The Begining

Nearing the close of 2017 with an increasing number of Github issues most of which were not in fact isssues but mis-configurations by the user, we recognized the fact that we were not the most user friendly software. To deal with the increasing number of issues on Github several users voluntered and so the Colloborators chat was born. This group of people while may not be pushing a lot into the codebase became the go to support team. From triaging issues on Slack to Github issues, to updating and maintaining install documentation. This lead to many discusssions behind the scenes about what we could do to improve the user experience. We started experimenting with Github Teams, NPM organizations and different Github solutions. Eventially we determined that we all saw a future where we have a homebridge website, an official logo, and a verified plugin program. We started working on all this behind the scenes but before we could go live with it life took over. Most of us pushed these ideas to the back of our heads. Before we all had forgotten we had gotten the homebridge website live, had a logo and secured the Homebridge username and NPM organization.

Edit:

This is a work in progress. Since I am retiring my repo I will try reformatting this and rewriting some of it regarding the old info. Expect a new post since it appears Ring may have redone their API. This is a compilation of all my research I have done into the Ring API for use in a Ring Component for Home Assistant and a Ring plugin for Homebridge.

Starting a Live Stream

From the server it uses SIP, it sends back a Message header that seems just to be confirming the original SIP information, almost like the server is using a “reply’ button on an email. However the SIP Message Body is were all the info is for obtaining access to the feeds.

Start

First thing is to evaluate the flow of the Ring API.

Get Credentials

“Hardware id” is the serial number of your Mac, it is necessary to include in the body however it doesn’t check for Authenticity

curl -X “POST” “https://api.ring.com/clients_api/session” \ -H “Accept-Encoding: gzip” \ -H “Accept: /” \ -H “Content-Type: application/json” \ -H “Host: api.ring.com” \ -H “User-Agent: Ring/0.67 (Mac OS X Version 10.12.4 (Build 16E195))” \ -H “Accept-Language: en-US;q=1” \ -u [enter username]:[Enter password] \ -d $’{ “device”: { “metadata”: { “api_version”: “10”, “app_installation_date”: “2017-06-01 11:06:51 +0000”, “app_version”: “v0.67 (92)” }, “hardware_id”: “000000000000”, “os”: “osx”, “app_brand”: “ring” } }’

I was able to bypass Wink’s SSL pinning and was able to successfully intercept the traffic between the Wink app on my iPhone 6s and their API. This page will be dedicated to my findings and I will be giving cURL commands that can be run, and then explain what sort of data is being returned. This post will be sorted in chronological order in what requests the app sends. When trying to change the state of a lightbulb it first tries to connect with the hub locally and then it forwards the request on to their API.