Locker Open#

Download: Android | iOS

Note: Android users will still have to download the Locker Open app

What is Locker Open?#

Locker Open is our lightweight app clip that provides the easiest way to open a Harbor locker. Simply tap a link and hit Open app clip to use Locker Open and pop the locker open!

app-clip
You can also follow the link at the bottom to the app store to download the full Locker Open app.
locker-open

More information on App Clips

Be sure to have a link provided by lockeropen.com before you try to use the Locker Open app. Instructions for developers on how to create these links are on the bottom of this page. At the moment Locker Open only supports a single open transaction.

HarborHarry

How to Use Locker Open#

Step 1: Grant Permissions#

This step is needed for dropoff or pickup, and it only needs to be done once.

Grant-permissions

Step 2: Connect to the Tower#

Stay within 10 feet (2m) of the locker while the app is trying to connect.

Location/Tower/Locker example

Step 3: Complete Your Transaction#

For Dropoff:#

  1. The locker will open automatically when you’re ready for dropoff

  2. Place your item inside the locker

  3. Important: Be sure to close the locker door

  4. Your dropoff is now complete!

locker drop off

For Pickup:#

  1. Use the link that was provided to you

  2. The locker will open automatically

  3. Remove your item from the locker

  4. Important: Be sure to close the locker door

locker pickup locker pickup Locker Open Pickup Process

Webhooks: Real-Time Notifications#

Webhooks allow Harbor to notify your server when important events occur in real time.

Setup Requirements: - Your system must provide a publicly accessible HTTPS endpoint. Once our team registers the endpoint, you will begin receiving webhook events automatically

Webhook Event Examples#

  1. When a dropoff link is created:

  1. When the user creates a token to open the locker:

    {
      "timestamp": "2025-04-01T13:12:57",
      "event": "LOCKER_OPERATION",
      "data": {
        "timestamp": "2025-04-01T16:12:57.521044+00:00",
        "locker_id": 9,
        "locker_status": "rented",
        "tower_id": "0000000000000001",
        "source": "LOCKER_TOKEN_CREATED",
        "reservation_id": null,
        "open_locker_token_id": 52,
        "keypad_code": null,
        "client_info": "Luis",
        "locker_open_request_id": null,
        "locker_open_request_payload": null
      }
    }
    
  2. When the token is used to open the locker:

    {
      "timestamp": "2025-04-01T13:15:47",
      "event": "LOCKER_OPERATION",
      "data": {
        "timestamp": "2025-04-01T16:15:45+00:00",
        "locker_id": 9,
        "locker_status": "occupied",
        "tower_id": "0000000000000001",
        "source": "LOCKER_TOKEN_USED",
        "reservation_id": null,
        "open_locker_token_id": 52,
        "keypad_code": null,
        "client_info": "Luis",
        "locker_open_request_id": 56,
        "locker_open_request_payload": {
          "extra": "data",
          "test": 123
        }
      }
    }
    

Verifying Webhook Signatures (Optional)#

Harbor and your system can share a secret used to verify the signatures of incoming webhook requests. This step is optional but recommended as an additional security measure.

Step 1: Extract the Signature

The webhook request will include a header named x-harbor-signature with this format: | t=1746022058,v1=c0aec4...,v2=... - t is the Unix timestamp - v1, v2, etc., are versioned signatures

Step 2: Generate Your Own Signature

Use an HMAC function to compute a signature using: - The shared secret between Harbor and your system - Request payload: concatenated string of timestamp and request payload delimited by comma, removing all space characters - Format: {timestamp},{payload} - Encoding method: hex

Step 3: Compare Signatures

Compare your computed signature to the ones provided in the x-harbor-signature header. The computed signature must match at least one of the provided signatures (e.g., v1) for the verification to pass.

Example Validator Functions:

import re
import hmac
import hashlib

def is_signature_valid(
    x_harbor_signature: str, payload: str, shared_secret: str
) -> bool:
    """Determines if harbor signature is valid or not"""

    matches = dict(re.findall(r"(\w+)=([^,]+)", header))

    timestamp = matches.get("t")
    signatures = [v for k, v in matches.items() if k.startswith("v")]

    compact_payload = payload.replace(" ", "")
    signed_content = f"{timestamp},{compact_payload}"

    generated_signature = hmac.new(
        shared_secret.encode("utf-8"),
        signed_content.encode("utf-8"),
        hashlib.sha256,
    ).hexdigest()
    return generated_signature in signatures