Tuesday, May 14, 2013

IFTTT Recipe HTTP Commands

EDIT - 4 Jan 2015

IFTTT finally began using Ruby on Rail's built-in CSRF protections sometime around November 2014. I wasn't paying any attention to this and had lost track of this blog post, so my apologies to everyone who responded hoping for a solution. I had no idea that there were many people making use of this post.

Because of the nature of CSRF protection there have to be some changes to how we proceed as we will have to retrieve a CSRF token from the server that will be sent as a header with later GET and PUT calls after authentication.

So, the following command should be run first off which will establish a session cookie and will output the CSRF token that we'll be using in subsequent calls:

curl "https://ifttt.com/login" -b ifttt.cookies -c ifttt.cookies | grep csrf

This will generate the cookie file and will tell us the CSRF token and the name of the parameter that will be expected to be sent with the login POST. I've updated the JSON object below with an example, but you'll have to update it with the value returned when you run the command. At this point you've probably already realized that it's not going to be as easy as it was to just issue a POST to log in and then keep everything going. You'll probably want to use these commands as a guide as you program your own uses using scripting languages of one sort or another to store the CSRF token for subsequent use.

The other change that you'll note in the other requests below the the inclusion of a new header, X-CSRF-Token, which is the same token given to us on this first request. It will need to be present to have any interaction with the IFTTT webserver.

IFTTT.com is a fantastic site. It is a simple automation engine based on many commonly used Internet applications and has a number of really cool applications. However, it also has a number of shortcomings: you can't AND or OR triggers together, and you can't control one recipe from another.

To try and get around some of these issues, I'm working on a simple web service on my development box that will hopefully resolve some of these issues. Playing around with the website a bit, I've recovered the following bits of their API that will hopefully help me eventually control existing recipes from other recipes.

The basic workflow so far is to use cURL to establish an authenticated session with IFTTT.com, interact with my personal recipes, and then logout. The session is maintained through the use of a cookie file, ifttt.cookies. The list of personal recipes is downloaded to ifttt_personal.xml.

To begin, the initial authentication uses the following file, ifttt.json, to hold the POST variables for login.


  "authenticity_token": "Thisisatokenyougotfromtheserverasdetailedintheeditabove=",
  "login":       "nocoolnametom@gmail.com",
  "password":    "<password>",
  "remember_me": "1"

There is a variable that is sent with the regular browser-based login form, authenticity_token, but it does not currently appear to be needed to get an authenticated session cookie. Obviously, replace <password> with your IFTTT.com password.

To establish an authenticated session (checked via cookie, should redirect 302 on success):

curl -X POST -d @ifttt.json "https://ifttt.com/session" -H "content-type:application/json" -b ifttt.cookies -c ifttt.cookies -i

To retrieve XML file of recipes:

curl "https://ifttt.com/myrecipes/personal.xml" -H "X-CSRF-Token:Thisisatokenyougotfromtheserverasdetailedintheeditabove=" -b ifttt.cookies -c ifttt.cookies > ifttt_personal.xml

To Activate/Deactivate a recipe (grab id from ifttt_personal.xml):

curl -X PUT "https://ifttt.com/myrecipes/personal/<recipe_id>/activation?enabled=true&variant=icon" -H "content-length:0" -H "X-CSRF-Token:Thisisatokenyougotfromtheserverasdetailedintheeditabove=" -b ifttt.cookies -c ifttt.cookies -i

To Force Run a recipe (grab the id from ifttt_personal.xml):

curl -X PUT "https://ifttt.com/myrecipes/personal/<recipe_id>/force_run" -H "content-length:0" -H "X-CSRF-Token:Thisisatokenyougotfromtheserverasdetailedintheeditabove=" -b ifttt.cookies -c ifttt.cookies -i

To logout (delete session from cookie file, should redirect 302):

curl "https://ifttt.com/logout" -H "X-CSRF-Token:Thisisatokenyougotfromtheserverasdetailedintheeditabove=" -b ifttt.cookies -c ifttt.cookies -i


  1. This is just what I needed, but I'm having a tough time getting it to work....

    curl -X PUT "https://ifttt.com/myrecipes/personal/3898316/force_run" -H "content-length:0" -b ifttt.cookies -c ifttt.cookies -i ;
    HTTP/1.1 302 Found
    Server: nginx/1.2.3
    Date: Fri, 21 Jun 2013 23:53:46 GMT
    Content-Type: text/html; charset=utf-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Status: 302 Found
    Location: https://ifttt.com/login
    X-UA-Compatible: IE=Edge,chrome=1
    Cache-Control: no-cache
    X-Request-Id: 8dc5e0e7808940b7cd0e95fb8cfd4ed0
    X-Runtime: 0.006502
    X-Rack-Cache: invalidate, pass

    You are being redirected.[1]+ Done open https://ifttt.com/myrecipes/personal/3898316/activation?enabled=false

    Can you decode the error here?

  2. Awesome. This is very useful info, thanks!

  3. How is this testing going? What are your successes/failures?


  4. This comment has been removed by the author.

  5. It work for me for a long time, but now ifttt show error 500...... how can I repair it?? Thanks

  6. Awesome ! i was looking for this !! :) Thanks.

  7. even i am getting error 500 now after a day. does anyone have a solution to this ?

  8. Very well written article. It was an awesome article to read. Complete rich content and fully informative. I totally Loved it.Balloon Dog Decoration For Sale USA