Mobile Key Quick Start

Create your first mobile key credential to start controlling an access control system with Seam.

In this quick start, create an ACS user for a virtual access control system. Then, grant the user access to an entrance using a mobile key credential. With mobile keys, developers can create mobile apps that download users' credentials and then use Bluetooth low energy (BLE) or similar communications technologies to unlock granted nearby entrances. For more information about Seam's mobile access solution, see .

This quick start walks you through the process that applies specifically to the Salto KS ACS. There are often differences between access control systems. Once you've completed this quick start, learn how to work with your ACS using Seam, by reading the for your ACS.

Overview

This quick start walks you through the following basic steps:

an access control system to Seam.
- To get started quickly, use a virtual ACS in a .
Install a Seam SDK and create an API key.
Create a .
- Seam user identities enable you to match your own mobile app users to ACS users that you create using the Seam API.
Identify a to use for the mobile credential.
Set up an for the user identity, to enable mobile keys.
Create an and associate them with the user identity.
- Also, specify the access schedule for this user.
Assign the ACS user to an .
- Access groups are preconfigured to grant access to specific entrances. While some access control systems use access groups, others specify allowed entrances directly within the credential. For more details, see .
Create a mobile key for the ACS user.
View the following information about your successfully-created credential:
- The access schedule for the ACS user.
- The list of entrances to which the ACS user now has access.

Step 1: Connect a Virtual ACS

In the top navigation pane, click ACS Systems.
On the Access Systems page, click New Access System.
Seam Console displays a Connect Webview that enables you to connect a virtual ACS to Seam.
In the Connect Webview, authorize the connection.
1. Click Continue.
2. In the device brand list, click Salto KS.
3. On the Salto KS authorization page:
  1. In the Email field, type jane@example.com.
  2. In the Password field, type 1234.
  3. Click Log In.
  4. When prompted to allow application access, click Yes, Allow.
  5. In the sites list, select Main Site and then click Continue.
  6. Click Close.
The Access Systems page now displays the newly-connected virtual Salto KS access control system.

Step 2: Install a Seam SDK and Create an API Key

Download and install a Seam SDK in your favorite programming language.

npm i seam

pip install seam
# For some development environments, use pip3 in this command instead of pip.

bundle add seam

composer require seamapi/seam

Gradle:

// build.gradle
dependencies {
    implementation 'io.github.seamapi:java:0.x.x'
}

Maven:

<!-- pom.xml -->
<dependency>
    <groupId>io.github.seamapi</groupId>
    <artifactId>java</artifactId>
    <version>0.x.x</version>
</dependency>

go get github.com/seamapi/go

Create an API key.
2. In the left navigation pane, click API Keys.
3. In the upper-right corner of the API Keys page, click Add API Key.
4. In the Add API Key dialog, type a name for your new API key and then click Create API Key.
5. Copy the newly-created API key and store it for future use.
Open a terminal window and export your API key as an environment variable.
```
export SEAM_API_KEY=seam_test2bMS_94SrGUXuNR2JmJkjtvBQDg5c
```
The Seam SDK that you have installed automatically uses this API key once you have exported it.

Step 3: Create a User Identity

Create a user identity to represent a mobile app user.

Code:

from seam import Seam

seam = Seam()  # Seam automatically uses your exported SEAM_API_KEY.

jen_doe_user = seam.user_identities.create(
  email_address = "jen.doe@example.com"
)

Output:

UserIdentity(
  user_identity_id='22222222-2222-2222-2222-222222222222',
  email_address='jen.doe@example.com',
  ...
)

Code:

jen_doe_user=$(curl -X 'POST' \
  'https://connect.getseam.com/user_identities/create' \
  -H 'accept: application/json' \
  -H "Authorization: Bearer ${SEAM_API_KEY}" \
  -H 'Content-Type: application/json' \
  -d '{
  "email_address": "jen.doe@example.com"
}')

Output:

{
  "user_identity": {
    "user_identity_id": "22222222-2222-2222-2222-222222222222",
    "email_address": "jen.doe@example.com",
    ...
  },
  "ok": true
}

Code:

import { Seam } from "seam";

const seam = new Seam(); // Seam automatically uses your exported SEAM_API_KEY.

const jenDoeUser = await seam.userIdentities.create({
  email_address: "jen.doe@example.com"
});

Output:

{
  "user_identity_id": "22222222-2222-2222-2222-222222222222",
  "email_address": "jen.doe@example.com",
  ...
}

Code:

require "seam"

seam = Seam.new() # Seam automatically uses your exported SEAM_API_KEY.

jen_doe_user = seam.user_identities.create(
  email_address: "jen.doe@example.com"
)

Output:

<Seam::Resources::UserIdentity:0x005f0
  user_identity_id="22222222-2222-2222-2222-222222222222"
  email_address="jen.doe@example.com"
  ...
>

Code:

<?php
require 'vendor/autoload.php';

$seam = new Seam\SeamClient(); // Seam automatically uses your exported SEAM_API_KEY.

