I like to correct what I said earlier.  

So the api we’ve used  to add a rule, is the add-access-rule.  Then we send a publish.  It fails with the add-access-rule call, even before the publish.

An example that causes issue is.  Let’s say we have 3 add-access-rule calls coming into the checkpoint closely to each other, like within few seconds. All 3 have the different source, but the same destination (for example an Cisco ACI epg data center object that gets imported from Cisco ACI previously into Checkpoint).  In this case, from multiple processes (or multi threads).  The Checkpoint will choke, rejecting all access add requests except the first one.  I assume it’s because the firewall is processing the 1st request add, locking the epg object.  Hence, the 2 subsequent requests got rejected.  So it seems the firewall doesn't have a staging queue to hold for the 3 “concurrent” add requests.  When I paced out the 3 add requests, like 30sec or more, all 3 add requests were successful. Then their subsequent publish calls were also successful. 

I hope that helps clarify my question.   

Tested in my lab adding a locked network object as destination and publishing, didn't cause any issues.

A few thing that might help us understand if there's an issue here:

1) If you can add the response for the API calls we might see what is wrong more clearly.

2) If you cancel the publish after every add-access-rule and keep only the one at the end - will this succeed? Another way is to add sleep between commands

3) The way you run the commands are waiting for response?