Skip to content
API Documentation

Becoming an Integrator

If you’re looking to offer your integration to customers, then there are a few steps to follow. The general flow is as follows

  1. Setup your physical devices for testing
  2. Apply for the Advanced API
  3. Develop your integration
  4. Have your integration checked by Nuki
  5. Release!

Test Devices

Section titled “Test Devices”

As the REST API only works with real devices, you will need a physical test device for developing your integration.

Getting Ready

Section titled “Getting Ready”

You must firstly follow the Getting Started steps, including the optional step to apply for the Advanced API. When applying for the Advanced API, make sure to provide as much detail as possible regarding the integration you wish to develop and who your target market is.

Development

Section titled “Development”

Once your Advanced API application has been approved, it will be set to the “TESTING” state during development.

We do not offer a development environment, so you will always be testing against our production environment.

You’ll then begin development of your integration. Feel free to reach out to developer@nuki.io during development if you need any assitance.

Check

Section titled “Check”

Once you believe your integration is ready for use by customers, please get in touch with developer@nuki.io, where we’ll collect some more details regarding your application via a short form.

This aforementioned form contains a few questions regarding your company and integration that we use when potentially showcasing your integration on our website.

In addition to this marketing information, we will ask you some details about your integration, such as

  • Which devices your integration supports
    • Smart Lock/Smart Door, Opener, Box
  • Which accessories your integration supports
    • Keypad, Door Sensor, Fob
  • What actions your integration performs, and which permissions scopes you request

Release

Section titled “Release”

After you’ve submitted the integration form and it has been checked by our team, your integration will be set to “ACTIVE” and is ready for use by your customers. Congratulations!

Requirements of Integrators

Section titled “Requirements of Integrators”
  • The redirect_uri used in the authorization request must be pre-registered and only use HTTPS
  • The authorization code must be exchanged for an access_token and refresh_token from a secure, server-side environment. This process must not expose secrets in a client-side application
  • Access Tokens must be stored securely and used for all API calls. Refresh Tokens must be securely stored and used to obtain new access tokens when the current one expires after one hour
  • The new refresh token which is returned with every access token is securely stored and old refresh tokens are appropriately discarded
  • The integration has appropriate retry handling on all requests for when the access token has expired
  • Inability of the user to obtain a new access token forces a log out and requires the user to re-authenticate the integration
  • Errors are gracefully presented to the user and the user is made aware of what they can do next to remediate the problem
  • Endpoints are asynchronous and the status code returned does not necessarily imply success. Webhooks are utilised to confirm whether the API action was executed successfully
  • First-level support for issues within the integration is offered to the customer. If the issue cannot be solely resolved by the integrator, the integrator contacts Nuki for assistance
  • End-user documentation of how to integrate with Nuki is kept up-to-date

Marketing

Section titled “Marketing”

We’re more than excited to collaborate with our integrators on marketing campaigns. Please get in touch with developer@nuki.io for more information.