v1 · Stable

API Reference

The LockSteve API is JSON-over-HTTPS. Every endpoint requires a bearer API key. Keys are scoped to a single organization and respect role permissions.

Authentication

Get an API key from Settings → API keys. Pass it in the Authorization header on every request.

Authorization: Bearer lsk_live_…

Try it now

This demo seeds a full-access key for the Acme tenant. Use it against your local server:

curl -H "Authorization: Bearer lsk_live_demo_acme_full_access_b3a91d27" \
  http://localhost:3001/api/v1/devices

Errors

All errors return a consistent shape:

{
  "error": {
    "message": "Device is offline",
    "code": "http_409"
  }
}

400 Bad request — invalid JSON or missing fields

401 Unauthorized — missing or invalid API key

404 Not found — resource doesn't exist or isn't in your org

409 Conflict — e.g. lock command sent to offline device

429 Rate limited — back off and retry

Devices

GET/api/v1/devices

List all devices for the authenticated org.

Query parameters

type	LOCK \| CAMERA \| THERMOSTAT \| …
online	true \| false
limit	1-100 (default 50)

Example

curl -H "Authorization: Bearer $LSK_KEY" \
  "https://api.locksteve.com/api/v1/devices?type=LOCK&online=true"

GET/api/v1/devices/{id}

Retrieve a single device.

Example

curl -H "Authorization: Bearer $LSK_KEY" \
  https://api.locksteve.com/api/v1/devices/dev_01h4p…

POST/api/v1/devices/{id}/lock

Lock the bolt on a smart lock. 409 if device offline.

Example

curl -X POST -H "Authorization: Bearer $LSK_KEY" \
  https://api.locksteve.com/api/v1/devices/dev_01h4p…/lock

POST/api/v1/devices/{id}/unlock

Retract the bolt on a smart lock.

Example

curl -X POST -H "Authorization: Bearer $LSK_KEY" \
  https://api.locksteve.com/api/v1/devices/dev_01h4p…/unlock

Access codes

GET/api/v1/codes

List PIN codes.

Query parameters

enabled

true | false

Example

curl -H "Authorization: Bearer $LSK_KEY" \
  https://api.locksteve.com/api/v1/codes

POST/api/v1/codes

Create a PIN code for an access user.

Request body

{
  "code": "7421",
  "accessUserId": "usr_01h4p…",
  "deviceId": "dev_01h4p…",   // optional; omit for "all locks"
  "label": "Alice — Front door"
}

Example

curl -X POST -H "Authorization: Bearer $LSK_KEY" \
  -H "Content-Type: application/json" \
  -d '{"code":"7421","accessUserId":"usr_…"}' \
  https://api.locksteve.com/api/v1/codes

Activity

GET/api/v1/events

List recent activity events.

Query parameters

since	ISO timestamp
severity	info \| warn \| error
limit	1-200

Example

curl -H "Authorization: Bearer $LSK_KEY" \
  "https://api.locksteve.com/api/v1/events?severity=warn&limit=20"

Sites

GET/api/v1/sites

List all sites for the org.

Example

curl -H "Authorization: Bearer $LSK_KEY" \
  https://api.locksteve.com/api/v1/sites

Webhooks

Configure webhook URLs in Settings → Webhooks. Every activity event posts JSON to your URL within ~1 second. Each request is signed with HMAC-SHA256 using your webhook secret.

POST https://your-app.com/locksteve
Content-Type: application/json
LockSteve-Signature: t=1740000000,v1=abc123def…

{
  "id": "evt_01h4p…",
  "kind": "UNLOCK",
  "message": "Unlocked by Alice Johnson",
  "severity": "info",
  "actor": "Alice Johnson",
  "device": { "id": "dev_…", "name": "Aspen Cabin #1 - Front Door" },
  "createdAt": "2026-05-28T09:15:32Z",
  "org": { "id": "org_…", "slug": "acme" }
}