Skip to main content

How zendō communicates with Home Assistant

The zendō app establishes a direct connection with your Home Assistant without passing through our servers. The app connects using HTTPS and requires a valid certificate:
  • A valid certificate ensures the app is talking to your actual home
  • Encryption is enabled so no one else can intercept what’s going on in your home
Upon app opening, zendō establishes a websocket connection to your Home Assistant, to listen for status changes and send commands. When using location-based automations, requests are made using the Home Assistant REST APIs, which are also encrypted for added security.

Authentication

During the initial installation of the app, you’ll need to login to your Home Assistant via browser using your username and password; your login details are sent directly from your device to your Home Assistant, zendō doesn’t read or store your login details. Once zendō is activated, it generates an Home Assistant authentication token for each device you add or any invitation link you send. The device-specific tokens are managed within the app. Deleting a device or cancelling an invitation via People & Invitations immediately deletes the corresponding tokens, effectively denying access. Using multiple access tokens ensures the highest level of privacy and security for your Home Assistant when using zendō. Your own Home Assistant authentication token is stored encrypted on your phone/tablet.
I