I have recently created an integration that creates temporary keypad access authorizations on the Nuki device from bookings made in Acuity, and this is working well.
I have a second cron job that runs once per day and attempts to delete any authorizations that have expired (since the nuki device has a limit).
I noticed in the last run that almost all of the expired codes it sent to the API to delete, were not deleted. Without checking them all it seems to have only deleted the first one.
When I tested locally, it seemed to only delete some, and I had to run the script twice to fully clear them all.
I suppose my question is around is this a known issue? Or perhaps i’m hitting some sort of rate limit (I was only trying to delete 25 authorizations). Do I need to add in a delay between requests for example, or perhaps delete in batches?
I’m getting success codes returned in my logs for each delete request (204), but when checking the authorizations are still returned in the GET endpoint so still exist.
I’m a little unsure what is going on and how to approach, asking if there is any experience around this?
The endpoint im using for deleting auth’s is “https://api.nuki.io/smartlock/{{SmartlockId}}/auth/{{Id}}”
Update for anyone having similar issues:
I updated my application to have a delay of 2 seconds between each delete request.
After attempting to delete all of the authorizations, it waits 60 seconds for syncing to happen and then re checks if all were removed (via GET request), and if not it re-try’s once again.
I can see from the last two runs that with the 2s delay, it does seem to delete more authorizations in the first pass - though it still fails to delete all and some remain.
After waiting 60s and re-trying it seems to get the rest. Therefore I would say that there does seem to be a genuine bug here with the API while deleting authorizations. Whilst this is a workaround and it seems to be working at least, it would be advisable for Nuki to investigate and resolve.
I would also suggest it might be a better option to have an endpoint that accepts an array of id’s to be deleted in one request, rather than have to send 25 requests in a loop when deleting in bulk. It might be able to be done in a more controlled fashon on the server, especially with syncing between the device if its done in one request. Just a suggestion.
I will continue to monitor, since I only have two runs with the new setup. Hopefully this info helps anyone else. It does unfortunately still feel like crossing fingers and hoping it works!