Open lock via temp key
Validates a temporary key (expiration, usage limits, authorization) and sends an OpenLock command to the LockAggregate Durable Object. On success, increments the usage counter and redirects back to the temp key page. Public keys need no auth; user-whitelist keys require a JWT with a whitelisted userId.
curl -X POST "https://api.spkey.co/temp-keys/example_string/open" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR_API_TOKEN (JWT)" \
-H "X-API-Key: YOUR_API_KEY"
import requests
import json
url = "https://api.spkey.co/temp-keys/example_string/open"
headers = {
"Content-Type": "application/json",
"Authorization": "Bearer YOUR_API_TOKEN (JWT)",
"X-API-Key": "YOUR_API_KEY"
}
response = requests.post(url, headers=headers)
print(response.json())
const response = await fetch("https://api.spkey.co/temp-keys/example_string/open", {
method: "POST",
headers: {
"Content-Type": "application/json",
"Authorization": "Bearer YOUR_API_TOKEN (JWT)",
"X-API-Key": "YOUR_API_KEY"
}
});
const data = await response.json();
console.log(data);
package main
import (
"fmt"
"net/http"
)
func main() {
req, err := http.NewRequest("POST", "https://api.spkey.co/temp-keys/example_string/open", nil)
if err != nil {
panic(err)
}
req.Header.Set("Content-Type", "application/json")
req.Header.Set("Authorization", "Bearer YOUR_API_TOKEN (JWT)")
req.Header.Set("X-API-Key", "YOUR_API_KEY")
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
panic(err)
}
defer resp.Body.Close()
fmt.Println("Response Status:", resp.Status)
}
require 'net/http'
require 'json'
uri = URI('https://api.spkey.co/temp-keys/example_string/open')
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true
request = Net::HTTP::Post.new(uri)
request['Content-Type'] = 'application/json'
request['Authorization'] = 'Bearer YOUR_API_TOKEN (JWT)'
request['X-API-Key'] = 'YOUR_API_KEY'
response = http.request(request)
puts response.body
{}
{
"error": "Bad Request",
"message": "The request contains invalid parameters or malformed data",
"code": 400,
"details": [
{
"field": "email",
"message": "Invalid email format"
}
]
}
{
"error": "Forbidden",
"message": "You don't have permission to access this resource",
"code": 403
}
{
"error": "Not Found",
"message": "The requested resource was not found",
"code": 404
}
{
"error": "Internal Server Error",
"message": "An unexpected error occurred on the server",
"code": 500,
"requestId": "req_1234567890"
}
/temp-keys/{uuid}/openTarget server for requests. Edit to use your own host.
JWT token from SmartphoneKey authentication. Identifies the B2C user or B2B service.
API key for B2B organization access. Provided during organization onboarding.
Temporary key UUID
Request Preview
Response
Response will appear here after sending the request
Authentication
Bearer token (JWT). JWT token from SmartphoneKey authentication. Identifies the B2C user or B2B service.
API Key for authentication. API key for B2B organization access. Provided during organization onboarding.
Path Parameters
Temporary key UUID
Responses
Lock opened successfully, redirecting to temp key page