Tuesday, May 14, 2013

IFTTT Recipe HTTP Commands

EDIT - 4 Jan 2015

IFTTT finally began using Ruby on Rail's built-in CSRF protections sometime around November 2014. I wasn't paying any attention to this and had lost track of this blog post, so my apologies to everyone who responded hoping for a solution. I had no idea that there were many people making use of this post.

Because of the nature of CSRF protection there have to be some changes to how we proceed as we will have to retrieve a CSRF token from the server that will be sent as a header with later GET and PUT calls after authentication.

So, the following command should be run first off which will establish a session cookie and will output the CSRF token that we'll be using in subsequent calls:

curl "https://ifttt.com/login" -b ifttt.cookies -c ifttt.cookies | grep csrf

This will generate the cookie file and will tell us the CSRF token and the name of the parameter that will be expected to be sent with the login POST. I've updated the JSON object below with an example, but you'll have to update it with the value returned when you run the command. At this point you've probably already realized that it's not going to be as easy as it was to just issue a POST to log in and then keep everything going. You'll probably want to use these commands as a guide as you program your own uses using scripting languages of one sort or another to store the CSRF token for subsequent use.

The other change that you'll note in the other requests below the the inclusion of a new header, X-CSRF-Token, which is the same token given to us on this first request. It will need to be present to have any interaction with the IFTTT webserver.

IFTTT.com is a fantastic site. It is a simple automation engine based on many commonly used Internet applications and has a number of really cool applications. However, it also has a number of shortcomings: you can't AND or OR triggers together, and you can't control one recipe from another.

To try and get around some of these issues, I'm working on a simple web service on my development box that will hopefully resolve some of these issues. Playing around with the website a bit, I've recovered the following bits of their API that will hopefully help me eventually control existing recipes from other recipes.

The basic workflow so far is to use cURL to establish an authenticated session with IFTTT.com, interact with my personal recipes, and then logout. The session is maintained through the use of a cookie file, ifttt.cookies. The list of personal recipes is downloaded to ifttt_personal.xml.

To begin, the initial authentication uses the following file, ifttt.json, to hold the POST variables for login.


  "authenticity_token": "Thisisatokenyougotfromtheserverasdetailedintheeditabove=",
  "login":       "nocoolnametom@gmail.com",
  "password":    "<password>",
  "remember_me": "1"

There is a variable that is sent with the regular browser-based login form, authenticity_token, but it does not currently appear to be needed to get an authenticated session cookie. Obviously, replace <password> with your IFTTT.com password.

To establish an authenticated session (checked via cookie, should redirect 302 on success):

curl -X POST -d @ifttt.json "https://ifttt.com/session" -H "content-type:application/json" -b ifttt.cookies -c ifttt.cookies -i

To retrieve XML file of recipes:

curl "https://ifttt.com/myrecipes/personal.xml" -H "X-CSRF-Token:Thisisatokenyougotfromtheserverasdetailedintheeditabove=" -b ifttt.cookies -c ifttt.cookies > ifttt_personal.xml

To Activate/Deactivate a recipe (grab id from ifttt_personal.xml):

curl -X PUT "https://ifttt.com/myrecipes/personal/<recipe_id>/activation?enabled=true&variant=icon" -H "content-length:0" -H "X-CSRF-Token:Thisisatokenyougotfromtheserverasdetailedintheeditabove=" -b ifttt.cookies -c ifttt.cookies -i

To Force Run a recipe (grab the id from ifttt_personal.xml):

curl -X PUT "https://ifttt.com/myrecipes/personal/<recipe_id>/force_run" -H "content-length:0" -H "X-CSRF-Token:Thisisatokenyougotfromtheserverasdetailedintheeditabove=" -b ifttt.cookies -c ifttt.cookies -i

To logout (delete session from cookie file, should redirect 302):

curl "https://ifttt.com/logout" -H "X-CSRF-Token:Thisisatokenyougotfromtheserverasdetailedintheeditabove=" -b ifttt.cookies -c ifttt.cookies -i


