Delete old PINs via Curl


maybe I don’t understand certain things, or maybe I’m really stuck.
But sometimes it seems to me that the documentation needs more examples, because I rarely get anywhere with the information available.

However. i have managed to create PINs for various devices that are time-limited. These PINs can be created by customers themselves, including time windows. So far so good.

Of course i would like to delete the expired pins. in the documentation you can find:

> If the PIN is created correctly you get an empty reply. In order to access the PIN later on you got to get its authId:


Use the id of the auth for the PIN_NAME you created as PIN_ID.

What is meant here?
I entered a PIN “name” when I created it. Is this what is meant by PIN_NAME as PIN_ID? Is this the same??

Two lines before it talks about an AuthID.
But I do not access the function when creating that I get the AuhtID. What for?!

Is it possible to get the AuthID afterwards?
Or is it possible to delete PINs without AuthID? Just with SmartlockID and the PIN name?



The best way to test things out is at
where you can find all the available endpoints with parameters and data models.

Where you can see what values are set for an authorization by checking e.g.

GET /smartlock/auth

and the “Model” view there:

DELETE always needs the ID of the device and of the authorizations

DELETE /smartlock/{smartlockId}/auth/{id}

The example should show step-by-step which values are set and which values have to be retrieved (i.e. you set a name and then can get the ID of the auth when checking for the new authorization with that name).
Handling is a bit easier here with the Advanced API endpoints (see also Nuki Developers)

Hi Stephan,

i know all these URLs, but that doesn’t mean it will help you. I also notice this in many questions in the forum. What I just can not understand. However…

I follow your instructions and first do the command on Swagger UI
get /smartlock/{smartlockId}/auth

The fields under Parameters are filled:
smartlockId: xxxxxxxx
types: 13 (because I want to delete them later)

I also get all (currently) 4 entries back under Response, such as:

    "id": "6xxxxxxxxxxxxxxxxxxxxxxxx",
    "smartlockId": 9xxxxxxxxxxxxx,
    "authId": 33,
    "code": 887788,
    "type": 13,
    "name": "WebBest10-OP",
    "enabled": true,
    "remoteAllowed": false,
    "lockCount": 0,
    "allowedFromDate": "2022-03-16T16:58:00.001Z",
    "allowedUntilDate": "2022-03-16T17:58:00.001Z",
    "allowedWeekDays": 0,
    "allowedFromTime": 0,
    "allowedUntilTime": 0,
    "creationDate": "2022-03-16T17:38:41.000Z",
    "updateDate": "2022-03-16T17:38:43.905Z"

The next step is now 4 lines below by means of the command
get /smartlock/{smartlockId}/auth/{id}

According to Parameters Tab there are again two fields:
smartlockID 9xxxxxxxxx
and id: ?? (according to description: The smartlock auth unique id)

From the first output, this would be the value under “authId” with the content “33”.

However, I get the following response back:

“code”: 500,
“description”: “The server encountered an unexpected condition which prevented it from fulfilling the request”,
“reasonPhrase”: “Internal Server Error”,
“uri”: “HTTP/1.1: Status Code Definitions

I also tried with the name of the ID, so “WebBest10-OP”. The result is the same.

Hmm… i tried the id with “6xxxxxxxxxxxxxxxxxxxxx” in the field “id”.
That works.

So… to delete a PIN i have to use delete /smartlock/{smartlockId}/auth/{id} and the id from the smartlock and the id from the PIN. Correct?

For all those who are also looking for a solution, these are the two lines from the output above:

    "id": "6xxxxxxxxxxxxxxxxxxxxxxxx",
    "smartlockId": 9xxxxxxxxxxxxx,

The authId has no meaning in this context.

You are correct, the “authid” here is just a local id on the device, and not a global ID you can use on the Web API endpoints. I will check to improve the wording here to hopefully avoid confusion in the future.

1 Like