[Support]: Home Assistant Notification API authentication

[mattenz]

Describe the problem you are having

I've recently realised that I had the "Enable the unauthenticated notification event proxy" option enabled in the Frigate HA integration which means that technically, the event clips are available without authentication on my HA instance that is available over the internet. While it's pretty unlikely that someone is going to guess the necessary eventID and if I enable the expiration of these events, that's further security but I'm never hugely keen on the idea of security by obscurity.

Obviously, when I disable that feature, I'm no longer able to get the notification assets without authenticating on the API. However, using a long lived access token from HA and providing an authentication object in the header does not seem to be sufficient to authenticate as I get a 403 (Forbidden).

How does one use authentication to access the Notification assets via the Notification API?

Version

0.14.0-da913d8

What browser(s) are you using?

No response

Frigate config file

na

Relevant Frigate log output

na

Relevant go2rtc log output

ba

FFprobe output from your camera

na

Frigate stats

No response

Operating system

Debian

Install method

Docker Compose

Object Detector

Coral

Network connection

Wired

Camera make and model

na

Screenshots of the Frigate UI's System metrics pages

No response

Any other information that may be helpful

No response

[NickM-27]

this would be a question for the integration, not frigate itself. But to answer the question, you need to use the camera token that is an attribute of the camera entity

[mattenz]

Ah sorry, I missed that the integration has a separate page, so I can move my question there instead.

However, with your suggestion, I tried using the camera token both by adding "?token=" to the URI and also in the header but I'm still getting a 403 error

[distante]

Did you managed to do this @mattenz ?

Using the token on the URL would not also be risky?