The HTTP API is currently in revision, but I’m sorry I can’t give you an exact feature scope or date yet.
To your points:
The Bridge can’t show users of last actions atm due to it not having Admin rights.
This means this would need a complete rebuild of the logic. - We already had a similar request which ended in this feature request:
Invalid code attempts are listed in the activity log - to which the bridge has no access for the same reasons as stated above.
The Bridge does not directly communicate with the Keypad, so all admin action has do be done via the Smart Lock - and I think you already know the restrictions for that.
To sum it up: All admin actions can only be done via Web API (which can be granted those rights) atm.
The main reason for that being that the HTTP API was planned for easy local communication with smart home control centers or similar; with the minimal access rights needed for that task.
I’m going to chime in here. It would be nice if the bridge can provide the digits/number entered by the Keypad. This allows for integration with custom platforms where the keypad and lock can be used independently allow for many more use cases such as integration with existing reservations apps
This is where the keypad is just a device to enter the pin code, the existing apps, authenticate the pin code entered and send an unlock or lock message over the bridge to the locks. This would be far more flexible and allow for a wider range of integration of Nuki products in existing installations/platforms.