Core: August component does not load because of invalid API key

I'm getting the same exact error. It happened to me on 74.0 this evening. Home assistant successfully unlocked the door for me at about 5:15PM EST, and then about an hour later when we left, I noticed my automation didn't lock my door. Upon further investigation, I'm getting the same errors as OP. Just wanted to confirm this does not seem to be a one-off.

EDIT: I also upgraded to 75.2 this evening in an attempt to fix it, but that did not work. Also deleted my august.conf file, and since I run into issues with HA accepting my passwords, I changed my August Password and updated my config and still getting the same error.

The api key is received from the August api during authentication, so it's probably the api key refresh logic that needs to be fixed, not just replacing a hard coded key with another key.

The api key is generated at least the first time you login, ie the first time the component was setup with your credentials. Removing the auth cache might force a new attempt to generate api key, after restarting home assistant.

The auth cache file is in the config directory and named:
.august.conf

Note that it's hidden.

Make sure you backup your auth cache file before trying this, so you can go back to previous state of needed.

If a new api key needs to be generated when the old one expires, that problem needs to be fixed first in the py-august library.

@MartinHjelmare
What you are referring to is the token, not the API key which is hardcoded. Removing the config file does not work since it only stores the token

Sorry, I misread this issue.

I'm experiencing the same issue. Since this morning I am no longer able to use the component. I attempted to change the API key as indicated above but was getting a 403 forbidden error on my frontend.

@snjoetw has the API access been removed?

I'm also having this issue. It started yesterday after an HA reboot, while I was making unrelated config changes. I tried deleting my .august.conf file and instead of the configurator popup asking for the verification code, I now get the error: "403 Client Error: Forbidden for url: https://api-production.august.com/session" on my frontend.

I also tried poking around the API using Postman. Sending a POST to https://api-production.august.com/session using the API key that @gary-reyes noted in his OP, and a randomly generated UUID. The response body comes back with this:

{ "installId": "<removed>", "applicationId": "", "userId": "<removed>", "vInstallId": false, "vPassword": true, "vEmail": false, "vPhone": false, "hasInstallId": true, "hasPassword": true, "hasEmail": true, "hasPhone": true, "isLockedOut": false, "captcha": "", "email": [], "phone": [], "expiresAt": "2018-12-06T19:43:11.574Z", "LastName": "", "FirstName": "" }

and also returns a x-august-access-token response header.

Using the x-august-access-token, I sent a GET to https://api-production.august.com/session and response body was:

{ "code": "MethodNotAllowedError", "message": "GET is not allowed" }

I'm able to help run any other tests, if needed to assist with troubleshooting.

I'm also getting the 403 Client Error. I also get it when using py-august directly. The response code and content received by the _call_api method is:
403 b'{"code":"ForbiddenError","message":"API key is not valid"}'

Just updated the API key: https://github.com/snjoetw/py-august/commit/688ed4e3727447109868d4ed848f3bedc99a00db

I've tested and it seems to work locally, at least I'm able to authenticate myself now. But I can't really tell if all the APIs are still working as I don't own any August product any more.

I'll make a release and hopefully someone can help testing this component

@snjoetw I changed the API key in the .august.conf file but its still not working for me. How would I go about adding your changes as a custom component in home assistant?

using HASS 0.74.0 on python venv and changed the HEADER_VALUE_API_KEY, it now works.

api.py is on /srv/homeassistant/lib/python3.6/site-packages/august/api.py

@accelle17 do you know if this can be done within hass.io?

I am experiencing this same problem.

I ran into problem when I was publishing the new version yesterday. I’ll give it another try tonight.

@manniac if you’re able to change API key manually as @accelle17 suggested you’ll also need to nuke .august and re-authenticate again

I'm also trying to figure out how to make the adjustments with Hassio.. I've never had to use a command interface with it and the stuff I've been looking up has commands being run to fix. Thanks for helping us out, snjoetw! I'm sure I'll figure out how to apply your fix after playing with it enough.. hoping it works for ya tonight!

I have access to the command line within hass.io but cannot locate where api.py would be located.

@jsnyde30 @Maaniac I'm not running hass.io, but in my home assistant docker, the August lock's "api.py" file is located at:
/usr/local/lib/python3.6/site-packages/august/api.py
Try running a find command from your root directory to locate it:
find . -name "api.py"

Changing the API key seems to have worked A-OK for me. Nice when things are simple!

@rfpludwick when I run the docker exec -ti homeassistant /bin/bash command it is asking me for a password. Any idea what that would be?

@Maaniac No idea. I wasn't prompted for one. Also, I removed my comment because restarting the HA Docker container resets that API key anyway, so that's not a good fix for hass.io.

@TimothyLeeAdams no such directory in Hass.io

@gary-reyes How do we apply this fix to HASS.IO ?

@Maaniac I just grabbed a spare Pi and spun Hass.io up on it for testing. Unfortunately, I am not able to find the august component py files either, so far. I'll keep testing and see if I can figure it out.

@rfpludwick I would have expected the file to revert too, as you suggested, but I was able to change the HEADER_VALUE_API_KEY to the new API key that @snjoetw provided, and even after a docker restart, the new key persisted. Still, I believe the API is only used when authenticating anyway, to create the .august.conf file and once that is done, the August component only needs the access token. And since .august.conf is located in the home-assistant config folder, that file is protected.

@TimothyLeeAdams
The API key is sent with each rest command. The access token is sent with each command that requires returning information about the account.

See
https://medium.com/@nolanbrown/august-lock-rest-apis-the-basics-7ec7f31e7874

Ahhh yes, you're correct. My mistake, thanks for the clarification @gary-reyes

I've submitted a PR for this https://github.com/home-assistant/home-assistant/pull/15916. Hopefully this can be released sooner than 0.76

Just updated to HASS.IO 0.78.1 and the issue is back