What features does the LOQED Touch Smart Lock offer with Loxone?

The LOQED Touch Smart Lock & Loxone integration is done via the local bridge API.

Currently, the following functionalities are supported:

  • Send real-time status changes of the lock (open, unlock, lock) to the Loxone server.

  • Receive commands from the Loxone Server to change the lock state (open, unlock, lock).

Create a virtual output to send commands to the lock

1. Create an outgoing bridge API key

Go to https://app.loqed.com/API-Config and log in with your LOQED app e-mail address and password (note that you will be logged out of the LOQED app). Click the “Add new API key” button. Set any name (we use Loxone server) and create the API key. It is normal the “Remove unlocking/locking checkbox is greyed out.

After the API key is created, you should now see four Bridge API URLs, which you need later. Keep this page open.

2. Create a virtual output

  • ⬇ Download the virtual output template

  • Select 'Virtual Outputs' from the Periphery list.

  • Click on 'Device Templates' and click on 'Import Template...'.

  • Select the file you just downloaded to your computer.

  • Click 'Device Templates' again and choose 'LOQED'.

  • Click on the 'LOQED' Virtual Output.

  • Click on 'Address' in the properties tab and change the URL to your bridge IP.
    (Make sure your bridge has a static IP address).

  • Select the 'Latch' item from the Virtual Output

  • Change the 'Command for ON' to the Latch bridge API URL you created in step 1
    starting from /state? It should look like:
    /state?command=DAY_LOCK&local_key_id=[LOCAL_KEY_ID]&secret=[SECRET]

  • Do the same for Night Lock and Open.

3. Testing Virtual Output

Save the configuration to your Loxone server, activate the live view with manual value adjustment, and test if the commands work.

Create a virtual input to receive the lock’s status

The LOQED bridge can update your Loxone server with every status change, even when the App is used, or when you manually open or close the lock. To do so, you need a Virtual Input in Loxone to receive the current status.

4. Creating a virtual input

  • ⬇ Download the virtual input template here

  • Select 'Virtual Inputs' from the Periphery list.

  • Import the virtual input template.
    If you get the error "Error on saving in the target location", please first make the directory "VirtualIn" in the "Loxone\Loxone Config\Templates" directory (case-sensitive).

  • Copy the 'Status' URL from the API page and paste it to 'Settings -> URL
    This should look like: http://BRIDGE_IP/status

  • Set the 'Interval' to '3600' (one hour).

Now, the Loxone server will ask the bridge for the current status every hour.
Currently, there is no way to have Loxone request the current status on startup. So after your server will boot, it will take one hour for the status to appear if the lock itself has not been used within that first hour.

5. Create a status block

Go to “Add function block -> General -> Status” and add the status block (do not use the virtual status block). Configure the block as follows:

Connect the status block to the Virtual Input LOQED_LOCK_STATE by drawing a line and showing the values by enabling the TQ and AQ checkboxes.

6. Create a user

Create a new user “loqed”. The username is case-sensitive and does not support special characters.

Right click User Management and add a new user.

Give this user access to:

  • Loxone Config (on the “Rights” tab)

  • “LOQED_BATTERY” virtual input (on the “Blocks” tab)

  • “LOQEDLOCKSTATE” virtual input (on the “Blocks” tab)

After the user is created, ensure to set a password as well. The password is case-sensitive and does not support special characters.

7. Testing

Save the configuration to your Loxone Miniserver and test if it works by visiting the URL: http://loqed:password@LoxoneServerIP/dev/sps/io/LOQED_LOCK_STATE/2

Replace “loqed” with the username of step 6, and “password” with the password of step 6. Your browser might show an authentication dialog (because your browser is being redirected), enter the same login details there again. Your browser should then show the following output:

<LL control="dev/sps/io/LOQED_LOCK_STATE/2" value="2.000" Code="200"/>

If you do not see the above output, the virtual input is not properly working.
You can also press the “Start LiveView” button and verify that the status of the lock changes to DAY_LOCK.

