Build an Automated Booking System with Google Services and Loxone

Create a fully automated room booking system that generates random PIN codes, emails them to guests, and automatically manages access permissions using Google Calendar, Forms, Apps Script, and Loxone's user management API.

This comprehensive guide shows you how to build a fully automated booking system that creates temporary users, generates unique PIN codes, and manages access permissions automatically. The system integrates Google Calendar, Google Forms, and Google Apps Script with Loxone's user management API and NFC Code Touch for seamless access control.

What This System Does

Here's the complete workflow in plain English:

Guests book a time slot through a Google Form
The system creates a brand-new Loxone user for that booking
Generates a unique PIN code and limits it to the event's start/end time
Assigns the user to the correct door group (Room 1 or Room 2)
Emails the PIN to the guest automatically
Deletes the user when the session ends

No extra hardware required—it uses your existing NFC Code Touch + Access function block and Loxone's user management API. All booking UI is handled by Google services, with Google Apps Script acting as the integration layer.

How It Works Behind the Scenes

The system polls your two calendars for events in the next 14 days. For each event it:

Resolves the right group: either via your explicit ROOM_GROUPS, or infers "Room 1" → "AccessRoom1" / "Room 2" → "AccessRoom2" by calling /getgrouplist and parsing the JSON
Creates a brand-new user with name like "Room 1 2025-08-10T18:00:00.000Z" and grabs the returned uuid
Assigns the user to the group (so the door block grants permission)
Sets validFrom/validUntil to the event's exact start/end and expirationAction: 1 (auto-delete)
Sets a unique PIN (4-8 digits, configurable) and retries if the code collides until it gets a unique one
Emails the PIN to the event guests
Stores the uuid + PIN in the event's private properties to avoid double-provisioning

Cleanup later deletes the user (if not already auto-deleted by the miniserver).

Understanding Loxone User Management API

The system uses Loxone's User Management API to automate the entire user lifecycle. Here's what happens step by step:

Step-by-Step API Commands

1. Create User

Endpoint: /jdev/sps/createuser/<name>

Creates a new user with a unique name (e.g., "Room 1 2025-08-10T18:00:00.000Z"). The API returns a UUID that we'll use for all subsequent operations.

JSON response from Loxone API showing successful user creation with UUID

Click to expand

Successful user creation response with UUID for further operations

2. Assign User to Group

Endpoint: /jdev/sps/assignusertogroup/<uuidUser>/<uuidGroup>

Assigns the newly created user to the appropriate access group (AccessRoom1 or AccessRoom2). This grants the user permission to access the corresponding door.

3. Set User Validity and Auto-Delete

Endpoint: /jdev/sps/addoredituser/{json}

Sets the user's validity period to match the booking start/end times and configures automatic deletion when the session expires. The JSON payload includes:

uuid - The user's unique identifier
userState: 4 - Active user state
validFrom - Start time in Loxone timestamp format
validUntil - End time in Loxone timestamp format
expirationAction: 1 - Auto-delete when expired

4. Generate and Set PIN Code

Endpoint: /jdev/sps/updateuseraccesscode/<uuid>/<code>

Generates a random PIN (4-8 digits, configurable) and assigns it to the user. If there's a PIN conflict (HTTP 409), the script automatically generates a new PIN and retries up to 6 times.

5. Retrieve Group Information

Endpoint: /jdev/sps/getgrouplist

Retrieves all available user groups to map room names to group UUIDs. The API returns a JSON response where the value field may contain a JSON string that needs to be parsed twice.

6. Cleanup and Deletion

Endpoint: /jdev/sps/deleteuser/<uuidUser>

Removes expired users automatically. This can happen either through the API call or automatically by the miniserver when the validity period expires.

Authentication Methods

The script supports two authentication methods for maximum compatibility:

Token Authentication: First attempts to use Loxone's token-based login for enhanced security
HTTPS Basic Authentication: Falls back to Basic auth over HTTPS if token authentication isn't available

Both methods are secure when used over HTTPS, and the script automatically handles the fallback without exposing credentials in logs.

