Since June 2019, most requests (with exceptions like /setup/eureka_info ) need a local authorization token.

There are 3 kinds of tokens involved here:

Local Authorization Token

This token must be sent in all requests in the header cast-local-authorization-token . It is short-lived (~1 day) and may change unexpectedly (with a sync, change in homegraph, etc.)

Get this token

With access to an android device, get this token directly by either method.

Without a device, or to integrate it with a script, use an access token to get the homegraph and extract the token. To get an access token, read the next section. Check the example section for more info.

Access Token

This is a standard google oauth2 access token. It is in the form ya29.*** . This gives access to the Google Home Foyer API. These expire in an hour. Use this to get the homegraph (and then the local authorization token above).

Get this token

To get this access token, either a Google account username/password or a Google Master Token is needed. More info in the gist. Use the script from this gist.

Master Token

This is in the form aas_et/*** and can be used to request access tokens.

Get this token

The same script in the gist that gets the access token can also get the master token. Needs Google account creds.