# Update package list
sudo apt update
# Install Python 3 and pip
sudo apt install python3 python3-pip python3-venv openssl -y
# Create a virtual environment (recommended)
python3 -m venv /opt/garden/irrigation-api-env
source /opt/garden/irrigation-api-env/bin/activate
# Install Flask
pip install flaskmkdir /opt/garden/irrigation-api
cd /opt/garden/irrigation-api
# Generate certificate (valid for 1 year)
openssl req -x509 -newkey rsa:4096 -nodes \
-out server.crt -keyout server.key -days 365 \
-subj "/C=US/ST=State/L=City/O=Organization/CN=localhost"
# Set proper permissions
chmod 600 server.key
chmod 644 server.crt# Set a strong API token (change this!)
export IRRIGATION_API_TOKEN="your-secure-random-token-here"
# To make it persistent, add to ~/.bashrc or create a .env file
# Ensure this is in the "pi" user
echo 'export IRRIGATION_API_TOKEN="your-secure-random-token-here"' >> ~/.bashrcEnsure your directory looks like this:
irrigation-api/
├── irrigation_api.py # The API server
├── irrigation.py # Your existing irrigation script
├── server.crt # SSL certificate
└── server.key # SSL private key
chmod +x irrigation-api.py
chmod +x irrigation.py# Make sure you're in the virtual environment
source /opt/garden/irrigation-api-env/bin/activate
# Export the token if not in .bashrc
export IRRIGATION_API_TOKEN="your-secure-random-token-here"
# Run the server
python3 irrigation-api.pyAll requests (except /health) require a bearer token in the Authorization header:
Authorization: Bearer your-secure-random-token-herecurl -k https://localhost:5000/healthResponse:
{"status": "ok", "service": "irrigation-api"}curl -k -X POST https://localhost:5000/irrigation \
-H "Authorization: Bearer your-secure-random-token-here" \
-H "Content-Type: application/json" \
-d '{"relay": "farbed", "action": "on"}'Relays: farbed, nearbed, mag, plants, valve5, pump1, pump2, all
Actions: on, off, status
Turn on a relay:
curl -k -X POST https://localhost:5000/irrigation \
-H "Authorization: Bearer your-token" \
-H "Content-Type: application/json" \
-d '{"relay": "pump1", "action": "on"}'Check status:
curl -k -X POST https://localhost:5000/irrigation \
-H "Authorization: Bearer your-token" \
-H "Content-Type: application/json" \
-d '{"relay": "all", "action": "status"}'Turn off all relays:
curl -k -X POST https://localhost:5000/irrigation \
-H "Authorization: Bearer your-token" \
-H "Content-Type: application/json" \
-d '{"relay": "all", "action": "off"}'To run the API server automatically on boot:
sudo nano /etc/systemd/system/irrigation-api.service[Unit]
Description=Irrigation REST API Server
After=network.target
[Service]
Type=simple
User=YOUR_USERNAME
WorkingDirectory=/opt/garden/irrigation-api
Environment="IRRIGATION_API_TOKEN=your-secure-random-token-here"
ExecStart=/opt/garden/irrigation-api-env/bin/python3 /opt/garden/irrigation-api/irrigation-api.py
Restart=always
RestartSec=10
[Install]
WantedBy=multi-user.targetsudo systemctl daemon-reload
sudo systemctl enable irrigation-api
sudo systemctl start irrigation-api
sudo systemctl status irrigation-api- Change the default token - Use a strong, random token
- Firewall - Restrict access to port 5000 to trusted IPs only:
sudo ufw allow from TRUSTED_IP to any port 5000
- Self-signed certificate - The
-kflag in curl bypasses certificate validation. For production, consider using Let's Encrypt - HTTPS only - Never expose this API over plain HTTP
Check logs:
sudo journalctl -u irrigation-api -fTest irrigation.py directly:
./irrigation.py -r farbed -a statusCheck if port is listening:
sudo netstat -tulpn | grep 5000