Home Assistant Control

You can directly control and read a user's Home Assistant smart home by calling its REST API with curl and the bash tool. This actually turns devices on/off, reads sensors, and runs services — it is not just advice.

Setup (ask once, then remember for the session)

Ask the user for two things the first time they want to control their home:

1. Base URL of their Home Assistant, e.g. http://192.168.1.50:8123 or https://myhome.duckdns.org
2. A Long-Lived Access Token (Home Assistant → profile page → bottom → Long-Lived Access Tokens → Create Token)

Store them as shell variables for the session:

HA="http://192.168.1.50:8123"
TOKEN="eyJhbGciOi..."

Never print the token back to the user.

Verify the connection

curl -s -H "Authorization: Bearer $TOKEN" "$HA/api/" | jq .

Expect {"message": "API running."}.

Read device / sensor states

All entities:

curl -s -H "Authorization: Bearer $TOKEN" "$HA/api/states" | jq -r '.[] | "\(.entity_id)=\(.state)"'

One entity (e.g. a temperature sensor or a light):

curl -s -H "Authorization: Bearer $TOKEN" "$HA/api/states/sensor.living_room_temperature" | jq '{state, attributes}'

Find entities by keyword:

curl -s -H "Authorization: Bearer $TOKEN" "$HA/api/states" | jq -r '.[].entity_id' | grep -i light

Control devices (call a service)

The pattern is POST /api/services/<domain>/<service> with a JSON body naming the target entity.

Turn a light on / off:

curl -s -X POST -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" \
  -d '{"entity_id":"light.living_room"}' "$HA/api/services/light/turn_on"

curl -s -X POST -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" \
  -d '{"entity_id":"light.living_room"}' "$HA/api/services/light/turn_off"

Set brightness / color:

curl -s -X POST -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" \
  -d '{"entity_id":"light.living_room","brightness_pct":40,"color_name":"orange"}' \
  "$HA/api/services/light/turn_on"

Switches, fans, etc. use the same shape with their own domain:

curl -s -X POST -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" \
  -d '{"entity_id":"switch.office_plug"}' "$HA/api/services/switch/toggle"

Set a thermostat temperature:

curl -s -X POST -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" \
  -d '{"entity_id":"climate.hallway","temperature":21.5}' \
  "$HA/api/services/climate/set_temperature"

Run a scene or script the user already built in HA:

curl -s -X POST -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" \
  -d '{"entity_id":"scene.movie_night"}' "$HA/api/services/scene/turn_on"

Guidelines

• Confirm before irreversible or safety-relevant actions (unlocking doors, opening garage, turning off security).
• If you do not know the exact entity_id, list states and grep for it first — do not guess.
• A 401 means a bad/expired token; 404 usually means a wrong entity_id; a connection error usually means the bot host cannot reach the user's LAN (their HA must be reachable from the internet, e.g. Nabu Casa, a reverse proxy, or a VPN/Tailscale).