Download OpenAPI specification:
The purpose of this API is to manage users, locks and access permissions to operate locks
The basic workflow to get started is the following:
Also check how to delete users and revoke permissions.
The API version needs to be passed in the request Accept header using the vendor-specific media type
application/vnd.assaabloy.abloybeat.administration-0.9+json.
This section describes the differences between the 0.9 and 2.0 versions of the Administration API. Use this guide during the migration process. Since there are significant differences between the two versions, it is recommended to manually check every place where the API is directly invoked.
The 2.0 version of the API lives under a different URL.
The URL changes for the staging are the following:
https://apigw.sampo-staging.aah.assaabloy.net/administration/https://eu-staging-api.keyless.assaabloy.com/administration/The URL changes for the production are the following:
https://eu-apigw.abloybeat.api.assaabloy.com/administration/https://eu-api.keyless.assaabloy.com/administration/The API continues to use media types for content negotiation in version 2.0. Every request must provide a specific media
type in the Accept header, which is also the Content-Type header of the response on a successful execution. Starting
from API 2.0, only the major version is used in content negotiation. Also notice that the "abloybeat" is changed to
"keyless" to be aligned with the new domain name of the API.
The Accept header changes are the following:
application/vnd.assaabloy.abloybeat.administration-0.9+jsonapplication/vnd.assaabloy.keyless.administration-2+jsonAPI keys are a new concept, and it is recommended to check out the relevant section of the 2.0 documentation.
In short:
X-Api-Key header for every request.403 Forbidden.429 Too Many Requests. In that case the request should be retried after some delay.Prepare the integrated applications for reaching the rate limit and make sure it is handled gracefully.
In 0.9 the person, who can receive permissions, and his/her device, that can operate locks based on those permissions, are both represented by the User entity.
In 2.0 these two concepts are split into two different entities. User represent the person, who can receive permissions. Operating Device represent the mobile device that can interact with the lock.
This means changes in the registration process.
In 0.9 a user can be invited by the POST /invitation endpoint.
This takes care of both creating the user account and registering the mobile device. The user credentials were returned in a callback.
In 2.0 this is a two-step process.
POST /user. This will return the user's credentials.POST /operating-device-invitation.This process is described in more detail later in this guide.
For admin users who would like to access the API but will not operate the locks, it is enough to create the user. Inviting an operating device is not necessary.
In 2.0 this endpoint maps to GET /locking-device
Notable changes:
In 2.0, this endpoint maps to GET /locking-device/{locking-device-id}
In 2.0, this endpoint maps to POST /locking-device
In 2.0, this endpoint maps to PATCH /locking-device/{locking-device-id}
The same thing could be achieved in both cases: updating the name of the locking device.
However, the PATCH syntax is radically different. Refer to the API 2.0 docs on how to use it.
In 2.0, this endpoint maps to POST /permission
In 2.0 the structure of the request body has been redesigned. Unlike in 0.9, the request content type is always application/json. Every request body contains the fields of userId, lockingDeviceId (lockId in 0.9), operationType (type in 0.9) and the permissionType. Permission type is a new field introduced in 2.0. It determines if the created permission is single interval, recurring or multiple interval. Based on the permission type, there will be additional fields in the request body.
permissionType=SINGLE_INTERVAL start and end fields will be required, which map to the start and end fields of the 0.9 request. However, in 0.9 they were not required.permissionType=RECURRING start, end, weekday and intervals fields will be available, from which intervals will be required. These map to the fields of the recurrence object in the 0.9 request body.permissionType=MULTIPLE_INTERVALS the intervals fields will be required. This maps to the interval field of the 0.9 request body with content type application/multiple.intervals+json.In 2.0, this endpoint maps to PUT /permission/{permission-id}
The changes to this endpoint are identical to the changes described under POST /permission
In 2.0, this endpoint maps to DELETE /permission/{permission-id}
In 2.0, there is no direct mapping for this endpoint. It is required to call two separate endpoints in correct order to achieve the same result.
