Generate a Long-Lived Access Token in the Home Assistant user profile page; all API calls require the header Authorization: Bearer <TOKEN>
Test connectivity with GET http://<ha-host>:8123/api/ which returns {"message":"API running"} if the HTTP integration is enabled and the token is valid
Control entities via POST http://<ha-host>:8123/api/services/<domain>/<service> with a JSON body such as {"entity_id":"light.living_room"}; for example POST /api/services/light/turn_on with {"entity_id":"light.x","brightness":200}
Subscribe to state changes in real time using the WebSocket API: connect to ws://<ha-host>:8123/api/websocket, respond to the auth_required message with {"type":"auth","access_token":"<TOKEN>"}, then send a subscribe_events command
Retrieve the current state of an entity with GET /api/states/<entity_id>; retrieve all states with GET /api/states; use the state object's attributes map for entity-specific properties (color, brightness, temperature, etc.)
Trigger automations or scripts directly via the services API: POST /api/services/automation/trigger with {"entity_id":"automation.<name>"} or POST /api/services/script/turn_on
Known gotchas
Long-Lived Access Tokens do not expire but are revoked when the user account is deleted; do not use your personal account token for integrations — create a dedicated Home Assistant user with minimal permissions
The REST API is only accessible on the local network by default; accessing it remotely requires configuring Home Assistant Cloud (Nabu Casa), a VPN, or a properly secured reverse proxy with HTTPS
WebSocket subscriptions are scoped to the connection; if the connection drops, all subscriptions are lost and must be re-established after reconnect — implement reconnection logic with subscription re-registration
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp