Overview

The Access Users, Groups, and Credentials API allows customers to retrieve and manage user capabilities, group memberships, and credentials.

It can be used for linking any third part user identity management system with Verkada.

API Endpoints

Users

Get All Access Users - Retrieves a list of all access users in a given organization
Get Access User Information Object - Retrieves detailed information about a given access user
Activate BLE for Access User - Activates bluetooth unlock capability for a given access user
Deactivate BLE for Access User - Deactivates bluetooth unlock capability for a given access user
Set Entry Code for User - Sets the PIN code for a given access user
Remove Entry Code for User - Deletes the PIN code for a given access user
Send Pass App Invite for User - Sends out a pass app invitation to a given access user
Activate Remote Unlock for User - Activates remote unlock capability for a given access user
Deactivate Remote Unlock for User - Deactivates remote unlock capability for a given access user
Set Start Date for User - Defines the start date for a given access user's credentials to become valid
Set End Date for User - Defines the end date for a given access user's credentials to become invalid
Get Profile Photo - Retrieves the profile photo for a given access user
Upload Profile Photo - Uploads a profile photo for a given access user
Delete Profile Photo - Deletes the profile photo for a given access user

Groups

Get Access Group - Retrieves all of the users in a given access group
Get All Access Groups - Retrieves a list of all the access groups in a given organization
Create Access Group - Creates an access group within a given organization
Delete Access Group - Deletes a specified access group
Add User to Access Group - Adds a given access user to a given access group
Remove User from Access Group - Removes a given access user from a given access group

Credentials

Add Card to User - Creates and adds a card credential to a given access user
Delete Access Card - Deletes a card credential of a given access user
Activate Access Card - Activates a specific access card for a given access user
Deactivate Access Card - Deactivates a specific access card for a given access user
Add License Plate to User - Add a license plate credential to a given access user
Delete License Plate from User - Deletes a license plate credential from a given access user
Activate License Plate - Activates a specific license plate for a given access user
Deactivate License Plate - Deactivates a specific license plate for a given access user
Add MFA Code to User - Sets the MFA code for a given access user
Delete MFA Code from User - Deletes the MFA code for a given access user

Using the Users, Groups, and Credentials API

Getting Started

Refer to the Quick Start Guide for instructions on generating a Verkada API key and making your first API requests.

For the Users, Groups, and Credentials API you must use an API key that has permissions for the Access Control Endpoints.

Example Use Cases

User Photo Syncing

The access user information endpoints can be used to sync profile photos between another application and Verkada. Here's how you can use these endpoints to create a solution for syncing profile photos:

Syncing Photos from Another Application to Verkada

Retrieve Verkada Access Users' Information:
1. Use the Get All Access Users endpoint to fetch a list of all your Verkada users.
2. Compare the profile_photo_last_updated timestamp in each user object with the timestamp the photo was last modified in the third-party system to determine if a user's profile photo requires updating.
Update Outdated or Missing Photos:
1. For users with outdated or missing profile photos, call the Upload Profile Photo endpoint to upload or update their profile photos.
2. If a user's profile photo has been removed in the third-party system, use the Delete Profile Photo endpoint to remove their photo in Verkada.

Syncing Photos from Verkada to Another Application

To sync photos from Verkada to another application, follow a similar process as outlined above by comparing photo update timestamps between the systems.
Use the Get Profile Photo endpoint to retrieve the required user photos from Verkada.
Update the user’s profile photo in the third-party application with the data retrieved from Verkada.

Batch User Sync

Some of our customers utilize the API in a batch process manner. At a sub real-time frequency, customers compare their total current user base in their third party system with the total Verkada Command Access Control User base. The differences between the two sets of users define the actions need to be taken in order to sync both systems.

Users who exist in Verkada but not the customers User Information System will need to be either deleted from Verkada or deactivated.
Users who do not exist in Verkada but exist in the customers User Information System will need to be added to Command.
Any updated users, whether that be attributes like their name or employee ID, will need to be updated in Command.
Any change in groups in the customer's User Information System may need to change the Access Control Access in Command. This is done by adding or removing users from Access Groups in command.

Real Time Update User Sync

The other architecture our customers have used is a real-time sync. Changes made in the User Identity Management System are streamed out to a Message Queueing system where a consumer processes the changes and makes the relevant API calls to Command. The messages take the form of two schemas:

The entire User data model from the User Information System.
1. In this case, there is no indication of what change has occurred just that something has changed. A difference between that user object and its representation in Command will have to be done and actions taken accordingly.
An action is specified and a payload is included.
1. In this case, key action words have been specified (MODIFY, CREATE, DELETE, ACTIVATE, etc) and payloads for those action words have been defined. Each message will contain the action word that corresponds to the operation taken in the User Identity Managment System and its payload includes the relevant information needed to take that action in Command. The customers consumer script's job will be to map between the schema of the messages and the relevent API endpoints needed.