How to revoke access given to an App that uses the new API?

  • 16 September 2018
  • 8 replies
  • 480 views

Userlevel 1
Hi there, the new API that was just announced is great!

External apps/services (e.g. IFTTT) can be given access to my Sonos system:

"This gives XXXX permission to:

See what your Sonos is playing
Change playback and volume on your Sonos
Change your Sonos rooms and groups
Play your Sonos favorites and playlists"

But how do I revoke the access to my Sonos system when I no longer want IFTTT to access it?

Kind regards, Klaas.

This topic has been closed for further comments. You can use the search bar to find a similar topic, or create a new one by clicking Create Topic at the top of the page.

8 replies

Userlevel 7
Badge +20
In IFTTT go to Services -> Sonos -> Settings and click on 'Disconnect Sonos'.
Userlevel 1
It was a friends IFTTT account and I don't want him to control my Sonos. This means he is in charge?
Userlevel 7
Badge +20
It was a friends IFTTT account and I don't want him to control my Sonos. This means he is in charge?
Ask your friend to follow the steps I outlined, from their IFTTT account. That's the easiest way to proceed.

I don't know of a way of disconnecting your Sonos account from the Sonos end, although Sonos support will have a 'back door' mechanism of some sort if that's required.
Userlevel 7
Badge +21
Yeah, time for Sonos to add that functionality to their "My Account" pages... now that you can link Sonos with other services, there should be a way to manage those links from Sonos' end, in case it's not possible to do so from the other end.

"You have connected Sonos to the following services. If you want to remove one or more of the services from having access to your Sonos account, select the service(s) and press the 'Disconnect' button below."
Userlevel 1
@MikeV ? Yep, that seems to be pretty common in other systems that use OAuth: https://www.oauth.com/oauth2-servers/listing-authorizations/
Userlevel 7
Badge +21
It is also a required feature so that developers can test registration against the Cloud API, unless Sonos expect us to create an infinite amount of accounts to test against. There has to be an unregistration page somewhere?
I think its quite a big security hole. If I (as a developer) create an app and you (as a user) start using my app, I now have control over your sonos system and there is no way you can stop me being able to control it. I could send requests to start playing in the middle of the night at full volume etc

Being able to revoke apps should really be added to the my account page
Userlevel 7
Badge +21
Totally agree.