This is like if you only want to let a contractor or something to have limited acess during certain times.
In rm make a rule that toggles the garage door on cloud end point
Then make conditions. ‘Only tues and Thursday between 1-4”
Text the “contractor” the link.
There are issues here that could lead to more security problems. The OAUTH token for the entirety of RM exists in that URL. This means that with some knowledge of HE someone could take that link and do almost anything that you do with RM.
Change variables, run/pause/unpause/cancle rules
See this post. https://community.hubitat.com/t/rule-machine-api/
The stance from Hubitat in general has been to not share cloud links with untrusted parties.
Agreed.id rather give contractor that then my opener tho
I would give them the opener then have the whole motor powered off when not in use. Use a zigbee button as an opener in the car that powers on the opener and then sends the open signal.
Or buy a security control panel and make a code for the contractor that only works between certain hours
get a cheap cam (wyze is pretty good), mount it up and monitor it. have the contractor call you and you can remotely unlock the door for them
I would advise against this as well.. the OAUTH key is the same for all cloud dashboards. Wouldn’t be hard to find all of the other dashbaords you have with that one link. Also, for the more experinced, the cloud endpoint for dashboards is exposed and can control any device, in a dashboard or not....
Very good point! I thought each Dashboard had its own OAuth Token. As you pointed out, that is not the case.
Truthfully these weaknesses are why I keep my hub off the net. I have heard rumor that they are working on a new version of dashboards that addresses some of these Issues.
Simply having the dashboard app installed enables the cloud endpoint that can control all devices. Whether any dashboards are cloud enabled or not.
Download the Hubitat app
