Allegion Developer Portal

POST_api_credentials_scan

POST /api/credentials/scan

This resource is requested by the MT20W each time that a card is presented to the reader.

Request

  • Body
    • Type: application/json

  • Schema:

    {
"primary": "string",
"badgeId": "string",
"cardFormat": "string"
}

  • Example:

    {
"primary": "SYLlKMxuJufanUE20or+qQ==",
"badgeId": "22",
"cardFormat": "smart"
}

Response

  • HTTP status code 200
    • OK – Credential data included
  • HTTP status code 404
    • Not found – Credential not found
  • HTTP status code 412
    • Precondition failed – Credential not associated to user or non-writeable credential (prox)

In this example the “primary” json tag is the padded and encoded primary credential ID reported in base 64 format.

"SYLlKMxuJufanUE20or+qQ=="

In hexadecimal is “4982E528CC6E26E7DA9D4136D28AFEA9” (https://conv.darkbyte.ru/)

This is then decrypted with the site key.

“19B2DEDBA6621D297A293E9015B52406F221DB1384D1A1CFB01B09C36D35C54C”

Which decrypted returns:

B2000B00FFFFFFFFFFFFFFFFFFFFFFFF” (http://aes.online-domain-tools.com/)

The first 16 data entries (bold) represent the actual credential ID.

For details of the credential data that should be included with a 200 response please see the ENGAGE – SAM No Tour Integration reference document. This response from the host may be up to 624 bytes of data (48 bytes per sector and 13 sectors of data).

The "badgeId": "22" field is for display purposes only. This ID, is printed on the credential and used as an identifier to match a credential in the stocklist (after registration) with the physical credential.

The "cardFormat": "smart" field is used to identify that the scanned credential is capable of being written to. Only this credential format can be used with no-tour feature. When prox type credentials are scanned using MT20W this field will be set to “prox”.