$jen_doe_user = $seam->user_identities->create(
  email_address: "jen.doe@example.com"
);

Output:

{
  "user_identity_id": "22222222-2222-2222-2222-222222222222",
  "email_address": "jen.doe@example.com",
  ...
}

Code:

// Coming soon!

Output:

// Coming soon!

Code:

// Coming soon!

Output:

// Coming soon!

Code:

package main

import (
  "context"
  "fmt"
  "os"
  "time" // To be used later in this quick start

  api "github.com/seamapi/go"
  seam "github.com/seamapi/go/client"
  acs "github.com/seamapi/go/acs" // To be used later in this quick start
)

func main() {
  if err := run(); err != nil {
    _, _ = fmt.Fprintln(os.Stderr, err.Error())
    os.Exit(1)
  }
}

func run() error {
  client := seam.NewClient(
    seam.WithApiKey(SEAM_API_KEY),
  )

  jenDoeUser, err := client.UserIdentities.Create(
    context.Background(), &api.UserIdentitiesCreateRequest{
      EmailAddress: api.String("jen.doe@example.com"),
    },
  )
  if err != nil {
    return err
  }
  
  return nil
}

Output:

{
  "user_identity_id": "22222222-2222-2222-2222-222222222222",
  "email_address": "jen.doe@example.com",
  ...
}

Step 4: Identify a Credential Manager

To create mobile keys for mobile app users, you must use a credential manager. When you added the virtual Salto KS ACS to your sandbox workspace earlier in this quick start, Seam automatically added a compatible virtual credential manager. Identify the ID of this credential manager.

On the Access Systems page, locate the Salto KS Credential Manager.
In the acs_system_id column for the Salto KS Credential Manager, click the ID to copy it.
Store this credential manager ID for future use.

Step 5: Set up an Enrollment Automation for the User Identity

Once you've identified the the credential manager to use for mobile app users, launch an enrollment automation to initialize the phones for an app user, that is, a user identity. This enrollment automation oversees the registration of each new phone for the user identity with the credential manager.

Code:

seam.user_identities.enrollment_automations.launch(
  user_identity_id = jen_doe_user.user_identity_id,
  create_credential_manager_user = True,
  # Use the credential manager ID that you copied earlier from Seam Console.
  credential_manager_acs_system_id = credential_manager_acs_system_id
)

Output:

EnrollmentAutomation(
  user_identity_id='22222222-2222-2222-2222-222222222222',
  enrollment_automation_id='77777777-8888-7777-7777-888888888888',
  ...
)

Code:

# Use the credential manager ID that you copied earlier from Seam Console.
curl -X 'POST' \
  'https://connect.getseam.com/user_identities/enrollment_automations/launch' \
  -H 'accept: application/json' \
  -H "Authorization: Bearer ${SEAM_API_KEY}" \
  -H 'Content-Type: application/json' \
  -d "{
  \"user_identity_id\": \"$(jq -r '.user_identity.user_identity_id' <<< ${jen_doe_user})\",
  \"create_credential_manager_user\": true,
  \"credential_manager_acs_system_id\": \"${credential_manager_acs_system_id}\"
}"

Output:

{
  "enrollment_automation": {
    "user_identity_id": "22222222-2222-2222-2222-222222222222",
    "enrollment_automation_id": "77777777-8888-7777-7777-888888888888",
    ...
  },
  "ok": true
}

Code:

await seam.userIdentities.enrollmentAutomations.launch({
  user_identity_id: jenDoeUser.user_identity_id,
  create_credential_manager_user: true,
  // Use the credential manager ID that you copied earlier from Seam Console.
  credential_manager_acs_system_id: credentialManagerAcsSystemId
});

Output:

{
  "user_identity_id": "22222222-2222-2222-2222-222222222222",
  "enrollment_automation_id": "77777777-8888-7777-7777-888888888888",
  ...
}

Code:

seam.user_identities.enrollment_automations.launch(
  user_identity_id: jen_doe_user.user_identity_id,
  create_credential_manager_user: true,
  # Use the credential manager ID that you copied earlier from Seam Console.
  credential_manager_acs_system_id: credential_manager_acs_system_id
)

Output:

<Seam::Resources::EnrollmentAutomation:0x005f0
  user_identity_id="22222222-2222-2222-2222-222222222222"
  enrollment_automation_id="77777777-8888-7777-7777-888888888888"
  ...
>

Code:

$seam->user_identities->enrollment_automations->launch(
  user_identity_id: $jen_doe_user->user_identity_id,
  create_credential_manager_user: true,
  // Use the credential manager ID that you copied earlier from Seam Console.
  credential_manager_acs_system_id: $credential_manager_acs_system_id
);

Output:

{
  "user_identity_id": "22222222-2222-2222-2222-222222222222",
  "enrollment_automation_id": "77777777-8888-7777-7777-888888888888",
  ...
}

Code:

// Coming soon!

Output:

// Coming soon!

Code:

// Coming soon!

Output:

// Coming soon!