What You Need

Loxone Miniserver + NFC Code Touch - Wired to your lock/relay
Loxone Config App - To set up the access block and groups
Google Account - Calendar, Forms, Sheets, and Apps Script
Network Access - Miniserver reachable via local IP (testing) or CloudDNS URL (production)

Loxone Setup (One-Time Configuration)

1. Configure the Access Block

In Loxone Config, add your NFC Code Touch and wire/assign it to an "Access" (door) function block that pulses your lock relay
Set the pulse length/open time as you normally would
Test by opening with an admin code to ensure everything works

Loxone Config showing NFC Code Touch connected to Access function block with lock relay output

Click to expand

Simple drag and drop: NFC Code Touch connected to Access block with lock relay output

2. Create User Groups

In "Users & Groups" create groups named exactly AccessRoom1 and AccessRoom2
Open the Access function block for each door and grant the corresponding group permission:
- Door for Room 1 → add group AccessRoom1
- Door for Room 2 → add group AccessRoom2
Optional: Note their UUIDs by browsing to http://<miniserver-ip>/jdev/sps/getgrouplist (or your CloudDNS base)

Loxone Config showing user groups creation and access permissions assignment

Click to expand

Create AccessRoom1 and AccessRoom2 groups, then assign them to their respective doors

3. Create API User

Users → add "BookingIntegration" with a strong password
Permissions: Give it "User management" rights so it can create users, set access codes, and assign groups
Do not give it full admin if you don't need to

Loxone Config showing BookingIntegration user creation with all required permissions

Click to expand

Create BookingIntegration user with User management permissions for API access

4. Test the Setup

Create a test user manually, put them in AccessRoom1, set a code, and confirm that code opens the Room 1 door. Delete the user again. If this works, your wiring/permissions are correct.

Browser showing Loxone API response with group names and UUIDs circled

Click to expand

API response showing group names and UUIDs - keep these safe for configuration

Google Services Setup

5. Create Room Calendars

Go to your Google Calendar first and click on the settings cog
Calendar → Settings → "Add calendar" → create Booking with Loxone — Room 1
Repeat for Room 2
In each calendar's settings, copy the calendar ID (long @group.calendar.google.com string)

Google Calendar settings showing room calendar creation process

Click to expand

Go to Calendar settings cog first, then create room-specific calendars

Google Calendar settings showing calendar ID location with ID crossed out for security

Click to expand

Calendar ID location - keep yours safe! (This one is exposed for tutorial purposes)

6. Create Booking Form

Google Forms → New form with these fields:

Note: We're using Google Forms for simplicity in this tutorial. For production use, you could integrate the booking form directly into your website and send triggers to Google Calendar from your backend—this is a future enhancement project.

Full Name (short answer)
Email Address (short answer)
Select Room (dropdown: "Room 1", "Room 2")
Booking Date (date picker)
Start Time (time picker)
End Time (time picker)

Form → "Responses" → "Link to Sheets" → create a new sheet

Google Forms showing all required fields for the booking form

Click to expand

Complete form setup with all required fields (click to expand for full view)

Google Forms showing form to sheets connection

Click to expand

Link form responses to Google Sheets for automation

Google Sheets showing Extensions → Apps Script menu

Click to expand

Access Apps Script from Google Sheets Extensions menu

7. Set Up Google Apps Scripts

You'll need two Google Apps Scripts to complete the automation. The setup process is:

Open the linked sheet → Extensions → Apps Script
Create two files: "Form to Calendar" and "Loxone Integration"
Copy the scripts from the sections below
Set up triggers for automated execution
Configure script properties

Google Apps Script project showing main Loxone integration script and additional scripts button

Click to expand

Main Loxone integration script with option to create additional scripts

Google Apps Script project settings showing all required script properties

Click to expand

Configure all required script properties in Project Settings

Google Apps Script triggers page showing syncUpcoming and cleanupExpired triggers

Click to expand

Set up automated triggers for calendar monitoring and cleanup

How the Two Scripts Work Together

The system uses two Google Apps Scripts that work in sequence to create a complete automated booking flow:

Form to Calendar Script: Processes form submissions and creates calendar events with guest invitations
Loxone Integration Script: Monitors calendars and automatically creates Loxone users with PIN codes

Complete Workflow: Form submission → Calendar event created → Guest invited → Loxone script detects event → User created → PIN generated → Email sent → Access granted → User automatically deleted after booking

Testing the System

8. First End-to-End Test

Submit the form for "Room 1" in the next 10–20 minutes
Check the Room 1 calendar → event exists
Apps Script → Executions → you should see logs like:
- "Token login OK" or "Using Basic auth fallback"
- "Loaded groups: … AccessRoom1(…), AccessRoom2(…)"
- "assignusertogroup → LL.code=200 (user <uuid> → group <uuid>)"
- "Provisioned user <uuid> for 'Room 1' PIN=#### group=<uuid>"
Check your email (the guest address you entered) → you should get the PIN and times
In the Loxone App → Users → you'll see the new user with validity window and the AccessRoom1 group
At the NFC Code Touch, the PIN should work only between the event's start and end
After the window, wait for cleanupExpired or run it manually → user is deleted

Google Calendar showing events created for both Room 1 and Room 2

Click to expand

Test events created in both room calendars with guest invitations

Loxone App showing newly created user with time validity and access group membership

Click to expand

New user created with correct time window and AccessRoom1 group membership

Email inbox showing received PIN code with room name and time validity

Click to expand

PIN code email received with all booking details

Complete Scripts

Below are the complete scripts you need to copy into your Google Apps Script project. Each script is collapsible to keep the page organized.

