Skip to main contentHow zendō communicates with Home Assistant
The zendō app establishes a direct connection with your Home Assistant without passing through our servers.
The app connects using HTTPS and requires a valid certificate:
- A valid certificate ensures the app is talking to your actual home
- Encryption is enabled so no one else can intercept what’s going on in your home
When you open the app, zendō establishes a WebSocket connection to your Home Assistant to listen for status changes and send commands.
When using location‑based automations, requests are made using the Home Assistant REST APIs, which are also encrypted.
Authentication
During initial setup, you’ll need to log in to your Home Assistant via the browser using your username and password. Your login details are sent directly from your device to your Home Assistant; zendō doesn’t read or store them.
Once zendō is activated, it generates a Home Assistant authentication token for each device you add and any invitation link you send.
The device‑specific tokens are managed within the app. Deleting a device or cancelling an invitation via People & Invitations immediately deletes the corresponding tokens, effectively denying access.
Using multiple access tokens helps ensure the highest level of privacy and security for your Home Assistant when using zendō.
Your own Home Assistant authentication token is stored encrypted on your phone/tablet. 
