Skip to content

Introduction

Command organization

HTTP commands in LK 3.5+ devices are organized into several endpoints, each responsible for a specific functional area of ​​the device. Most commands use the GET method and are sent to one of the following endpoints:

  • /stm.cgi
  • /outs.cgi
  • /inpa.cgi
  • /eeprom.cgi

Some operations use the POST method and are grouped under the endpoint:

  • /post.cgi

These include, among others, sched_save (saving schedule settings) and oled_save (saving OLED display settings).

Multiple commands can be executed within a single HTTP GET request by combining parameters using the & character.

The ability to combine multiple commands in a single request is available only to users with administrator privileges.

The total length of the parameter string together with assigned values (the part of the URL following the ? character) must not exceed 666 characters.

Example:

/outs.cgi?out0=1&out1=0&pwm0=1

In addition to the endpoints listed above, there are also URLs that provide specific device functions, such as downloading a configuration backup:

  • GET /lk3_settings.bin

Authentication and authorization

The device can be secured with HTTP Basic Authentication. When authentication is enabled, every HTTP request must include an Authorization header with valid login credentials.

The only exception is the /post.cgi?signin endpoint, which is used to verify login credentials and does not require prior authentication.

The set of available commands depends on the user's access level:

Access Level Permissions
Administrator (admin) Access to all device commands and functions.
User (user) Access to commands controlling outputs (OUT, PWM) and EVENT variables.
Control users Same command range as user. This account type is intended exclusively for controlling the device through the API and cannot be used to log in to the web interface.

Users other than administrators can execute only the commands available for their access level. Attempts to perform unauthorized operations will be rejected.

Login (credential verification)

The API provides a method for verifying login credentials by sending a username and password in JSON format.

To perform verification, send an HTTP POST request to:

[IP]/post.cgi?signin

The request body must contain JSON data, for example:

{"username":"admin","password":"admin"}

The response has the following format:

{"access":X}

where X represents the access level:

  • 0 – no access (incorrect login details),
  • 1admin access,
  • 2user access.

This endpoint does not require the Authorization header and operates independently of the HTTP Basic Authentication setting.

The endpoint is used by the web interface, which verifies the username and password using JavaScript mechanisms without triggering the browser's built-in HTTP Basic Authentication login dialog.