Form to Calendar Script

This script automatically converts form submissions into calendar events. It includes conflict checking, flexible time parsing, and automatic guest invitations.

Form Processing: Reads form data with flexible field matching
Time Parsing: Handles various time formats (24h, 12h, AM/PM)
Conflict Prevention: Checks for double bookings before creating events
Calendar Mapping: Automatically routes bookings to the correct room calendar
Guest Invitations: Sends calendar invites to the booking email
Error Handling: Comprehensive logging and error reporting

Configuration Required

Before using this script, you need to update the calendar IDs:

Replace the calendar IDs in the calendarMap object with your actual calendar IDs
Set your Google Sheet's timezone to match your local timezone
Ensure your form field names match the expected aliases in the script

Form to Calendar Script - Complete Code

function onFormSubmit(e) {
  if (!e || !e.namedValues) { Logger.log('Run via form submit (trigger).'); return; }
  try {
    Logger.log('Keys: ' + Object.keys(e.namedValues).join(' | ')); // helps diagnose

    // ---- Read values with fuzzy key matching ----
    const name    = getValFuzzy_(e, ['Full Name','Name']);
    const email   = getValFuzzy_(e, ['Email Address','Email']);
    const room    = getValFuzzy_(e, ['Select Room','Room']);
    const dateStr = getValFuzzy_(e, ['Booking Date','Date']);
    const startStr= getValFuzzy_(e, ['Start Time','Start']);
    const endStr  = getValFuzzy_(e, ['End Time','End']);

    // ---- Build start/end Date objects in the Sheet's timezone ----
    const dateOnly = new Date(dateStr);
    const start = mergeDateAndTime_(dateOnly, startStr);
    const end   = mergeDateAndTime_(dateOnly, endStr);
    if (!(start < end)) throw new Error('End time must be after start time.');

    // ---- Room → Calendar mapping (one line each) ----
    const calendarMap = {
      'Room 1': '6318f6562440f2441310c5686fe9cf4ddc511f915a940e87dc191230096dd142@group.calendar.google.com',
      'Room 2': 'ec7ddd1333d01bd8ed6023f02ff37c4b5016f81a30cc980ed623c9e274638c32@group.calendar.google.com'
    };
    const calId = calendarMap[room] || calendarMap[room.trim()];
    if (!calId) throw new Error('Unknown room: ' + room);

    // ---- Prevent double booking ----
    const cal = CalendarApp.getCalendarById(calId);
    const conflicts = cal.getEvents(start, end);
    if (conflicts.length) {
      Logger.log(`Conflict in ${room}: ${start}–${end}. Skipping.`);
      return;
    }

    // ---- Create event & invite guest ----
    cal.createEvent(name, start, end, { guests: email, sendInvites: true });
    Logger.log(`Created event in ${room}: ${start} → ${end} for ${email}`);

  } catch (err) {
    Logger.log('onFormSubmit error: ' + (err && err.stack ? err.stack : err));
    throw err;
  }
}

/* ===== Helpers ===== */

// fuzzy key lookup: ignores case, spaces, punctuation
function getValFuzzy_(e, aliases) {
  const map = e.namedValues || {};
  const want = aliases.map(norm_);
  for (const key of Object.keys(map)) {
    if (want.includes(norm_(key))) {
      const v = map[key];
      if (v && v[0]) return String(v[0]).trim();
    }
  }
  throw new Error('Missing field (expected one of): ' + aliases.join(', '));
}

function norm_(s) { return String(s).toLowerCase().replace(/[\s_\-:;/\\.,()\[\]{}]+/g,''); }

// Accepts "14:30", "14:30:00", "14", "2:30 PM", "2 PM"
function mergeDateAndTime_(dateOnly, timeStr) {
  const tz = Session.getScriptTimeZone(); // set your Sheet to Europe/London
  const base = new Date(Utilities.formatDate(dateOnly, tz, 'yyyy-MM-dd') + 'T00:00:00');
  const s = String(timeStr).replace(/\s+/g, ' ').trim().toUpperCase();