First call POST /user where the role field maps to the role field of POST /invitation from 0.9.
Then call POST /operating-device-invitation. The userId field maps to the id field from the response of the previous POST /user.
The validityDuration field maps to the validFor field of POST /invitation from 0.9.
The deliveryMechanism field partially maps to the contact/type field of POST /invitation from 0.9. It also introduces new fields to the request body based on its value.
deliveryMechanism=SMS means the same as contact/type=PHONE in POST /invitation in 0.9. In this case, the required phoneNumber field maps to the contact/value of POST /invitation from 0.9.deliveryMechanism=EMAIL means the same as contact/type=EMAIL in POST /invitation in 0.9. In this case, the required emailAddress field maps to the contact/value of POST /invitation from 0.9.deliveryMechanism=NONE will map the whole request to the POST /invitation-code from 0.9The id field in the response of POST /operating-device-invitation maps to the id field in the response of POST /invitation
The expirationDatetime field in the response of POST /operating-device-invitation maps to the expiresAt field in the response of POST /invitation
In 2.0, there is no direct mapping for this endpoint. It is required to call two separate endpoints in correct order to achieve the same result.
First call POST /user where the role field maps to the role field of POST /invitation-code from 0.9.
Then call POST /operating-device-invitation. The userId field maps to the id field from the response of the previous POST /user.
The validityDuration field maps to the validFor field of POST /invitation from 0.9.
The deliveryMechanism filed has to be set to NONE: deliveryMechanism=NONE
In this case, the fields in the response of POST /operating-device-invitation will directly map to the fields in the response of POST /invitation-code from 0.9.
In 2.0, this endpoint maps to GET /user
In 2.0, this endpoint maps to DELETE /user/{user-id}
In 2.0, this endpoint maps to POST /login/
To add locks to the system one must first create an unclaimed lock. Unclaimed locks are not yet connected to physical locks. To make this connection, you have to register the lock with the Abloy BEAT mobile app. Registering an unclaimed lock claims the lock for the account being used.
Returns list of all the locks in the system satisfying the given criteria
| claimed required | boolean Whether to return claimed or unclaimed locks. |
| lockingDeviceSerialNumber | string Serial number of the claimed lock. Unclaimed lock does not have a serial number. |
| page | integer <int32> >= 0 Default: 0 Page number (starts from 0) |
| size | integer <int32> [ 1 .. 100 ] Default: 20 Defines the maximum number of items returned |
| sort | string Example: sort=name&sort=asc Sorting property and optional direction |
{- "content": [
- {
- "id": "44663879-9a8f-4cca-b235-587d06ff7ba8",
- "name": "Gate Lock",
- "lockingDeviceSerialNumber": "BLAD123456",
- "operationalCertificate": {
- "eligibleForReKeying": true,
- "expirationDatetime": "2023-07-16T08:00:00Z",
- "revoked": false
}, - "manufacturingCertificate": {
- "eligibleForReKeying": false,
- "expirationDatetime": "2027-07-16T08:00:00Z",
- "revoked": false
}
}
], - "page": {
- "size": 20,
- "totalElements": 24,
- "totalPages": 2,
- "number": 1
}
}Creates an unclaimed lock. At this point the lock is not yet connected to a physical lock. The lock must be first registered by a Abloy BEAT mobile device, which will claim the lock for the account being used.
| name required | string [ 1 .. 255 ] characters Name of the lock |
{- "name": "Front Gate"
}{- "id": "02828588-2c7f-4847-b011-e489eb01f872",
- "name": "Front Gate"
}Updates an existing lock
| id required | string <uuid> The lock identifier |
| id | string <uuid> Identifier of the lock |
| name | string [ 1 .. 255 ] characters Name of the lock |
{- "name": "Front Gate"
}{- "type": "about:blank",
- "title": "Bad Request",
- "status": 400,
- "detail": "Invalid content type",
- "instance": "about:blank"
}Returns the requested lock from caller's system.
