Critical changes to user access management are introduced in Hue API 1.31. The goal is to give our consumers better control and visibility of which applications currently have access to their system and to further enhance their security.
A major part of this is that the consumer can see a complete overview of all apps that have either local or remote access towards their hue system at any time by visiting https://account.meethue.com/apps, here they can review the apps with access and remove access to apps which are no longer needed. For transparency towards the user it becomes vitally important to use an easily identifiable name when creating your whitelist entries.
Furthermore, we’ve closed down several aspects of the Hue API to prevent applications interfering with each other or creating additional entries:
- Simulated pushlink via local API commands to gain Hue system access is disabled. It is important to prevent malicious apps to create numerous whitelists.
- Prevent one app from accessing another app’s application-key (whitelist entry) via API commands. Existing whitelist entry is extended with a new ID (application-id). This application-id is visible to other apps while application-key is visible only by the creating app.
- API command to delete a whitelist entry is removed. This can now be done via https://account.meethue.com/apps.
- Accuracy of “Last use date” as reported in /config/whitelist is improved from 15 minutes to 1 second.
Additional enhancements will be done in upcoming API releases. We will keep you posted.