  1. This is just what I needed, but I'm having a tough time getting it to work....

    curl -X PUT "https://ifttt.com/myrecipes/personal/3898316/force_run" -H "content-length:0" -b ifttt.cookies -c ifttt.cookies -i ;
    HTTP/1.1 302 Found
    Server: nginx/1.2.3
    Date: Fri, 21 Jun 2013 23:53:46 GMT
    Content-Type: text/html; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Status: 302 Found
    Location: https://ifttt.com/login
    X-UA-Compatible: IE=Edge,chrome=1
    Cache-Control: no-cache
    X-Request-Id: 8dc5e0e7808940b7cd0e95fb8cfd4ed0
    X-Runtime: 0.006502
    X-Rack-Cache: invalidate, pass

    You are being redirected.[1]+ Done open https://ifttt.com/myrecipes/personal/3898316/activation?enabled=false

    Can you decode the error here?

  2. Awesome. This is very useful info, thanks!

  3. How is this testing going? What are your successes/failures?


  4. This comment has been removed by the author.

  5. It work for me for a long time, but now ifttt show error 500...... how can I repair it?? Thanks

  6. Awesome ! i was looking for this !! :) Thanks.

  7. even i am getting error 500 now after a day. does anyone have a solution to this ?

  8. Very well written article. It was an awesome article to read. Complete rich content and fully informative. I totally Loved it.Balloon Dog Decoration For Sale USA

  9. Best 3-Day Free Spins at Casinos Near Bryson City - Mapyro
    Find your complete 서산 출장샵 list of 목포 출장마사지 the best online 사천 출장안마 casinos accepting American players in Bryson 통영 출장안마 City, 사천 출장샵 NJ.

  10. Vampires in the Enchanted Castle casino - FilmFileEurope
    Vampires air jordan 18 retro yellow on sale in the Enchanted Castle Casino. Vampires in make air jordan 18 retro toro mens sneakers the Enchanted what is the best air jordan 18 retro men Castle Casino. Vampires in the Enchanted Castle Casino. how can i order air jordan 18 retro red suede Vampires in the Enchanted Castle Casino. Vampires in the Enchanted 강원 랜드 썰

  11. • If the participant and the player-dealer’s hand both include two aces of hearts, the palms push and no motion is taken on the wager. If the vendor has the higher hand, the gamers lose their bets and the 1xbet vendor wins that spherical. In our final part, you'll learn essentially the most superior technique for enjoying in} blackjack -- counting cards.

  12. We additionally respect particular person opinions––they represent the unvarnished pondering of our individuals and exacting evaluation of our research processes. Our authors can publish views that we may or may not agree with, however they present their work, distinguish details from opinions, and ensure their evaluation is obvious and in no way deceptive or deceptive. The firm is making steady headway in certain high-value sectors and continues to commercialize new printers, materials, and related merchandise. 3D Systems have just introduced some best vacuum bags for storage developments exhibiting that they're on observe to provide a huge metal printing machine for the US army.

  13. This integrated program, typically known as CAD/CAM/CAE software, permits a single software program to handle the complete fabrication course of from design to analysis to production. Manufacturers of today can automate nearly any course of given sufficient time, sources and imagination. Raw material Toilet Seats can go into a machine and accomplished parts can come out packaged ready-to-go. Manufacturers rely upon a wide range|a variety} of CNC machines to make issues shortly, accurately and cost-effectively. As its name implies, a CNC water jet cutter makes use of high-pressure jets of water to chop by way of materials. Computer numerical management expertise controls the sequence of motion of the water jet to create the desired finished part.

  14. As a result, the market gamers are taking profound steps to resolve these points by creating consciousness amongst customers and urging them to use anti-virus software program on their smartphones and PCs. Moreover, companies use third-party applications to guard their web sites and facilitate secure online payment transactions. Federal regulation restricts the usage of wire communication amenities in gambling activities or sports betting as the ability consists of the web. However, the web permits gamers to keep an nameless id 온라인카지노 and quick exit from gambling websites, which makes it tough to trace the gambling activity. A nice web on line casino retains gamers from turning into bored by providing all types of on line casino video games.