DEV Community

Stephano Kambeta
Stephano Kambeta

Posted on

Control Your Home Lights via Termux + HTTP APIs

#homelights #termux #http #api

Want a simple way to switch your lights using only your phone and Termux? Good. This guide shows a clear, practical path. No fluff. You will learn how to send HTTP requests from Termux, how to write a small script that toggles lights, and how to keep things secure. If you already use Termux, this will feel familiar. If you are new, follow the steps and you will get results fast.

What you need

  • An Android phone with Termux installed. (If you need help installing Termux, check my Termux install guide.)
  • A smart light or relay that exposes an HTTP API on your local network. This can be a smart bulb, a smart plug, or a small ESP8266/ESP32 board running a simple web server.
  • Access to your home Wi-Fi network where the light device is connected.
  • Basic comfort with a terminal and editing files.

Why use HTTP APIs

Many DIY smart devices and even commercial bulbs support HTTP commands. HTTP is simple. You can use curl from Termux. No heavy apps. That makes automation and scripting easy. When you control devices with scripts you can add schedules, buttons, or integrate with other Termux projects. If you like quick Termux projects, see Quick Termux projects.

High level flow

  1. Find the device IP and the URL that toggles the light.
  2. Test the API with curl from Termux.
  3. Wrap the curl commands in a small shell or Python script.
  4. Secure the endpoint and your phone.
  5. Make a shortcut or widget for one-tap control.

Step 1 — discover the device and API

First, find the IP address of the light device on your router. You can also use tools like nmap in Termux to scan your local network. Typical devices expose endpoints like:

http://192.168.1.50/on
http://192.168.1.50/off
http://192.168.1.50/toggle
http://192.168.1.50/api/relay/0?state=1

Read the device manual or web UI to confirm the exact path. If the device uses JSON or requires an API key, note that too.

Step 2 — test with curl

Open Termux and install the tools you need:

pkg update && pkg upgrade -y
pkg install curl jq python -y
pip install requests

Try a simple test. Replace 192.168.1.50 with your device IP.

curl -s http://192.168.1.50/on
curl -s http://192.168.1.50/off

If the device expects JSON or headers, send them. Example with JSON and an API key:

curl -s -X POST http://192.168.1.50/api/set \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -d '{"relay":0,"state":1}'

If you get a response, you have a working API. If not, check the device docs and your network.

Step 3 — make a small Termux script

Below are two options. Pick the one you prefer. The shell script is tiny and solid. The Python variant is easier to extend later.

Shell script (fast)

cat > light.sh <<'EOF'
#!/data/data/com.termux/files/usr/bin/sh
# Usage: ./light.sh on|off|toggle
IP=192.168.1.50
API_KEY="PUT_YOUR_KEY_HERE"
case "$1" in
  on) curl -s -X POST "http://$IP/api/set" -H "Authorization: Bearer $API_KEY" -H "Content-Type: application/json" -d '{"relay":0,"state":1}';;
  off) curl -s -X POST "http://$IP/api/set" -H "Authorization: Bearer $API_KEY" -H "Content-Type: application/json" -d '{"relay":0,"state":0}';;
  toggle) curl -s "http://$IP/toggle";;
  *) echo "Usage: $0 on|off|toggle"; exit 1;;
esac
EOF
chmod +x light.sh

Run it like ./light.sh on.

Python script (extendable)

cat > light.py <<'EOF'
#!/usr/bin/env python3
import os
import sys
import requests

IP = "192.168.1.50"
API_KEY = os.environ.get("LIGHT_API_KEY", "PUT_YOUR_KEY_HERE")
HEADERS = {"Authorization":f"Bearer {API_KEY}","Content-Type":"application/json"}

def set_state(state):
url = f"http://{IP}/api/set"
data = {"relay":0,"state":state}
r = requests.post(url,json=data,headers=HEADERS,timeout=5)
print(r.text)

if **name**=="**main**":
if len(sys.argv)<2:
print("Usage: light.py on|off|toggle")
sys.exit(1)
cmd = sys.argv[1].lower()
if cmd=="on":
set_state(1)
elif cmd=="off":
set_state(0)
elif cmd=="toggle":
requests.get(f"http://{IP}/toggle",timeout=5)
else:
print("Unknown command")
EOF
chmod +x light.py

Set your API key in the environment when using the Python script:

export LIGHT_API_KEY="your_real_key"
./light.py on

Step 4 — secure your setup

Security matters. Many smart devices ship with weak defaults. Follow these rules:

  • Use API keys or authentication when possible.
  • Limit access to the local network. Avoid exposing the device to the internet unless you absolutely need to.
  • Keep firmware updated. Old firmware often has known vulnerabilities.
  • Use a VPN or a segregated IoT VLAN if you need remote access. My posts on VPNs and which VPNs to use with Termux can help with remote access options.

For more on IoT risks and how attackers think, read Understanding IoT attacks. If you manage small business systems, see the posts about network security tips and cyber security for small companies.

Remote access options

If you want to control lights from outside your home, consider one of these safe approaches:

  • Use a cloud service the device vendor provides and enable secure auth.
  • Use a VPN to connect to your home network before calling the local API.
  • Expose a minimal, authenticated proxy (avoid this unless you know how to secure it).

Do not open raw device ports to the internet. That is a common mistake. You can read more about real-world attacks on vehicles and connected devices in my post about how attackers can control complex systems: Can hackers control self driving cars? The same mindset applies to tiny devices and bulbs.

Automations and ideas

Once you have a working script, you can:

  • Use Termux:Widget to add on/off buttons to your Android home screen.
  • Create cron-like schedules with termux-job-scheduler or use a simple loop in Termux.
  • Integrate with other Termux projects, for example a webhook listener. See turn your Android into a web server for more advanced setups.
  • Combine with network tools like ngrok for temporary secure tunnels when needed.

Troubleshooting

If your script does not work:

  1. Ping the device from Termux: ping -c 3 192.168.1.50.
  2. Check the device web UI from a browser on the same Wi-Fi.
  3. Use curl -v to see HTTP details.
  4. Look at device logs or the router logs to confirm requests arrive.

If you see odd behavior or suspect the device is compromised, stop exposing it and follow steps from my incident response posts: best incident response companies and cyber security planning.

Advanced: secure small API gateway

If you want a safer remote entry point, create a minimal HTTP gateway on a Raspberry Pi or a small VPS. The gateway should:

  • Require a short-lived token or basic auth.
  • Only forward specific commands to local IPs.
  • Log access and rate limit requests.

Do not reuse default passwords. Do not allow open file uploads. If you need deeper hardening guidance, check my posts about threat intelligence and NIST Cybersecurity Framework to align your security steps with industry practice.

Wrap up and next steps

Controlling lights from Termux is practical, educational, and low cost. Start with a local-only setup, test with curl, then make a script. After that, add small automations or a Termux widget for one-tap control. Keep security front of mind. If you are curious about more Termux automation ideas, check quick Termux projects and the many guides on this blog.

Want a ready-to-use script adapted to a specific device model? Paste the device's API examples here and I will adapt the script to match its endpoints. If you need help testing or securing the bridge to the internet, read about VPNs and secure remote access in the links above. For safety and privacy basics, also see operational security.

Control your lights. Keep them secure. Build useful Termux skills along the way.

Top comments (0)