  // 24h HH or HH:MM or HH:MM:SS
  let m = s.match(/^(\d{1,2})(?::(\d{2}))?(?::(\d{2}))?$/);
  if (m) {
    const h = clamp_(parseInt(m[1],10), 0, 23);
    const min = clamp_(m[2] ? parseInt(m[2],10) : 0, 0, 59);
    base.setHours(h, min, 0, 0);
    return base;
  }

  // 12h (H|H:MM)(:SS)? AM/PM
  m = s.match(/^(\d{1,2})(?::(\d{2}))?(?::(\d{2}))?\s*(AM|PM)$/);
  if (m) {
    let h = clamp_(parseInt(m[1],10), 1, 12);
    const min = clamp_(m[2] ? parseInt(m[2],10) : 0, 0, 59);
    const ampm = m[4];
    if (ampm === 'PM' && h !== 12) h += 12;
    if (ampm === 'AM' && h === 12) h = 0;
    base.setHours(h, min, 0, 0);
    return base;
  }

  // Fallback
  const fallback = new Date(`${dateOnly.toDateString()} ${timeStr}`);
  if (!isNaN(fallback.getTime())) return fallback;

  throw new Error('Unparsable time: ' + timeStr);
}

function clamp_(n, min, max) { return Math.max(min, Math.min(max, n)); }

Loxone Integration Script

This script monitors your calendars and automatically creates Loxone users with PIN codes for each booking.

Calendar Monitoring: Polls your room calendars every few minutes for upcoming events
User Creation: Creates a new Loxone user for each booking with a unique name
Group Assignment: Automatically assigns users to the correct access groups (AccessRoom1/AccessRoom2)
PIN Generation: Generates unique PIN codes (4-8 digits, configurable) with conflict resolution
Time Management: Sets user validity to match exactly the booking start/end times
Email Notifications: Sends PIN codes to guests automatically
Cleanup: Deletes expired users to keep your system clean

Script Properties Configuration

Open "Project Settings" → "Script properties" and add these configuration values:

LOX_HOST = https://dns.loxonecloud.com/<SERIALHEX> (or http(s)://<local-ip> when testing on-site)
LOX_USER = BookingIntegration
LOX_PASS = your password
CALENDARS = [{"id":"<room1_calendar_id>","room":"Room 1"},{"id":"<room2_calendar_id>","room":"Room 2"}]
Optional: ROOM_GROUPS = {"Room 1":"<uuid of AccessRoom1>","Room 2":"<uuid of AccessRoom2>"} to hard-pin the group mapping
PIN Configuration: Edit PIN_LENGTH in the _generateCode() function to change PIN length (4, 6, 8 digits, etc.)

Required Triggers

After setting up the script, you need to create two time-based triggers:

syncUpcoming: Run every 1-5 minutes to process new bookings
cleanupExpired: Run every 15 minutes to remove old users

To set up triggers: In Apps Script, click the clock icon → "Add Trigger" → Select function → Set frequency → Save

Loxone Integration Script - Complete Code

/******************************************************
 * Loxone Booking Integration — Calendar → Loxone (FINAL++)
 * - CloudDNS (HTTPS, follow redirects)
 * - Token auth first, fallback to Basic over HTTPS
 * - Endpoints used: createuser • assignusertogroup • addoredituser • updateuseraccesscode • deleteuser • getgrouplist
 * - Multi‑room calendars
 * - Group assign FIX: /getgrouplist "value" may be a JSON STRING → parse twice
 *   Maps "Room 1" → "AccessRoom1", "Room 2" → "AccessRoom2" (or use ROOM_GROUPS override)
 * - PIN conflict handling, email, auto-delete after booking
 ******************************************************/

/* ====== SCRIPT PROPERTIES (Project Settings → Script properties) ======
CALENDARS   = [{"id":"<calendarID_room1>","room":"Room 1"}, {"id":"<calendarID_room2>","room":"Room 2"}]
LOX_HOST    = https://dns.loxonecloud.com/504F94A1242E
LOX_USER    = BookingIntegration
LOX_PASS    = Calendar123
// Optional (recommended): ROOM_GROUPS = {"Room 1":"1f3cca00-0299-70ac-ffff51962a78da81","Room 2":"1f3cd3fe-039a-ac0b-ffff51962a78da81"}
================================================================================= */

const PROP         = PropertiesService.getScriptProperties();
const CALENDARS    = JSON.parse(PROP.getProperty('CALENDARS') || '[]');
const ROOM_GROUPS  = safeJson_(PROP.getProperty('ROOM_GROUPS')) || {};
const LOX_HOST     = PROP.getProperty('LOX_HOST');
const LOX_USER     = PROP.getProperty('LOX_USER');
const LOX_PASS     = PROP.getProperty('LOX_PASS');

