📖 Apps SDK Reference 🌍 Web API 🛠 Developer Tools

Permissions

Homey Apps require permissions for certain functionality, learn which permissions exist and how to request them.

Permissions are needed to allow Homey apps to use certain Apps SDK functionality. Most Homey Apps don't need any permissions. In case a permission is not requested by the App, the manager methods that require that permission will throw an error.

Permissions are added to your App Manifest in an array named permissions.

/.homeycompose/app.json
{
  "id": "com.athom.example",
  // ...
  "permissions": [
    "homey:wireless:ble",
    "homey:app:com.athom.example"
  ]
}

An app should only request permissions it actually needs to function.

Apps will not automatically update on Homey when new permissions are added.

Available permissions

The following is a list of the permissions that an app may use.

Permission

Description

homey:manager:api

Allows an app to use the ManagerApi methods to communicate with the Homey Web API.

homey:manager:geolocation

With this permission an app can use ManagerGeolocation to get the current location of the Homey.

homey:manager:ledring

Allows interacting with the Homeys LED Ring through ManagerLedring.

homey:manager:speech-output

This permission allows an app to make Homey speak using ManagerSpeechOutput.

homey:wireless:433

With this permission an app can call getSignal433 on ManagerRF to use the 433MHz antenna.

homey:wireless:868

With this permission an app can call getSignal868 on ManagerRF to use the 868MHz antenna.

homey:wireless:ir

With this permission an app can call getSignalInfrared on ManagerRF to send IR signals.

homey:wireless:ble

Enables an app to use ManagerBLE to discover Bluetooth devices and interact with them.

homey:wireless:nfc

Allows an app to use ManagerNFC to be notified of scanned NFC tags

Which apps may use the API permission?

The API permission ("homey:manager:api") allows an app to access the Homey Web API. This web api can be used to control all of Homey (devices, Flows, etc) even if they are not part of the App that requested the permission. This level of access can be used to add new advanced functionality to Homey. However because an app receives complete control over the Homey it is installed on this permission should only be requested when it is the main functionality of your app.

Apps that request the API permission will be reviewed more carefully when published to the App Store. If the permission is not required for your app to function your app submission will be rejected.

As a rule of thumb, only apps that add functionality to Homey that can be categorised in the Tools section, should use the API permission. For example apps that are allowed to use the API permission are: a DIY Home Alarm system, HomeyScript and Device Groups. Examples of apps that should not use the API permission are: those that connect to a physical device, e.g. a branded app for lightbulbs, thermostats etc.

Apps using the homey:manager:api permission are not allowed on Homey Cloud. Read more about this in the Homey Cloud guide.

App-to-app communication

Apps can also talk to each other through their Web API, however you need to define the correct permissions first. Permissions for app to app communication look like this homey:app:<appId>, where the appId is that of the app you want to communicate with. For example homey:app:com.athom.example or homey:app:com.yahoo.weather.

App-to-app communication is not supported on Homey Cloud. Read more about this in the Homey Cloud guide.

For more information about app-to-app communication read the Web API guide.

PreviousInternationalizationNextPersistent Storage

Last updated