A comprehensive solution for controlling Eight Sleep smart beds via physical hardware buttons, bypassing the need for phone app interaction. This project provides multiple approaches for API access, traffic interception, and hardware integration.
This project enables you to control your Eight Sleep smart bed temperature using physical hardware buttons instead of relying on the mobile app. It includes:
- API Client: Direct integration with Eight Sleep's REST API
- Traffic Interception: Multiple methods to capture and analyze Eight Sleep app traffic
- Hardware Integration: Physical button controller with customizable temperature presets
- Bypass Solutions: Tools to handle certificate pinning and authentication challenges
- Direct API Control: Authenticate and control bed temperature programmatically
- Multiple Proxy Methods: mitmproxy, custom TypeScript proxy, and capture scripts
- Certificate Pinning Bypass: Python scripts and alternative approaches
- Hardware Button Simulation: Keyboard-based testing with real hardware integration framework
- Temperature Presets: Configurable cool, neutral, and warm temperature settings
- Dual-Zone Support: Independent control for left and right bed sides
- Environment Configuration: Easy setup with
.envfile support - Comprehensive Logging: Detailed capture and analysis of API traffic
- Node.js/Bun: For running TypeScript components
- mitmproxy: For traffic interception (
brew install mitmproxy) - Eight Sleep Account: Valid email and password
- iOS/Android Device: For initial traffic capture (if needed)
- Hardware Button (optional): GPIO, USB HID, or similar interface
# Clone and install dependencies
cd mitmproxy
bun install
# Install mitmproxy (macOS)
brew install mitmproxyCreate a .env file with your Eight Sleep credentials:
# Copy the template
cp .env.template .env
# Edit with your credentials
vim .envRequired environment variables:
EIGHT_SLEEP_EMAIL=[email protected]
EIGHT_SLEEP_PASSWORD=your-password
EIGHT_SLEEP_CLIENT_ID=0894c7f33bb94800a03f1f4df13a4f38
EIGHT_SLEEP_CLIENT_SECRET=f0954a3e0e9b47348e98fc5f0b2d45c3b4ba1790e65973febc690037bdadceba
# Temperature presets (-100 to 100 scale)
COOL_TEMP_LEFT=-50
COOL_TEMP_RIGHT=-50
NEUTRAL_TEMP_LEFT=0
NEUTRAL_TEMP_RIGHT=0
WARM_TEMP_LEFT=50
WARM_TEMP_RIGHT=50# Test authentication and API access
bun run src/test-eight-sleep-api.ts# Run the main controller with keyboard simulation
bun run index.tsUse keyboard controls:
1- Set to COOL temperature2- Set to NEUTRAL temperature3- Set to WARM temperatureq- Quit
The core API client for Eight Sleep integration:
import { SmartBedAPI } from './src/smartbed-api';
const api = new SmartBedAPI({
email: '[email protected]',
password: 'your-password',
clientId: 'optional-client-id',
clientSecret: 'optional-client-secret'
});
// Authenticate
await api.authenticate();
// Get devices
const devices = await api.getDevices();
// Set temperature
await api.setTemperature({
left: -50, // Cool left side
right: 25, // Warm right side
duration: 3600 // 1 hour (0 for continuous)
});
// Get current status
const status = await api.getStatus();Eight Sleep uses a -100 to 100 temperature scale:
- -100 to -1: Cooling (negative values)
- 0: Neutral/Off
- 1 to 100: Heating (positive values)
The client automatically handles multiple API endpoints:
https://auth-api.8slp.net- Authenticationhttps://client-api.8slp.net- Device controlhttps://app-api.8slp.net- Application API
If you need to capture your own API credentials or analyze traffic:
# Start interactive proxy selection
./start-proxy.sh
# Or run directly
mitmproxy -s scripts/bypass-cert-pinning.py --ssl-insecure# Run custom proxy server
bun run src/proxy-server.ts# Capture to file for later analysis
mitmdump -w captures/smartbed_traffic.flow --ssl-insecure
# Analyze captured traffic
bun run src/find-eight-sleep-traffic.ts-
Install mitmproxy Certificate:
- Start mitmproxy to generate certificates
- Navigate to
mitm.iton your iPhone - Install the certificate profile
- Settings > General > About > Certificate Trust Settings
- Enable trust for mitmproxy certificate
-
Configure HTTP Proxy:
- Settings > Wi-Fi > (i) on your network
- HTTP Proxy > Manual
- Server: Your Mac's IP address
- Port: 8080
Eight Sleep uses certificate pinning, which blocks standard proxy interception. Here are several solutions:
# Use SSL Kill Switch or TrustMeAlready apps
# These bypass certificate pinning automatically# For jailbroken iOS or rooted Android
frida -U -f com.eightsleep.eight -l bypass-ssl-pinning.js --no-pause# Try logging into web interface
bun run src/capture-web-login.tsThe project includes known OAuth client credentials that may work with your account:
EIGHT_SLEEP_CLIENT_ID=0894c7f33bb94800a03f1f4df13a4f38
EIGHT_SLEEP_CLIENT_SECRET=f0954a3e0e9b47348e98fc5f0b2d45c3b4ba1790e65973febc690037bdadcebaThe ButtonController class provides the framework for physical button integration:
import { ButtonController } from './src/button-controller';
const controller = new ButtonController(api, {
coolTemp: { left: -50, right: -50 },
neutralTemp: { left: 0, right: 0 },