// Event private props keys
const FIELD_CODE = 'access_code';
const FIELD_UUID = 'loxone_uuid';
const FIELD_PUSH = 'pushed_to_loxone';

// Caches
const CACHE = CacheService.getScriptCache();
const CK_GROUPS = 'groups_cache_json';   // list from getgrouplist (1 day)
const CK_MAP    = 'room_group_map_json'; // room→uuid (1 day)

/* ================= ENTRY POINTS ================= */

function syncUpcoming() {
  const session = loxLogin_();
  if (!session) { Logger.log('Login failed'); return; }

  const now = new Date();
  const future = new Date(now.getTime() + 14 * 86400000);

  for (const cfg of CALENDARS) {
    const cal = CalendarApp.getCalendarById(cfg.id);
    if (!cal) { Logger.log('Calendar not found: ' + cfg.id); continue; }
    const events = cal.getEvents(now, future);
    for (const ev of events) processEvent_(session, ev, cfg.room);
  }
  loxLogout_(session);
}

function cleanupExpired() {
  const session = loxLogin_();
  if (!session) { Logger.log('Login failed'); return; }

  const past = new Date(Date.now() - 7 * 86400000);
  const now  = new Date();

  for (const cfg of CALENDARS) {
    const cal = CalendarApp.getCalendarById(cfg.id);
    if (!cal) { Logger.log('Calendar not found: ' + cfg.id); continue; }
    const events = cal.getEvents(past, now);
    for (const ev of events) cleanupEvent_(session, ev);
  }
  loxLogout_(session);
}

/* ================= EVENT FLOW ================= */

function processEvent_(session, ev, room) {
  try {
    if (ev.isAllDayEvent()) return;

    const props = _getProps(ev);
    if (props[FIELD_PUSH] === 'yes' && props[FIELD_UUID]) return;

    // GROUP
    const grpUuid = resolveGroupForRoom_(session, room); // '' if not found

    // 1) Create user → UUID
    const userName = `${room} ${ev.getStartTime().toISOString()}`;
    const create = loxGetJSON_(session, `/jdev/sps/createuser/${encodeURIComponent(userName)}`);
    const uuid = extractUuid_(create);
    if (!uuid) { Logger.log('Create user returned no UUID'); return; }

    // 2) Assign group (if we have one)
    if (grpUuid) {
      const a = loxGetJSON_(session, `/jdev/sps/assignusertogroup/${encodeURIComponent(uuid)}/${encodeURIComponent(grpUuid)}`);
      Logger.log(`assignusertogroup → LL.code=${getLLCode_(a)} (user ${uuid} → group ${grpUuid})`);
    } else {
      Logger.log('Group not resolved; skipping assignment');
    }

    // 3) Validity + auto-delete
    const startSec = _loxTime(ev.getStartTime());
    const endSec   = _loxTime(ev.getEndTime());
    const payload  = {
      uuid: uuid,
      userState: 4,
      validFrom: startSec,
      validUntil: endSec,
      expirationAction: 1
    };
    loxGetJSON_(session, `/jdev/sps/addoredituser/${encodeURIComponent(JSON.stringify(payload))}`);

    // 4) PIN (retry on 409)
    let code = props[FIELD_CODE] || _generateCode();
    for (let i = 0; i < 6; i++) {
      const set = loxGetJSON_(session, `/jdev/sps/updateuseraccesscode/${encodeURIComponent(uuid)}/${encodeURIComponent(code)}`);
      const status = getLLCode_(set);
      if (status === 200 || status === 201) break;
      if (status === 409) { code = _generateCode(); continue; }
      if (i === 5) { Logger.log('Failed to set PIN'); return; }
      Utilities.sleep(80);
    }

    // Save + notify
    props[FIELD_UUID] = uuid;
    props[FIELD_CODE] = code;
    props[FIELD_PUSH] = 'yes';
    _setProps(ev, props);
    sendPinEmails_(ev, room, code);

