Skip to main content

How Zendo communicates with Home Assistant

The Zendo app connects directly to your Home Assistant. Your traffic doesn’t pass through our servers. Connections use HTTPS and require a valid TLS certificate, so:
  • Zendo can verify it’s talking to your Home Assistant
  • your traffic is encrypted, so it’s much harder for anyone else to intercept what’s happening in your property
When you open the app, Zendo establishes a WebSocket connection to listen for status changes and send commands. If you use location-based automations, Zendo also makes requests via the Home Assistant REST APIs (also over encrypted HTTPS).

Why does it need internet access?

You’ll use your phone or tablet at home, on the go, and away from home. Zendo supports remote control, so you can manage your property from anywhere. Remote access is required during sign-up. If you’d rather keep things local afterwards, enable Local Connection once you’re set up. Please see Local Connection.

Authentication

During initial setup, you’ll log in to Home Assistant in a browser using your username and password. Your login details are sent directly from your device to your Home Assistant. Zendo uses the secure, sandboxed browser provided by iOS/Android. We can’t see what you type, and the connection is protected in transit by HTTPS. Once Zendo is activated, it creates a separate Home Assistant authentication token for:
  • each device you activate
  • each invitation link you send
These device-specific tokens are managed in the app. Deleting a device or cancelling an invitation via People & Invitations immediately deletes the corresponding token, which denies access. Your personal Home Assistant authentication token is stored encrypted on your phone or tablet.

Tokens in Home Assistant

You may notice “Zendo” tokens under your account’s long-lived access tokens in Home Assistant. These are created automatically (one per activated device, and one per invitation). Please don’t delete these tokens manually. Doing so will deactivate all Zendo-connected devices, reset the app, and log you out. If you’ve stopped using Zendo and don’t plan to use it again, it’s safe to remove them.

Configuration encryption

Zendo uses end-to-end encryption for your app configuration. The encryption key is stored on your Home Assistant, and only you can access it. We at Zendo can’t access your key. When the app needs your configuration, it fetches the key directly from your Home Assistant and decrypts on your device. The key never leaves your devices.

Encryption key in Home Assistant

You may notice an entity named bn_gnt_elderflower_config_encryption_key in Home Assistant. Zendo creates this automatically to secure your configuration. Please don’t delete this value. If you do, the encryption key is destroyed and the Zendo app will become unusable. Please take a backup of this value. If you’ve stopped using Zendo and don’t plan to use it again, it’s safe to remove it.