HTTP Response Code 401 means Unauthorized

[ClifHouck]

Based on the HTTP protocol, a status code of 401 means an unauthorized request was made. However, somecomfort seems to interpret this code to mean the client is being rate-limited by Honeywell's server. I ran into this when I typo-d my password. Seems counter-intuitive to immediately assume 401 means rate-limiting is happening.

[ClifHouck]

Mainly refering to this line: https://github.com/kk7ds/somecomfort/blob/master/somecomfort/client.py#L405

[kk7ds]

Definitely agree it's counter-intuitive, but that behavior is based on my experience with it in practice. Their API is really not well-behaved in any way, and they pretty much return 401 for just about everything. Since you can sometimes get a 401 just because you hit something (even like the KeepAlive) too quickly, and then shortly thereafter continue to use the API with the same credentials, it's really hard to tell a useful difference between responses :/

[ClifHouck]

Understandable. Wish Honeywell would actually create an official publicly consumable API for their thermostats.

Maybe update/change the exception thrown to call out the ambiguous way Honeywell uses 401?

[JerryWorkman]

The exception message is more descriptive but not accurate. "somecomfort.client.APIRateLimited: You are being rate-limited. Try waiting a bit." Yet I can login with a web browser after that.