8. Connect the LOQED API to the virtual input

Go to https://app.loqed.com/API-Config and log in with your LOQED app e-mail address and password (note that you will be logged out of the LOQED app).

  • Create a new 'Outgoing Webhooks via LOQED Bridge'. by clicking Add/Delete webhooks.

  • Re-create the form like the image below. Use your own username, password and bridge IP.

  • Click 'Submit'.

  • Add another outgoing webhook for the battery percentage. URL:
    http://loqed:loqed@192.168.2.53/dev/sps/io/BATTERY_PERCENTAGE/[battery_percentage]

  • Only check 'Battery'.

Now you should have something like this:

Now the lock status and battery percentage will be sent to the Loxone server on every status change.

Security considerations

We highly recommend to only make a local integration between Loxone and LOQED if your Wi-Fi network is properly secured, and you trust all devices with access to this Wi-Fi network. If you cannot ensure this, we recommend using our web API instead (Read the Web API article here).

Technical explanation:

Status updates to Loxone: within your local network, connections cannot be secured via TLS certificates signed by a certificate authority. The LOQED Bridge therefore includes a signature which could theoretically be validated by Loxone. However, at the time of writing, this is not yet supported by Loxone. This means that any person or device with access to your local area network could make Loxone “think” the door was opened. This might trigger other sensitive actions depending on your situation (e.g. turn off your alarm system).

A workaround for this problem is to use the LOQED web API, which validates the security certificate of the domain it is connecting to. Open/lock commands to the LOQED Bridge: within your local network, connections cannot be secured via TLS certificates signed by a certificate authority. Therefore, commands to the bridge can be digitally signed, such that the LOQED bridge can validate if the message was sent by a trusted party. At the time of writing, Loxone does not support generating such a signature. Therefore, the encryption key is sent to the bridge by Loxone in plain text. Any person or device with access to your local area network can potentially see this encryption key. A workaround for this problem is to use the LOQED web API, which is secured via HTTPS.

Tips

  • After a reboot of the Loxone Miniserver, the lock status will be unknown, until the lock state changes once, or the virtual input status interval triggers.

  • If you send the same command (e.g. OPEN) twice within 10 seconds, the LOQED Touch Smart Lock will turn the lock as far as it can (an emergency opening). This is normal behaviour, simply don’t send duplicate commands too fast.

  • The lock state “OPEN” is only available for locks without a movable handle on the outside of the door. Such locks have three states. About 2 seconds after such a lock reached the OPEN state, the lock will automatically release the latch, and send the “DAY_LOCK” state to the Loxone server.

  • If you send the “OPEN” command to a lock with only two states (DAYLOCK and NIGHTLOCK), the lock will interpret this as if it received the DAY_LOCK command.

  • The LOQED Bridge currently cannot connect to Wi-Fi networks with special characters in the SSID network name or password (for example, the letters é or ï).

Future functionality:

  • Support for requesting the current lock state when the Loxone Miniserver boots.

Security Information on your lock’s security when using this integration

Physically, the LOQED Touch Smart Lock has the highest achievable SKG three-star rating (SKG is the Dutch lock security certification authority, with more strict requirements than EU legislation prescribes). The lock is firmly secured to the door, and comes with an included cylinder. Especially for businesses this is more secure, as compared to smart locks that are placed on top of an existing key, one could easily gain access to the traditional key.

The digital keys of the LOQED Touch Smart Lock are stored on the lock itself and on your phone. The keys are also stored on the LOQED server, but encrypted with your account’s password. This can be compared to how online password management tools work. It ensures that even if the LOQED servers would be compromised, your keys are still safe. This also means we cannot not offer a “forgot my password” functionality – so don’t forget your password.

When you use this integration, you will store a digital key on your Loxone Miniserver. Because the Loxone system cannot calculate the “signature” for commands sent to the LOQED server, the Loxone Miniserver will send the key in the HTTPS command and the signature is calculated by the LOQED server. The LOQED server sends the command with signature to the LOQED Touch Smart Lock, and forgets the key right after this.

Did this answer your question?