HTTP Protocol Reference

The Hypertext Transfer Protocol (HTTP) is the foundation of data communication for the World Wide Web and is the primary way Control It interacts with IoT devices, web services, and APIs.

Supported Features

Methods

GET, POST, PUT, DELETE, PATCH, HEAD, OPTIONS

Security

HTTP and HTTPS (SSL/TLS) with self-signed cert support

Auth

Basic, Bearer Token, API Key (Header/Query)

Network

IPv4, IPv6, Local Network (Bonjour/mDNS resolving)

Authentication Standards

Basic Authentication

Basic Auth encodes a username and password into a Base64 string. Use this format in the Headers section:

Authorization: Basic <Base64-Encoded-Credentials>

Example: To authenticate user `admin` with password `1234`, you would encode `admin:1234` to `YWRtaW46MTIzNA==`.

Bearer Token (OAuth 2.0)

Common for modern APIs. The token is sent in the Authorization header:

Authorization: Bearer <Your-Access-Token>

API Keys

API keys can be passed in two ways, depending on the service:

Header: `x-api-key: 12345abcdef`
Query Parameter: `http://api.example.com/data?key=12345abcdef`

Content & Body

When sending data (POST/PUT), you must specify the Content-Type header so the receiver knows how to parse it. Control It defaults to `application/json` if not specified.

Content-Type	Usage	Example Body
`application/json`	Modern APIs, IoT	`{"on":true, "bri":255}`
`application/x-www-form-urlencoded`	Web Forms, Older APIs	`state=on&brightness=100`
`text/plain`	Simple commands	`POWER ON`
`application/xml`	Legacy SOAP/XML services	`<command>on</command>`

Status Codes

Control It uses status codes to determine if a request was successful.

2xx Success: The action completed (e.g., 200 OK, 201 Created).
3xx Redirection: The client must take additional action.
4xx Client Error: You made a mistake (e.g., 400 Bad Request, 401 Unauthorized, 404 Not Found).
5xx Server Error: The server failed (e.g., 500 Internal Server Error, 503 Service Unavailable).