Z-Wave Device Integration via IoT Hub into Mobile App
Z-Wave — wireless protocol at 868 MHz (Europe) / 908 MHz (USA), isolated from Wi-Fi and Zigbee. Mesh topology, range up to 30 meters per node. Fundamental difference from Zigbee: Z-Wave is proprietary standard managed by Silicon Labs, all devices mandatory certified for compatibility. Fewer surprises with compatibility, but less cheap DIY equipment.
Hubs and APIs for Mobile Integration
Z-Wave JS + zwavejs2mqtt — modern open-source stack on Node.js. USB controller (UZB7, Aeotec Z-Stick 7, Zooz ZAC93) → Z-Wave JS server → WebSocket API + MQTT. Best choice for custom mobile app.
Z-Wave JS WebSocket API: connect to ws://host:3000 work via JSON-RPC messages:
{
"messageId": "abc123",
"command": "node.setValue",
"nodeId": 5,
"valueId": {
"commandClassName": "Binary Switch",
"endpoint": 0,
"property": "currentValue"
},
"value": true
}
Home Assistant with Z-Wave JS addon — mobile app works via HA REST/WebSocket API. HA abstracts Z-Wave specifics to standard switch, light, lock, climate entities.
Vera / Fibaro HC — commercial hubs with their own REST APIs. Vera: http://hub-ip/port_3480/data_request?id=action&DeviceNum={id}&serviceId={...}&action={...}. Fibaro: REST API with Basic Auth, GET /api/devices/{id}.
SmartThings Hub — supports Z-Wave. SmartThings API (OAuth2, cloud) or local API via SmartThings Edge Drivers.
Z-Wave Command Classes: What They Are and Why Important
Z-Wave devices communicate via Command Classes — standardized command sets. Know them to properly read state and control devices:
| Command Class | Application | Key Commands |
|---|---|---|
| Binary Switch | Switches | currentValue (bool) |
| Multilevel Switch | Dimmers | currentValue (0-99) |
| Door Lock | Locks | currentMode (Secured/Unsecured) |
| Thermostat Setpoint | Thermostats | value (temperature) |
| Battery | Battery devices | level (0-100%) |
| Notification | Sensors | motion, smoke events |
| Meter | Energy meters | value (kWh, Watts) |
| Color Switch | RGB bulbs | currentColor |
Working via Z-Wave JS valueId contains commandClassName — determines device type and available operations.
Z-Wave Device Inclusion (Pairing)
Z-Wave Inclusion — physical process: controller enters wait mode, user presses button on device. Cannot do without physical access.
Launch Inclusion from mobile app via Z-Wave JS API:
{ "command": "controller.beginInclusion", "options": { "strategy": "Default" } }
Inclusion strategies:
-
Default— standard add -
SmartStart— QR code on device, no physical press needed. Device finds network on power-up. Z-Wave 700 series+. -
Security0/Security2_*— with encryption (S0, S2 Authenticated, S2 AccessControl for locks and garage doors)
SmartStart — right approach for modern Z-Wave 700/800 devices. Scan QR with phone camera, pass DSK key to Z-Wave JS, power on device — self-adds to network.
On Flutter: mobile_scanner for QR scanning → parse ZW:... URI → extract DSK → send to Z-Wave JS API.
Mesh Network and Route Optimization
Z-Wave builds routes automatically, but sometimes needs help. If device unstable — check route: { "command": "node.getRoutingSummary", "nodeId": 5 }.
"Heal" — route rebuild: { "command": "controller.healNetwork" }. Run after adding/removing devices or furniture rearrangement. Heal takes 5–30 minutes — show progress in app via healNetworkProgress events.
Visualize network: Z-Wave JS returns controller.getNodeNeighbors for each node. On Flutter draw graph via CustomPainter. Listening nodes (always-on power) — routers, FLiRS nodes — end devices. Battery devices don't relay.
Secure Communication: S2
S2 encryption mandatory for locks (S2 AccessControl) and access control devices. Inclusion without S2 on lock — security vulnerability. Z-Wave JS warns if device supports S2 but added without encryption.
DSK (Device Specific Key) — 5-digit PIN on device label or QR code. Request from user at Inclusion: { "type": "inclusionStarted" } → { "type": "validateDSKAndEnterPIN" } → user enters PIN → { "command": "controller.validateDSKAndEnterPIN", "pin": "12345" }.
Battery Monitoring
Z-Wave battery devices (sensors, locks) report charge level via Battery Command Class. Threshold notification: if battery.level < 20% — push user. No need to store history — last value sufficient.
Timeline
Z-Wave JS + WebSocket client, basic control — 2–3 weeks. SmartStart inclusion, network visualization, S2 security, heal, battery monitoring — 6–9 weeks. Cost depends on device types and security requirements.