"Someone connected to your Netatmo account" email

The Netatmo API is a set of webservices allowing developers and third parties to access Netatmo device's data.
DenisPac
Posts: 3
Joined: 03 Nov 2015, 19:35

Re: "Someone connected to your Netatmo account" email

Post by DenisPac » 03 Nov 2015, 20:10

seitentools wrote:
DenisPac wrote:It is useful to know from where a connection has been done using our credentials.
Why not adding a white list to not raise warnings when the connection comes from one IP of this white list?
Yes it is usefull if someone login to the webgui or the app but not if you get this every time a code ask the API for the data.
Correct. That's why I propose a white list where you put the IP from where your code is querying the API.

seitentools
Posts: 7
Joined: 03 Nov 2015, 19:44

Re: "Someone connected to your Netatmo account" email

Post by seitentools » 03 Nov 2015, 20:17

DenisPac wrote:
seitentools wrote:
DenisPac wrote:It is useful to know from where a connection has been done using our credentials.
Why not adding a white list to not raise warnings when the connection comes from one IP of this white list?
Yes it is usefull if someone login to the webgui or the app but not if you get this every time a code ask the API for the data.
Correct. That's why I propose a white list where you put the IP from where your code is querying the API.
As long its done in the code(er) and not by the user i'm ok with that solution :)

sarakha63
Posts: 7
Joined: 15 Dec 2014, 01:19

Re: "Someone connected to your Netatmo account" email

Post by sarakha63 » 03 Nov 2015, 21:08

That wont happen. It would be very dangerous to allow a program to update a white list itself

seitentools
Posts: 7
Joined: 03 Nov 2015, 19:44

Re: "Someone connected to your Netatmo account" email

Post by seitentools » 03 Nov 2015, 21:13

Not if you only can only edit the IPs over dev.netatmo or am I wrong?

berkinet
Posts: 17
Joined: 07 May 2013, 17:34

Re: "Someone connected to your Netatmo account" email

Post by berkinet » 03 Nov 2015, 21:13

The API settings for the application should define: 3 options: never send login emails; always send login emails; respect the user setting.

trosenblatt
Posts: 233
Joined: 18 Sep 2012, 12:18

Re: "Someone connected to your Netatmo account" email

Post by trosenblatt » 04 Nov 2015, 09:26

The fact is that application that use user credentials on every request are not respecting what has to be done with oauth2 :
Indeed application have to use the user credential only once, in order to retrieve a user refresh_token. This token has to be stored and used later to refresh the access_token. The application has then to forget the user credentials.

In that case the user will receive an email only once, and this is exactly what we want.
Letting the application creator decide if its application sends mail or not on login is not a good security option.
Thomas Rosenblatt, Netatmo Team.

SebDel
Posts: 10
Joined: 07 Jul 2015, 11:13

Re: "Someone connected to your Netatmo account" email

Post by SebDel » 04 Nov 2015, 10:05

Hello,

For me, sames alerts, 245 at this times.
IP Indicated isn't good. I thing that DNS Problems on server netatmo host application.
Begin à 15h30 GMT.
Thanks for your action.
Sébastien

funjuju
Posts: 2
Joined: 04 Nov 2015, 10:45

Re: "Someone connected to your Netatmo account" email

Post by funjuju » 04 Nov 2015, 10:47

Same for my every 15 min

seitentools
Posts: 7
Joined: 03 Nov 2015, 19:44

Re: "Someone connected to your Netatmo account" email

Post by seitentools » 04 Nov 2015, 11:30

trosenblatt wrote:The fact is that application that use user credentials on every request are not respecting what has to be done with oauth2 :
Indeed application have to use the user credential only once, in order to retrieve a user refresh_token. This token has to be stored and used later to refresh the access_token. The application has then to forget the user credentials.

In that case the user will receive an email only once, and this is exactly what we want.
Letting the application creator decide if its application sends mail or not on login is not a good security option.
This mean I have to save the refresh_token on my Server in a database? It's a good way for a webapplication but not for a desktop application. The user credentials are already saved on the users PC and not on a server.

LuftikusA380
Posts: 9
Joined: 26 Jan 2014, 21:32

Re: "Someone connected to your Netatmo account" email

Post by LuftikusA380 » 04 Nov 2015, 12:37

Since yesterday afternoon, I received about 100 mails :o
How can this be stopped?! The given IP is mine, stop spamming me, please!

Post Reply

Return to “Netatmo API”