What is the correct way to make sure that a smart lock authorization has been created?

I’m creating on-demand smart lock authorizations (personalized access codes) on each booking. I guess similarly to many other developers.

I’m using the PUT /smartlock/${smartlockId}/auth api endpoint for this.

This API endpoint is by its definition async, so it actually completes earlier than the authorization is actually created on the smart lock.

My question is: how can I be sure if and when the authorization has been enabled on the smart lock?

  1. Should I be calling GET /smartlock/${smartlockId}/auth periodically and check whether the name of my authorization has appeared in the list? If yes, how often can I call it, without haivng adverse side effects (such as batter depletion on the lock)?
  2. Will Nuki’s Web API try to deliver the authorization to the smart lock indefinitely, or is there a ceratin “timeout” after which it gives it up and I have to repeat the PUT operation myself?

Thank you for any help!


Yes, your approach is correct given the asynchronous nature of the API.
Please call the GET auth endpoint within a few minutes to validate if the auth was created, which typically happens within a few seconds when the device is online.

When the auth is created through the API, there is a fast sync which syncs it on the device immediately. If this fails for some reason, then there is a daily sync which syncs all the auths once per day. But the best practice would be to use the Webhooks, if that is a possibility.