Homey Apps require permissions for certain functionality, learn which permissions exist and how to request them.
Permissions are needed to allow Homey apps to use certain Apps SDK functionality. Most Homey Apps don't need any permissions. In case a permission is not requested by the App, the manager methods that require that permission will throw an error.
An app should only request permissions it actually needs to function.
Apps will not automatically update on Homey when new permissions are added.
The following is a list of the permissions that an app may use.
The API permission (
"homey:manager:api") allows an app to access the Homey Web API. This web api can be used to control all of Homey (devices, Flows, etc) even if they are not part of the App that requested the permission. This level of access can be used to add new advanced functionality to Homey. However because an app receives complete control over the Homey it is installed on this permission should only be requested when it is the main functionality of your app.
Apps that request the API permission will be reviewed more carefully when published to the App Store. If the permission is not required for your app to function your app submission will be rejected.
As a rule of thumb, only apps that add functionality to Homey that can be categorised in the Tools section, should use the API permission. For example apps that are allowed to use the API permission are: a DIY Home Alarm system, HomeyScript and Device Groups. Examples of apps that should not use the API permission are: those that connect to a physical device, e.g. a branded app for lightbulbs, thermostats etc.
Apps can also talk to each other through their Web API, however you need to define the correct permissions first. Permissions for app to app communication look like this
homey:app:<appId>, where the
appIdis that of the app you want to communicate with. For example