Ask HN: Is There a Door Lock with an API?

7 points by oellegaard ↗ HN
We're couple of developers who made a company around a year ago and we've now grown to around 8 people and moved into a brand new office.

We've been trying to use modern and integrated solutions for everything (e.g. integrating our sonos with alerts as well as the phillips hue) and we really want everything to work together. However, the solutions I could find for door locks is very enterprisy, expensive and non-integratable.

Is there a cool (startup?) that makes physical door locks with an API/integration, so that we can easily provision new people when they start?

10 comments

[ 2.2 ms ] story [ 37.0 ms ] thread
It sounds really scary to control front door via API and I don't really see a way to implement such a thing securely without a lot of work (running ethernet cable from your front door to air gapped server) and then there is the problem of how you use it. You can't have mobile app that could unlock your door since it would need internet/wifi connectivity which automatically just screams "not secure enough!" to me
There are already solutions from RUKO (Assa Abloy) which lets you do it with your phone, but something with a local server and an ethernet cable should be safe enough IMO. In our case, you still need to de-activate a separate alarm. It's literally just the replacement of the key and anyone can get a lock pick kit on amazon.com anyway :-(
But you have to communicate with the server and if you are outside of the door you can do it either through 3G (Internet) or WiFi.

Which means if users WiFi password is bad anyone can walk in or if your product isn't 100% solid the server can be attacked and security disabled.

I just remember back when I was visiting/"sightseeing" Shackspace, the hacker space in Stuttgart, Germany.

They had built a door lock whose bolt was driven by some microcontroller with a web interface. So they could give out permissions and open the door with their smartphones (important because very large and diverse set of people who want to enter – physical keys would have been impractical).

I was really surprised when there was a glitch and some guy couldn't open the door anymore. The door was bolted, and for a minute or two noone could enter or leave.

I think that was the most blatant (and scary) violation of just about every fire code in existence that I've ever experienced first hand.

They should've used a door strike meant for such things that they would've been able to control with their microcontroller, and then still have a normal knob/lock in place as a failsafe.

A quick google found the sort of setup I'm talking about and a how-to. These are the types of strikes use on commercial setups.

http://www.instructables.com/id/Easy-Bluetooth-Enabled-Door-...

We have a PoC that works with securepass (or the free form https://login.farm) that is able to swap username with the RFID tag id to open a door. We had a sample implementation with a raspberry PI that electrically open a lock with also OTP using RADIUS (and now APIs). Unfortunately nobody understood it .... :-(
Perhaps August Lock? I've never used it so I know very little, but at first glance it does seem to have an API of some sort.
I think August Lock would even take the need for an API away, just need to manage users via existing features. I think it even lets you timebox if you only want certain employees to have 8 - 5 access vs 24 hour access.

However, it'd be an extra step and not integrated with some central employee list so the risk of forgetting to remove someone may be too high if using existing features, so that point may be moot.