    Logger.log(`Provisioned user ${uuid} for "${room}" PIN=${code} group=${grpUuid || 'none'}`);
  } catch (err) {
    Logger.log('processEvent_ error: ' + err);
  }
}

function cleanupEvent_(session, ev) {
  try {
    const props = _getProps(ev);
    if (props[FIELD_PUSH] === 'yes' && props[FIELD_UUID]) {
      loxGetJSON_(session, `/jdev/sps/deleteuser/${encodeURIComponent(props[FIELD_UUID])}`);
      props[FIELD_PUSH] = 'deleted';
      _setProps(ev, props);
      Logger.log('Deleted user ' + props[FIELD_UUID]);
    }
  } catch (err) {
    Logger.log('cleanupEvent_ error: ' + err);
  }
}

/* ================= GROUP RESOLUTION (PARSE TWICE) ================= */

function resolveGroupForRoom_(session, room) {
  // 0) Explicit mapping wins
  if (ROOM_GROUPS && ROOM_GROUPS[room]) return ROOM_GROUPS[room];

  // cache
  const cachedMap = safeJson_(CACHE.get(CK_MAP));
  if (cachedMap && cachedMap[room]) return cachedMap[room];

  const list = getGroupList_(session); // [{name,uuid},...]

  // If your naming is AccessRoom1 / AccessRoom2, infer from room number:
  const num = (room.match(/\d+/) || [''])[0]; // "1" or "2"
  if (num) {
    const wanted = `AccessRoom${num}`;
    const exact = list.find(g => (g.name || '').toLowerCase() === wanted.toLowerCase());
    if (exact && exact.uuid) {
      const map = cachedMap || {};
      map[room] = exact.uuid;
      CACHE.put(CK_MAP, JSON.stringify(map), 86400);
      Logger.log(`Resolved group by exact name "${wanted}" → ${exact.uuid}`);
      return exact.uuid;
    }
  }

  // Fallbacks (rare):
  const roomNorm = (room || '').toLowerCase().replace(/\s+/g,'');
  let found = list.find(g => (g.name || '').toLowerCase().replace(/\s+/g,'') === roomNorm);
  if (!found && num) found = list.find(g => /accessroom\d+/i.test(g.name) && g.name.replace(/[^0-9]/g,'') === num);

  if (found && found.uuid) {
    const map = cachedMap || {};
    map[room] = found.uuid;
    CACHE.put(CK_MAP, JSON.stringify(map), 86400);
          Logger.log(`Resolved group by fallback "${found.name}" → ${found.uuid}`);
    return found.uuid;
  }

  Logger.log(`No matching group for "${room}". Groups: ${list.map(g=>`${g.name}(${g.uuid})`).join(', ')}`);
  return '';
}

function getGroupList_(session) {
  // Cache first
  const cached = safeJson_(CACHE.get(CK_GROUPS));
  if (Array.isArray(cached) && cached.length) return cached;

  const res = loxGetJSON_(session, `/jdev/sps/getgrouplist`);
  // Your box returns: {LL:{value:"[ {...},{...} ]", Code:"200"}}
  let raw = (res && res.LL && typeof res.LL.value !== 'undefined') ? res.LL.value : (res && res.value);
  if (typeof raw === 'string') {
    // parse the JSON string
    try { raw = JSON.parse(raw); } catch (_) { raw = []; }
  }
  const list = (Array.isArray(raw) ? raw : []).map(x => ({
    name: String(x.name || ''),
    uuid: String(x.uuid || '')
  })).filter(x => x.uuid);

  CACHE.put(CK_GROUPS, JSON.stringify(list), 86400);
  Logger.log(`Loaded groups: ${list.map(g=>`${g.name}(${g.uuid})`).join(', ')}`);
  return list;
}

/* ================= AUTH & HTTP ================= */

function loxLogin_() {
  // Token first
  try {
    const url = `${LOX_HOST}/jdev/cfg/apiKeyLogin/${encodeURIComponent(LOX_USER)}/${encodeURIComponent(LOX_PASS)}`;
    const res = UrlFetchApp.fetch(url, { muteHttpExceptions: true, followRedirects: true, validateHttpsCertificates: true });
    const data = safeJson_(res.getContentText());
    if (data && data.LL && data.LL.value) {
      Logger.log('Token login OK');
      return { mode: 'token', token: data.LL.value, base: LOX_HOST };
    }
  } catch (e) {
    Logger.log('Token login failed: ' + e);
  }
  // Basic over HTTPS
  Logger.log('Using Basic auth fallback');
  return { mode: 'basic', basic: 'Basic ' + Utilities.base64Encode(LOX_USER + ':' + LOX_PASS), base: LOX_HOST };
}

function loxGetJSON_(session, path) {
  const res1 = loxGetRaw_(session, path);
  const j1 = safeJson_(res1.body);
  if (j1) return j1;

