies -i
This is just what I needed, but I'm having a tough time getting it to work....ReplyDelete
curl -X PUT "https://ifttt.com/myrecipes/personal/3898316/force_run" -H "content-length:0" -b ifttt.cookies -c ifttt.cookies -i ;
HTTP/1.1 302 Found
Date: Fri, 21 Jun 2013 23:53:46 GMT
Content-Type: text/html; charset=utf-8
Status: 302 Found
X-Rack-Cache: invalidate, pass
You are being redirected.+ Done open https://ifttt.com/myrecipes/personal/3898316/activation?enabled=false
Can you decode the error here?
Awesome. This is very useful info, thanks!ReplyDelete
How is this testing going? What are your successes/failures?ReplyDelete
This comment has been removed by the author.ReplyDelete
It work for me for a long time, but now ifttt show error 500...... how can I repair it?? ThanksReplyDelete
Awesome ! i was looking for this !! :) Thanks.ReplyDelete
even i am getting error 500 now after a day. does anyone have a solution to this ?ReplyDelete
Waiting for solution too.ReplyDelete
Very well written article. It was an awesome article to read. Complete rich content and fully informative. I totally Loved it.Balloon Dog Decoration For Sale USAReplyDelete
Best 3-Day Free Spins at Casinos Near Bryson City - MapyroReplyDelete
Find your complete 서산 출장샵 list of 목포 출장마사지 the best online 사천 출장안마 casinos accepting American players in Bryson 통영 출장안마 City, 사천 출장샵 NJ.
Vampires in the Enchanted Castle casino - FilmFileEuropeReplyDelete
Vampires air jordan 18 retro yellow on sale in the Enchanted Castle Casino. Vampires in make air jordan 18 retro toro mens sneakers the Enchanted what is the best air jordan 18 retro men Castle Casino. Vampires in the Enchanted Castle Casino. how can i order air jordan 18 retro red suede Vampires in the Enchanted Castle Casino. Vampires in the Enchanted 강원 랜드 썰