warmTemp: { left: 50, right: 50 }
});
await controller.initialize();-
GPIO Buttons (Raspberry Pi):
// Extend ButtonController for GPIO setupGPIOListener(pin: number) { // Implement GPIO interrupt handling }
-
USB HID Device:
setupUSBListener(deviceId: string) { // Implement USB HID event handling }
-
Serial Communication:
setupSerialListener(port: string) { // Implement serial port communication }
-
Wireless Button (ESP32/Arduino):
setupWirelessListener(endpoint: string) { // Implement HTTP/WebSocket listener }
Authentication Failures:
# Verify credentials
bun run src/extract-credentials.ts
# Test different API endpoints
bun run src/test-eight-sleep-api.tsCertificate Pinning Errors:
# Use bypass script
mitmproxy -s scripts/bypass-cert-pinning.py --ssl-insecure
# Check certificate installation
# Settings > General > About > Certificate Trust SettingsNo Traffic Captured:
# Verify proxy settings on device
# Check IP address is correct
# Ensure port 8080 is not blockedAPI Rate Limiting:
# Add delays between requests
# Implement exponential backoff
# Use session token cachingEnable verbose logging:
DEBUG=1 bun run index.ts# Test local network connectivity
./capture-with-ignore-hosts.sh
# Analyze captured traffic
bun run src/find-eight-sleep-traffic.tsmitmproxy/
โโโ README.md # This file
โโโ CAPTURE_GUIDE.md # Detailed capture instructions
โโโ package.json # Project dependencies
โโโ tsconfig.json # TypeScript configuration
โโโ index.ts # Main application entry point
โโโ .env.template # Environment variable template
โโโ start-proxy.sh # Interactive proxy launcher
โโโ capture-with-ignore-hosts.sh # Traffic capture with filtering
โ
โโโ src/ # TypeScript source files
โ โโโ smartbed-api.ts # Eight Sleep API client
โ โโโ button-controller.ts # Hardware button controller
โ โโโ proxy-server.ts # Custom TypeScript proxy
โ โโโ test-eight-sleep-api.ts # API testing utilities
โ โโโ extract-credentials.ts # Credential extraction guide
โ โโโ find-eight-sleep-traffic.ts # Traffic analysis
โ โโโ capture-web-login.ts # Web portal capture
โ
โโโ scripts/ # Proxy and capture scripts
โ โโโ bypass-cert-pinning.py # mitmproxy certificate bypass
โ โโโ capture-smartbed.ts # TypeScript capture module
โ โโโ capture_smartbed.js # JavaScript capture script
โ
โโโ captures/ # Saved traffic captures
โ โโโ smartbed_traffic.flow # mitmproxy flow file
โ
โโโ config/ # Configuration files
โโโ hardware/ # Hardware integration examples
โโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโ
โ Physical โ โ Controller โ โ Eight Sleep โ
โ Button โโโโโถโ Application โโโโโถโ API Service โ
โ (GPIO/USB/etc) โ โ (TypeScript) โ โ (REST API) โ
โโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโ
โ Smart Bed โ
โ Hardware โ
โ (Eight Sleep) โ
โโโโโโโโโโโโโโโโโโโโ
- Button Press โ Hardware interrupt/event
- Event Handler โ ButtonController.onButtonPress()
- API Call โ SmartBedAPI.setTemperature()
- Authentication โ Eight Sleep OAuth/Session
- Temperature Control โ Bed hardware adjustment
- OAuth 2.0: Client credentials flow
- Session Tokens: Temporary authentication
- HTTPS: All API communication encrypted
- Certificate Pinning: Handled by bypass scripts
# Install development dependencies
bun install
# Run type checking
bun run tsc --noEmit
# Run linting (if configured)
bun run lint
# Run tests
bun test- Extend the
ButtonControllerclass - Implement hardware-specific event handling
- Add configuration options to
ButtonConfig - Update documentation with setup instructions
Example GPIO implementation:
class GPIOButtonController extends ButtonController {
private gpio: any;
setupGPIOListener(pin: number) {
this.gpio = require('gpio');
this.gpio.setup(pin, this.gpio.DIR_IN, this.gpio.EDGE_FALLING);
this.gpio.on('change', (channel: number, value: boolean) => {
if (!value) { // Button pressed (falling edge)
this.onButtonPress(channel);
}
});
}
}To add new Eight Sleep API endpoints:
- Add method to
SmartBedAPIclass - Update TypeScript interfaces
- Add usage examples to README
- Test with actual API
# Test API connectivity
bun run src/test-eight-sleep-api.ts
# Test traffic capture
./start-proxy.sh
# Test hardware simulation
bun run index.tsThis project is for educational and personal use. Respect Eight Sleep's terms of service and API usage policies.
- Check the troubleshooting section above
- Review capture guides in
CAPTURE_GUIDE.md - Test API connectivity with provided utilities
- Verify network configuration and certificates
- Can't authenticate: Try password reset and use known OAuth credentials
- No traffic captured: Verify proxy settings and certificate trust
- API rate limiting: Implement request delays and session caching
- Hardware not responding: Check GPIO/USB permissions and drivers
If direct API access fails:
- Use smart plugs to control bed power
- Implement IR blaster control (if bed has remote)
- Reverse engineer Bluetooth protocol
- Contact Eight Sleep support for official API access
Note: This project is not affiliated with Eight Sleep. Use responsibly and in accordance with their terms of service.