Build Your Own IoT Smart Lock with Secure Access Management

4 min read Namratha Subramanya on May 31, 2018
Try PubNub Today

Free up to 1MM monthly messages. No credit card required.

Subscribe to our newsletter

By submitting this form, you are agreeing to our Terms and Conditions and Privacy Policy.

How to build your own connected Raspberry Pi smart door lock, with remote control and access management for granting and revoking permissions.

Upcoming Webinar!

Upcoming Webinar!

Arduino Microcontroller and the Future of IoT

A demonstration of the powerful impact that Arduino microcontrollers are having on smart home devices and a look at the current market space of the Internet of Things.

Register Here →

As the world becomes more connected, the concept of smart locks has taken off, and the prospect of going keyless is starting to resonate the minds of the current generation. Smart Locks not only make your home safe but also give you more control by allowing you to lock and unlock your door remotely.

For as long as humans have tried to lock up stuff and keep their belongings safe, burglars (hackers in this context) have always tried to break into those locks. How does it sound if we say you can build your own smart lock that allows only you to be able to unlock it?

Today’s users expect to interact in real time. PubNub makes it easy for you to add real-time capabilities to your apps, without worrying about the infrastructure. You can build apps that allow your users to engage in real time across mobile, browser, desktop and server. PubNub powers real-time communication for the Internet of Things and smart devices and provides the infrastructure and APIs for communication for any size IoT deployment. And PubNub Access Management makes it all secure.

The full GitHub repo for this project is available here. And here’s a demo of it in action:

What is PubNub Access Manager (PAM)?

PubNub Access Manager extends PubNub’s security framework by providing token-based authorization that allows read and write access control at the user, device and channel level. PubNub Access Manager plays a major role in IoT/home automation device management system where secure data is streaming bi-directionally between registered devices and IoT devices like bulbs, sensors or locks.

Setting Up PAM

To access PubNub Access Manager you need to enable Access Manager in the PubNub Admin Dashboard (sign up first if you haven’t).

Set Access Manager to ON

Set Access Manager to ON


Type ENABLE and click on 'Save Changes'

Type ENABLE and click on ‘Save Changes’

Now you are all set to grant access to the users, groups and channels who can access the data that can be sent or received.

PAM operates completely on grant permission scheme and there are 3 levels of access:

  • Access for all users across all channels
  • Access for all users over a specific channel
  • Access for a specific user over a specific channel

Raspberry Pi

The idea here is to power a simple lock mechanism using Raspberry Pi. You can check out our PubNub blogs on how to get connected with Raspberry Pi and how to get started with Raspberry Pi 2 and Python.

Once you set up Raspberry Pi, install Python and import PubNub into your setup using the command:

pip install Pubnub

Grant Access

In order to perform PAM operations correctly, you must provide administrative authority. In order to perform an administrative function, you need to include secret_key along with publish_key and subscribe_key.

from pubnub.pnconfiguration import PNConfiguration 
pnconfig = PNConfiguration() 
pnconfig.subscribe_key = 'Enter your subscribe key here' 
pnconfig.publish_key = 'Enter your publish key here' 
pnconfig.secret_key = 'Enter your secret key here' 
pubnub = PubNub(pnconfig)

Your key will have your authentication key authKey . This authKey should be unique to your device. At any point during run-time you can set the authKey using setAuthKey() function.

As discussed earlier, there are 3 levels of access in PAM. Smart Locks like many other “Internet of Things” devices are vulnerable to internet hacks. So the highest level of security that can be provided to your Smart Lock using PubNub Access Manager is the channel + authKey level access.

if status.category == PNStatusCategory.PNConnectedCategory: 

This example grants 5 minutes access to a user whose auth_key is ‘Valid_key’ in the channel Raspberry. If a user doesn’t have access and tries to publish, they get a 403 error.

Whereas if you have access to publish you can see the following response for your JavaScript grant code:

    error: false,
    operation: 'PNAccessManagerGrant',
    statusCode: 200

Unlock Operation

Once you grant permission to a user of a specific channel, you can try to publish a message on to the device. If the user is authorized to publish on to the lock, you should be able to unlock the device.

function unlock() {
   var pubnub = new PubNub({
      subscribeKey: 'Enter your subscribe key here',
      publishKey: 'Enter your publish key here',
      authKey: 'Valid_key' // Safe to have a combination of characters
      message: 'Unlock',
      channel: 'Raspberry'
   function (status, response) {
      if (status.error) {
        // handle error
       } else {
        console.log("Message Published");

If you are not a valid user or if you do not have grant access and are trying to break the lock, you get the following error if you are using JavaScript:

{error: true, operation: "PNPublishOperation", statusCode: 403, errorData: Error: Forbidden
    at Request.<anonymous> (…, category: "PNAccessDeniedCategory"}


Access Denied

Wrapping Up

Setting up PubNub using Python on to your Raspberry Pi is simple and straight forward. You can provide user level read or write access using PubNub Access Manager to make your lock highly secure. PubNub authKey makes sure that only you have the privilege to unlock the IoT making it more secure and reliable.

In our next part, we add OAuth 2.0 to make our app even more secure!

More from PubNub

NPP and HIPAA: Notice of Privacy Practices Definition
Healthcare CategoryJan 6, 20235 min read

NPP and HIPAA: Notice of Privacy Practices Definition

A Notice of Privacy Practices (NPP) is one of the requirements of HIPAA and helps patients understand their personal data rights.

Michael Carroll

Michael Carroll

HIPAA Violation Examples
Healthcare CategoryJan 5, 20236 min read

HIPAA Violation Examples

HIPAA violations can be financially expensive and devastating to a brand. Examine some examples of HIPAA violations, and learn...

Michael Carroll

Michael Carroll

HIPAA Technical Safeguards: How To Protect Sensitive Data
Healthcare CategoryJan 5, 20236 min read

HIPAA Technical Safeguards: How To Protect Sensitive Data

HIPAA covered entities must follow the five technical safeguards to achieve HIPAA compliance and prevent data corruption.

Michael Carroll

Michael Carroll