| id required | string <uuid> (ResourceId) Example: 558aef6a-de33-4e6c-8219-1eab9727ae94 The lock identifier |
{- "id": "44663879-9a8f-4cca-b235-587d06ff7ba8",
- "name": "Gate Lock",
- "lockingDeviceSerialNumber": "BLAD123456",
- "operationalCertificate": {
- "eligibleForReKeying": true,
- "expirationDatetime": "2023-07-16T08:00:00Z",
- "revoked": false
}, - "manufacturingCertificate": {
- "eligibleForReKeying": false,
- "expirationDatetime": "2027-07-16T08:00:00Z",
- "revoked": false
}
}Grants the user a permission to perform a specific operation on a lock.
The following operations are supported on the locks:
This type of permission has a single start and end date. The end date can be at most eight days into the future.
In order to create a one time permission the request must have application/json in the Content Type header and
it must include all required parameters plus the start and end parameters.
This type of permission contains a list of time intervals that is repeated daily.
The intervals of a recurring permission describe the time of the day during which the permission is active. Weekdays of a recurring permission describe the days on which the rule is repeated. If weekdays are not provided, the rule repeats every day.
Recurring permissions can be valid as long in the future as necessary, but permissions returned to clients will be limited at most eight days in the future.
In order to create a recurring permission the request must have application/json in the Content Type header and
it must include all required parameters plus recurrence parameter.
This type of permission can specify multiple time intervals. Those time intervals are not limited to a single day. For every interval, the end time has to be after the start time. The implementation supports only minutes accuracy. Seconds will be ignored.
In order to create a multiple interval permission the request must have application/multiple.intervals+json in the
Content Type header and it must include all required parameters.
Check the payload examples for different use cases.
Platform will remove old permissions periodically.
For the removal, a permission is considered old, when its range end time is over 14 days in the past.
| lockId required | string <uuid> Identifier of the lock |
| start | string <date-time> Start date and time of the permission (ISO 8601). Not needed if recurrence is present. |
| end | string <date-time> End date and time of the permission (ISO 8601). Not needed if recurrence is present. |
| type required | string (PermissionType) Enum: "OPEN" "UPDATE_FIRMWARE" "UPDATE_TIME" Permission type |
| userId required | string <uuid> Identifier of the user |
object (Recurrence) Permission recurrence rule | |
| operatingKeyValidityDuration | string <duration> (OperatingKeyValidityDuration) Default: "P8D" Validity duration (ISO 8601) of an operating key generated based on the permission Operating key validity duration defines how long an operating key downloaded for offline use is valid for. Even if a user would have a permission to open a locking device for a period of 1 year, when they download an operating key based on this permission, that operating key will only be valid for 8 days by default. After that, they need to download operating keys again. Setting a long validity duration has a downside from security perspective, as revoking a permission does not affect the already downloaded operating key. Setting a short validity duration is most secure, but can be problematic in areas without internet connectivity. Note: Must be greater than or equal to 1 day and less than or equal to 31 days. |
{- "userId": "be2c1dc6-48ca-4b4a-966e-bf46018cbdc7",
- "lockId": "0a323b61-0497-4865-991c-c1420aa2d829",
- "type": "OPEN",
- "start": "2019-09-02T15:00:00Z",
- "end": "2019-09-02T18:00:00Z",
- "operatingKeyValidityDuration": "P8D"
}{- "id": "eee5c5cf-8bce-4876-8fab-2197cbb78426"
}This operation replaces a permission between a lock and a user. Every field of the given permission is changed but it will retain its old id.