  Utilities.sleep(120);
  const res2 = loxGetRaw_(session, path);
  const j2 = safeJson_(res2.body);
  if (j2) return j2;

  throw new Error('Invalid JSON from Loxone for ' + path);
}

function loxGetRaw_(session, path) {
  let url = `${session.base}${path}`;
  if (session.mode === 'token') {
    url += (url.includes('?') ? '&' : '?') + 'token=' + encodeURIComponent(session.token);
  }
  const opts = { muteHttpExceptions: true, followRedirects: true, validateHttpsCertificates: true };
  if (session.mode === 'basic') opts.headers = { Authorization: session.basic };

  for (let attempt = 0; attempt < 2; attempt++) {
    try {
      const res = UrlFetchApp.fetch(url, opts);
      Logger.log(`GET ${url} -> ${res.getResponseCode()}`);
      return { body: res.getContentText(), code: res.getResponseCode() };
    } catch (e) {
      if (attempt === 1) throw e;
      Utilities.sleep(100);
    }
  }
  return { body: '', code: 0 };
}

function loxLogout_(session) {
  if (!session || session.mode !== 'token') return;
  try {
    UrlFetchApp.fetch(`${session.base}/jdev/cfg/logout/${encodeURIComponent(session.token)}`, {
      muteHttpExceptions: true, followRedirects: true, validateHttpsCertificates: true
    });
  } catch (_) {}
}

/* ================= EMAIL ====================== */

function sendPinEmails_(ev, room, code) {
  const recipients = getRecipientEmails_(ev);
  if (!recipients.length) return;

  const tz = Session.getScriptTimeZone();
  const start = Utilities.formatDate(ev.getStartTime(), tz, 'yyyy-MM-dd HH:mm');
  const end   = Utilities.formatDate(ev.getEndTime(),   tz, 'yyyy-MM-dd HH:mm');

  const subj = `Access code for ${room}`;
  const body = `Hello,

Your access code for ${room} is: ${code}

Valid (local time):
Start: ${start}
End:   ${end}

The code only works during the booked window. Please don't share it.

Thanks!`;

  for (const to of recipients) {
    try { GmailApp.sendEmail(to, subj, body, { name: 'Bookings (no-reply)' }); } catch (_) {}
  }
}

function getRecipientEmails_(ev) {
  const list = ev.getGuestList().map(g => g.getEmail()).filter(Boolean);
  if (!list.length) {
    const m = (ev.getDescription() || '').match(/email:\s*([^\s,;]+)/i);
    if (m) list.push(m[1]);
  }
  return Array.from(new Set(list));
}

/* ================= HELPERS ==================== */

function _loxTime(date) {
  const base = new Date(Date.UTC(2009, 0, 1));
  return Math.floor((date.getTime() - base.getTime()) / 1000);
}

function _generateCode() {
  // Configurable: Change 4 to 6, 8, etc. for different PIN lengths
  const PIN_LENGTH = 4;
  const maxValue = Math.pow(10, PIN_LENGTH) - 1;
  return ('0'.repeat(PIN_LENGTH) + Math.floor(Math.random() * maxValue)).slice(-PIN_LENGTH);
}

function _getProps(ev) {
  try { return JSON.parse(ev.getTag('privateProperties')) || {}; }
  catch (e) { return {}; }
}

function _setProps(ev, props) {
  ev.setTag('privateProperties', JSON.stringify(props));
}

function safeJson_(txt) {
  try { return JSON.parse(txt); } catch (_) { return null; }
}

function getLLCode_(resp) {
  if (!resp || !resp.LL) return 0;
  if (typeof resp.LL.Code !== 'undefined') return Number(resp.LL.Code);
  if (typeof resp.LL.code !== 'undefined') return Number(resp.LL.code);
  return 0;
}

function extractUuid_(resp) {
  if (!resp || !resp.LL) return '';
  const v = resp.LL.value;
  if (!v) return '';
  if (typeof v === 'string') return v;
  if (v.uuid) return v.uuid;
  return '';
}

Common Issues and Solutions

Group Assignment Issues

Problem: Group didn't assign
Solution: Make sure your groups are literally AccessRoom1 and AccessRoom2 and that each door's Access block grants those groups; or set ROOM_GROUPS with the exact UUIDs

