XML-API Addon 2.0

This is a new major release of the XML-API addon which in addition to some important bugfixes and feature changes also comes with some important security improvements which however also introduce ⚠️ breaking changes ⚠️ compared to XML-API v1.

These security improvements introduce a mandatory, stateless API token mechanism which requires users to first register for a new API token via a new tokenregister.cgi function and then this token key can be used in applications to query the XML-API in its usual way (cf. https://homematic-forum.de/forum/viewtopic.php?f=41&t=77234#p749409). However, every user/developer is requested to read all changes carefully.

Changes:

• ⚠️ breaking change: complete overhaul of all API functions of XML-API for improved security. Now all API calls are secured by stateless token based authentication forcing users to specify a valid sid=XXXXXXXX security token identifier. For registering, revoking and listing API tokens new tokenregister.cgi, tokenrevoke.cgi and tokenlist.cgi API functions have been added to XML-API. This should greatly improve the general security in a CCU if the XML API addon is installed, especially if the WebUI might be exposed for remote access and thus should address #29 and #31.
• rework of the main API description page to contain more detailed documentation about every API function including their supported parameters including links with a forwarded session id identifier.
• added new option to run programs with condition check (#60)
• unify behaviour regarding virtual remotes and add query parameter (#11)
• retrieve min/max values only when sysvar is numeric (#46)
• updated mastervalue.cgi to fix #19 (#58)
• LastDPActionTime added to output of state.cgi (#52, #47, #48)
• add substitution for %5E (^) (#64)
• Allow values for combined parameters (#69)

Full Changelog: 1.22...2.0
_{6311b2a40d18bace8d154f1270df620c1592eb374709db681ede23cf9e1d6f27 xmlapi_addon-2.0.tar.gz}