See the create permission endpoint for more information.
| id required | string <uuid> Identifier of the permission |
| lockId required | string <uuid> Identifier of the lock |
| start | string <date-time> Start date and time of the permission (ISO 8601). Not needed if recurrence is present. |
| end | string <date-time> End date and time of the permission (ISO 8601). Not needed if recurrence is present. |
| type required | string (PermissionType) Enum: "OPEN" "UPDATE_FIRMWARE" "UPDATE_TIME" Permission type |
| userId required | string <uuid> Identifier of the user |
object (Recurrence) Permission recurrence rule | |
| operatingKeyValidityDuration | string <duration> (OperatingKeyValidityDuration) Default: "P8D" Validity duration (ISO 8601) of an operating key generated based on the permission Operating key validity duration defines how long an operating key downloaded for offline use is valid for. Even if a user would have a permission to open a locking device for a period of 1 year, when they download an operating key based on this permission, that operating key will only be valid for 8 days by default. After that, they need to download operating keys again. Setting a long validity duration has a downside from security perspective, as revoking a permission does not affect the already downloaded operating key. Setting a short validity duration is most secure, but can be problematic in areas without internet connectivity. Note: Must be greater than or equal to 1 day and less than or equal to 31 days. |
{- "userId": "be2c1dc6-48ca-4b4a-966e-bf46018cbdc7",
- "lockId": "0a323b61-0497-4865-991c-c1420aa2d829",
- "type": "OPEN",
- "start": "2019-09-02T15:00:00Z",
- "end": "2019-09-02T18:00:00Z",
- "operatingKeyValidityDuration": "P8D"
}{- "type": "about:blank",
- "title": "Bad Request",
- "status": 400,
- "detail": "Invalid content type",
- "instance": "about:blank"
}Revokes user's permission to operate a lock.
| id required | string <uuid> Identifier of the permission |
{- "type": "about:blank",
- "title": "Bad Request",
- "status": 400,
- "detail": "Invalid content type",
- "instance": "about:blank"
}To add users to the system they always need to be invited. The invited user will receive an invitation code. The invited user then needs to activate his mobile device from the Abloy BEAT mobile app.
An activated user can be also deleted, which will remove all accesses the user has, and prevent further accesses from being granted.
Sends a user an invitation to the application by the selected delivery mechanism.
Returns an invitation identifier that will be used for asynchronous user creation.
Once the user is created in the system, a UserRegistered event is triggered containing the access key of
the user.
Once the user accepts the invitation, an UserActivated event is triggered containing the invitation identifier.
| TENANT-ID required | string <uuid> (ResourceId) Example: cf3e43ac-4c35-4de4-98a0-abb41dbe5b11 Tenant id |
| role required | string Enum: "USER" "ADMIN" Role given to the invited contact | ||||||
required | object Contact to whom invitation code should be sent.
| ||||||
| validFor | string <ISO8601 duration> Invitation code validity in hours in ISO8601 duration format. Note: Must be greater than 0 seconds and less than or equal to 365 days. Defaults to 24 hours. |
{- "contact": {
- "type": "PHONE",
- "value": "+2072325522705"
}, - "role": "USER",
- "validFor": "PT24H"
}{- "id": "ccbe0539-ab8a-4d95-9dd9-2c7d3e4adacd"
}Generates an invitation for the mobile application to the system.
Returns invitation details including an invitation code and an environment url that can be used to invite custom mobile application using mobile SDK.
Once the user is created in the system, a UserRegistered event is triggered containing the access key of
the user.
Once the user accepts the invitation, an UserActivated event is triggered containing the invitation identifier.
| TENANT-ID required | string <uuid> (ResourceId) Example: cf3e43ac-4c35-4de4-98a0-abb41dbe5b11 Tenant id |
| role required | string Enum: "USER" "ADMIN" Role given to the invited contact |
| validFor | string <ISO8601 duration> Invitation code validity in hours in ISO8601 duration format. Note: Must be greater than 0 seconds and less than or equal to 365 days. Defaults to 24 hours. |
{- "role": "USER",
- "validFor": "PT24H"
}{- "id": "16c51843-bf7a-481b-947b-3f507111f94d",
- "environmentUrl": "eu-apigw.abloybeat.api.assaabloy.com",
- "invitationCode": "LVDK-XTAX-Z6MP-VXCW",
- "expiresAt": "2030-01-01T13:00:00Z"
}Gets all users from caller's system
The returned list is automatically paginated by the backend.
