Integration using Access Apis
Access Api Integration
When integrating the BlueID system via Access Apis you have the chance to do a higher level integration as opposed to the Operator Apis integration.
Operator Apis, also named ID Apis, are a way lower type of integration and consist of endpoints that have as target two main entities: - MDID: Mobile Device ID, the device used by the end user (Smartphone or NFC Card) - SOID: Secured Object ID, the lock
In Operator Apis the access token created has a 1:1 relation between MDID and SOID. If a user for example has 2 devices and needs to have access to 5 locks, we need to create 10 tokens (with 10 different Api calls, one per MDID:SOID pair).
Differently, Access Apis, also called AC Apis, include grouping concepts. In Access Apis we don’t target MDIDs and SOIDs, but - Residents (also called Mobile Device Groups) represent the totality of devices an end user has - Lock Groups (a series of locks grouped together)
In Access Apis therefore, there is a many to many relation between MDISs and SOIDs and, with the example of before of a user (Resident) with 2 devices who need to have access to 5 locks, a single Api call would be enough to create the 10 tokens (Resident:Lock Group).
The authentication is slightly different from the Operator Apis one. To authenticate to Access Apis you need to be granted:
- OAuth client/secret
- Tenant name
An Access Api authentication looks like this:
curl --location --request POST 'https://ac-api.ac-prod.blueid.net/oauth2/token'
--header 'Content-Type: application/x-www-form-urlencoded'
--data-urlencode 'client_id=<YOUR CLIENT ID>’
--data-urlencode 'client_secret=<YOUR CLIENT SECRET>'
--data-urlencode 'username=<USER>@<TENANT NAME>'
--data-urlencode 'password=<YOUR USER'S PASSWORD>'
--data-urlencode 'scope=offline nfc-token-writer device-groups:write device-groups:read devices:read access-permissions:read'
Documentation on endpoints can bo found here: https://ac-api.ac-prod.blueid.net/v1/swagger-ui