Back to Work

Smart Lock Management System

Industry: IoT / Hardware
Year: 2021

Enterprise-grade device management platform for connected lock systems

The Challenge

A national lock manufacturer was launching a new line of smart locks for commercial properties—think apartment buildings, office complexes, and hotels. They had the hardware figured out, but needed a robust backend system to manage thousands of devices, complex permission hierarchies, and integration with existing property management systems.

The challenge wasn't just technical—it was organizational. Property managers needed simple controls, while enterprise customers required granular audit trails and compliance reporting. The system needed to handle real-time device communication, offline-mode fallbacks, and security that could withstand determined attackers trying to gain unauthorized physical access.

Our Approach

We started by understanding the physical security model: who needs access to what, when, and how those permissions should flow through an organization. We mapped out user roles (property manager, tenant, maintenance, temporary guest) and built a permission system that was powerful but not overwhelming.

Security was paramount. We designed the architecture with:

  • Defense in depth: multiple layers of authentication
  • Zero-trust model: every request verified, even internal ones
  • Comprehensive audit logging: who did what, when, from where
  • Encryption for all device communication
  • Rate limiting and anomaly detection to prevent brute force attacks

We built the API-first, treating the web dashboard as just one consumer of the system. This allowed the manufacturer to build their own mobile apps and integrate with third-party property management platforms using the same secure foundation.

The Solution

We delivered a cloud-based device management platform with both web and API interfaces:

Core Platform

  • Device Management: Real-time status monitoring, firmware updates over-the-air, battery level tracking, and automatic alerting for offline devices
  • Access Control: Role-based permissions with time-based restrictions, temporary access codes, and emergency override protocols
  • Audit & Compliance: Immutable access logs, exportable reports for compliance requirements, and anomaly detection alerts
  • Multi-tenancy: Complete isolation between different property management companies while sharing infrastructure
  • API Gateway: RESTful API with comprehensive documentation, webhook support for real-time events, and rate limiting

External Integrations

  • Property management systems (AppFolio, Buildium)
  • Single sign-on (SSO) via SAML and OAuth
  • Calendar systems for automated access scheduling
  • Alert systems (SMS, email, Slack, PagerDuty)

The platform handled both online and offline scenarios gracefully. Locks could operate independently if connectivity was lost, syncing changes when back online. We built in conflict resolution to handle edge cases where offline changes contradicted online permission updates.

Results & Impact

Complete IoT device management platform: provisioning, monitoring, OTA firmware updates

Zero security breaches or unauthorized access incidents

Sub-200ms API response times with 99.9% uptime

Offline-capable architecture with automatic sync and conflict resolution

Integrations built for AppFolio, Buildium, and SSO providers (SAML/OAuth)

Comprehensive audit logging meeting enterprise compliance requirements

Technologies Used

Node.jsTypeScriptPostgreSQLRedisAWS (ECS, RDS, ElastiCache)MQTTDockerKubernetesOAuth 2.0 / SAML
Previous Project

Telehealth Platform

Healthcare

Next Project

Live-Streaming Social Platform

Media & Entertainment