It could happen that the client will only receive a fraction of the available users.
In that case the response body will also include a nextPageToken.
In order to receive the next batch, the client has to call the endpoint again using that token as a query parameter.
The client can be sure that all currently available users have been fetched when there is no nextPageToken in the response.
| next-page-token | string Example: next-page-token=VHpVZEpDeVg1N2RYNFFoSWk4bkIycGVGWTZWRThqcQ== The next page token received from the previous request |
{- "nextPageToken": "VHpVZEpDeVg1N2RYNFFoSWk4bkIycGVGWTZWRThqcQ==",
- "items": [
- {
- "id": "30b626d8-9309-40d6-a2f2-107849e408ef"
}
]
}Users need to be authenticated to be able to call most Abloy BEAT APIs. The login will return an authorization token which must be passed as a request header in every request to endpoints that require authorization.
Authenticate to acquire an authorization token represented as a
JSON Web Token. The token should be passed in
the Authorization request header.
The token is valid for one hour from the time it was created, and can be reused until it expires. On expiration, the client will receive HTTP status 401 Unauthorized when calling an endpoint.
| accessKey required | string non-empty User's secret key value |
| userId required | string <uuid> Identifier of the user |
{- "accessKey": "mA4OKvw59GXsivxQ0TSfg0BISsr94jyYVbNlFVr0Nn4=",
- "userId": "558aef6a-de33-4e6c-8219-1eab9727ae94"
}{- "token": "eyJraWQiOiJRNXhWdXA2ZmxISjVUM0pwUXpTYzk0MzhUT0dhaHNWWEppSzZYVmNqRDM0PSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiI3MGMxM2M3MS1mZDZlLTRhNjYtYTAwZi1kNTNlMGIwNjA4ZWMiLCJhdWQiOiIxamZ1OWkwcmFxYzJobWg0MTFjZ2lrMWIzOSIsImNvZ25pdG86Z3JvdXBzIjpbInVzZXJzIl0sImV2ZW50X2lkIjoiMjMyMDAzYTYtMGY0Yi00MGU2LTk2MmYtNTA5ZTMwZmI2NTZhIiwidG9rZW5fdXNlIjoiaWQiLCJhdXRoX3RpbWUiOjE1ODA5MDAzNzQsImlzcyI6Imh0dHBzOlwvXC9jb2duaXRvLWlkcC5ldS13ZXN0LTEuYW1hem9uYXdzLmNvbVwvZXUtd2VzdC0xX0Z4dnUzRWtxVyIsImNvZ25pdG86dXNlcm5hbWUiOiJiYjgzMTcwYi05MzRjLTQwZjMtYjEwYy1lMDZjOTBmYmYyODMiLCJleHAiOjE1ODA5MDM5NzQsImlhdCI6MTU4MDkwMDM3NCwiY3VzdG9tOnRlbmFudC1pZCI6IjdlOGU2OGMzLWJjYTMtNDhjMC04ZjI5LWE3NTdlZjJiM2MzZiJ9.gFOduAvbyfFpXBx9rbVDICXF7xk_DFHyv00ssVSvtf2YydH-7odEBG8rJtz-39sYrgCDxhPga6woaqetjJr4wmr6mLbGPLyugd2LhWaOWsmui3K5j-FuZCzV8igCBt6nj9huj1JXGZlrEGXucklmEb1MBcWi7m3wtaQjNaLhuS6UbCFcgpWKCUcGEiLe0LS7538mYcx3IcUMQ2f2704cPOc8a5oXkNNYWUgvnbksyBJovLHSGmVo1lYHS31EtW1IIMMSypfj_Yp9fSgRq3EG8JmwNWBramgyEDBVepRiE8JhA69bb7laZkPQlmMHOBlGTPKjJVfr8sxLr9BXq41itQ"
}