Just a quick FYI everyone using curl to make calls into the Nest API.
If you are using curl >=7.58, you may be getting an Unauthorized error from calls to the API that involve redirects. An authentication leak was recently discovered in curl and as of v7.58, custom Authorization headers in curl will not be forwarded on to the redirect URL.
To account for this on curl >= 7.58:
- Use the --location-trusted flag with any command line calls to curl.
- Use the CURLOPT_UNRESTRICTED_AUTH flag for clients using the libcurl library.
More information here: https://curl.haxx.se/docs/adv_2018-b3bf.html
We’ll also add info around this to the Nest API documentation.