Introduction
In April 2022 I had a PV system installed, with a local Enphase Envoy as part of the configuration.
The Enphase Envoy acts as a management gateway for the Enphase system. Collecting, storing and forwarding data to Enphase for the consumer Enlighten datapool and application.
My installation consists of an IQ Combiner; but I believe these instructions are valid for any Envoy running software greater than version 7. At the time of writing my Envoy is running D7.0.85.
Some history
I was interested in the raw data coming from the PV system. During vendor selection I reviewed the access and APIs available; and Enphase seemed to have a good mix of capabilities.
At some point in late 2021/early 2022 access to a local Envoy gateway was changed to require a JWT access token. This caused many home automation and data logging integrations to break. The documentation from Enphase showed how to interactively get the token and login. I found no documentation on doing this automatically through code.
After much reading, reviewing multiple blogs and github repos, and trial and error – I have this now working.
Authentication flow
Firstly, there’s a lot of head scratching on this approach from Enphase. Yes – it protects access behind a token, but it’s all intended for interactive work. I can only surmise that the market for this is not the home integrator or API data scraper. I see Enphase pushing that persona towards the Enlighten API v4 – which has a different set of issues (which I’ll write about in the future).
So the flow:
- login, using Enphase username/password, to the Enphase Entrez token service
- get a JWT access token
- post this JWT to the local envoy
- get data
The third step of this, posting the JWT to /auth/check_jwt, does not seem to be documented anywhere.
Also, and most troubling, the JWT itself is returned as part of the body of a html page. Some regex is needed to extract the specific text string. This has risk in the event that the html document structure changes in the future.
I posted a sample PowerShell script here.
Using this approach, I now have data being pulled from the local IQ Combiner, parsed, posted to a NoSQL database, and then graphed.
Hello,
I’m interested in trying to connect to my Envoy too – Your solution looks very nice and i’d like to thank you for sharing your experience.
Unfortunately, i am stuck at step 2, i don’t know how to get my JWT token. I can connect and login to the Enphase website, but to get the token, i need to enter a system and a gateway, and i don’t know at all what to fill. I tried several names and serial number for the system, but the gateway dropdown menu stays with only “select gateway” choice, and the get Token button is always greyed. Can you help me with this step please?. Thanks very much!
I have written a Python client for the local API here : https://github.com/Matthew1471/Enphase-API there’s also some local API documentation https://github.com/Matthew1471/Enphase-API/blob/main/Documentation/IQ%20Gateway%20API/General/Production.adoc I will be adding some more documentation over the next few days.
Hello,
it’s very interesting !
I have a solution with ESP8266 to heat my electric boiler water with the sun.
More on https://github.com/gelit/EnphaseReadPowerLive
Local API Token expires in one year !
I am not Oauth guru, my question about Token renewal : I need to adapt your example with https get & post to send 4 parameters (email + password + system + serial_number) … and I will receive new Token ?