Email Delivery Issues

Problem: No email arrived
Solution: Ensure the event actually has a guest (the form→calendar script should invite the email); check Gmail quotas if you spam test

Timing Issues

Problem: Wrong time / PIN active at wrong hour
Solution: Set the Apps Script project time zone and the calendars' time zone to your local zone; your miniserver time must also be correct

Authentication Issues

Problem: Token login failed
Solution: The script automatically uses HTTPS basic auth; that's fine. Keep LOX_HOST as the CloudDNS "front door" URL; we follow redirects

Local vs External Testing

Problem: Testing locally vs externally
Solution: On-site you can point LOX_HOST to http://<local-ip>; for external, switch back to https://dns.loxonecloud.com/<SERIALHEX>

Use Cases and Applications

This system is perfect for various scenarios where you need temporary, secure access control:

Airbnb / B&B Self-Check-in: Code valid from check-in to check-out; emailed automatically; zero staff
Sports/Gyms: Simulators, squash, padel courts; code only works for the slot
Coworking/Meeting Rooms: Clients book online; get code for the room; billing stays in your booking tool
Unmanned Hotels / Hostels: One calendar per room, iCal imports from Booking.com/Expedia into those calendars, this script does the rest

Future Enhancements

Once you have the basic system working, consider these optional improvements:

Website Integration: Replace Google Forms with a custom booking form on your website, sending triggers directly to Google Calendar from your backend
Enhanced PIN Security: Configure PIN length (6-8 digits); store a guest reference in the user's custom fields
Multiple Delivery Methods: Add SMS delivery alongside email
Auto-Door Control: Auto-pulse door on event start (use device UUIDs from LoxApp3.json and /io/<uuid>/output/<n>)
Grace Periods: Add a "grace" buffer (e.g., validFrom-5min, validUntil+5min)
Performance Optimization: Rate limiting and retries are already built-in; raise or lower trigger frequency to suit your volume
Alternative Booking UI: Swap the Google Form for a Google Appointment Schedule if you prefer Google's native slot picker

Security Considerations

While this system is designed with security in mind, consider these important points:

PIN Code Security: PIN length is configurable: 4-digit PINs provide 10,000 combinations, 6-digit PINs provide 1,000,000 combinations, 8-digit PINs provide 100,000,000 combinations
Time-Limited Access: PINs only work during the exact booking window, minimizing the risk of unauthorized access
Automatic Cleanup: Users are automatically deleted after their session ends, preventing accumulation of inactive accounts
HTTPS Communication: All communication with Loxone uses HTTPS encryption, protecting credentials and data in transit
Limited API Permissions: The BookingIntegration user only has user management rights, not full admin access
Audit Trail: All actions are logged in Google Apps Script execution logs for monitoring and debugging

Note: This system is designed for low to medium security environments. For high-security applications, consider additional measures such as PIN complexity requirements, access attempt logging, and integration with your existing security systems.

Conclusion

This system provides a complete, automated solution for managing room access through bookings. By leveraging Google's suite of services and Loxone's powerful user management API, you can create a professional booking system that requires zero manual intervention while maintaining security and providing a seamless guest experience.

The integration handles all the complexity behind the scenes—user creation, PIN generation, group assignment, and cleanup—while providing a simple interface for guests to book and access their reserved spaces.

For more automation projects and Loxone integration tutorials, stay tuned to our blog.

Build an Automated Booking System with Google Services and Loxone

Table of Contents

What This System Does

How It Works Behind the Scenes

Understanding Loxone User Management API

Step-by-Step API Commands

1. Create User

2. Assign User to Group

3. Set User Validity and Auto-Delete

4. Generate and Set PIN Code

5. Retrieve Group Information

6. Cleanup and Deletion

Authentication Methods

What You Need

Loxone Setup (One-Time Configuration)

1. Configure the Access Block

2. Create User Groups

3. Create API User

4. Test the Setup

Google Services Setup

5. Create Room Calendars

6. Create Booking Form

7. Set Up Google Apps Scripts

How the Two Scripts Work Together

Testing the System

8. First End-to-End Test

Complete Scripts

Form to Calendar Script

Configuration Required

Form to Calendar Script - Complete Code

Loxone Integration Script

Script Properties Configuration

Required Triggers

Loxone Integration Script - Complete Code

Common Issues and Solutions

Group Assignment Issues

Email Delivery Issues

Timing Issues

Authentication Issues

Local vs External Testing

Use Cases and Applications

Future Enhancements

Security Considerations

Conclusion