Rewrite as single API endoint, ensuring lock is always disconnected before request completes

Resolves issue where lock would remain connected, blocking subsequent requests (and those from the official apps) until the node server was restarted.