Code:

client.UserIdentities.EnrollmentAutomations.Launch(
  context.Background(), &useridentities.EnrollmentAutomationsLaunchRequest{
    UserIdentityId: jenDoeUser.UserIdentityId,
    CreateCredentialManagerUser: api.Bool(true),
    // Use the credential manager ID that you copied earlier from Seam Console.
    CredentialManagerAcsSystemId: credentialManagerAcsSystemId,
  },
)

return nil

Output:

{
  "user_identity_id": "22222222-2222-2222-2222-222222222222",
  "enrollment_automation_id": "77777777-8888-7777-7777-888888888888",
  ...
}

Step 6: Create an ACS User

Create an ACS user within the virtual Salto KS access control system, associate this ACS user with the user identity that you created, and specify an access schedule for the user.

Find the ACS system ID.
2. On the Access Systems page, locate the Salto KS Main Site ACS.
3. In the acs_system_id column for the Main Site ACS, click the ID to copy it.
4. Store this ACS system ID for future use.
Create the ACS user, as follows:

Code:

acs_user = seam.acs.users.create(
  full_name = "Jen Doe",
  email_address = "jen.doe@example.com",
  # Use the ACS system ID that you copied earlier from Seam Console.
  acs_system_id = acs_system_id,
  user_identity_id = jen_doe_user.user_identity_id,
  access_schedule = {
    "starts_at": "2025-02-10T15:00:00.000Z",
    "ends_at": "2025-02-12T11:00:00.000Z"
  }
)

Output:

AcsUser(
  acs_user_id='33333333-3333-3333-3333-333333333333',
  user_identity_id='22222222-2222-2222-2222-222222222222',
  full_name='Jen Doe',
  access_schedule={
    'starts_at': '2025-02-10T15:00:00.000Z',
    'ends_at': '2025-02-12T11:00:00.000Z'
  },
  ...
)

Code:

# Use the ACS system ID that you copied earlier from Seam Console.
acs_user=$(curl -X 'POST' \
  'https://connect.getseam.com/acs/users/create' \
  -H 'accept: application/json' \
  -H "Authorization: Bearer ${SEAM_API_KEY}" \
  -H 'Content-Type: application/json' \
  -d "{
  \"full_name\": \"Jen Doe\",
  \"email_address\": \"jen.doe@example.com\",
  \"acs_system_id\": \"${acs_system_id}\",
  \"user_identity_id\": \"$(jq -r '.user_identity.user_identity_id' <<< ${jen_doe_user})\",
  \"access_schedule\": {
      \"starts_at\": \"2025-02-10T15:00:00.000Z\",
      \"ends_at\": \"2025-02-12T11:00:00.000Z\"
  }
}")

Output:

{
  "acs_user": {
    "acs_user_id": "33333333-3333-3333-3333-333333333333",
    "user_identity_id": "22222222-2222-2222-2222-222222222222",
    "full_name": "Jen Doe",
    "access_schedule": {
      "starts_at": "2025-02-10T15:00:00.000Z",
      "ends_at": "2025-02-12T11:00:00.000Z"
    },
    ...
  },
  "ok": true
}

Code:

const acsUser = await seam.acs.users.create({
  full_name: "Jen Doe",
  email_address: "jen.doe@example.com",
  // Use the ACS system ID that you copied earlier from Seam Console.
  acs_system_id: acsSystemId,
  user_identity_id: jenDoeUser.user_identity_id,
  access_schedule: {
    "starts_at": "2025-02-10T15:00:00.000Z",
    "ends_at": "2025-02-12T11:00:00.000Z"
  }
});

Output:

{
  acs_user_id: '33333333-3333-3333-3333-333333333333',
  user_identity_id: '22222222-2222-2222-2222-222222222222',
  full_name: 'Jen Doe',
  access_schedule: {
    "starts_at": "2025-02-10T15:00:00.000Z",
    "ends_at": "2025-02-12T11:00:00.000Z"
  },
  ...
}

Code:

acs_user = seam.acs.users.create(
  full_name: "Jen Doe",
  email_address: "jen.doe@example.com",
  # Use the ACS system ID that you copied earlier from Seam Console.
  acs_system_id: acs_system_id,
  user_identity_id = jen_doe_user.user_identity_id,
  access_schedule: {
    "starts_at": "2025-02-10T15:00:00.000Z",
    "ends_at": "2025-02-12T11:00:00.000Z"
  }
)

Output:

<Seam::Resources::AcsUser:0x005f0
  acs_user_id="33333333-3333-3333-3333-333333333333"
  user_identity_id="22222222-2222-2222-2222-222222222222"
  full_name="Jen Doe"
  access_schedule=#<Seam::DeepHashAccessor:0x000001fd69e446f8 @data={
    "starts_at"=>"2025-02-10T15:00:00.000Z",
    "ends_at"=>"2025-02-12T11:00:00.000Z"
  }>
  ...
>

Code:

$acs_user = $seam->acs->users->create(
  full_name: "Jen Doe",
  email_address: "jen.doe@example.com",
  // Use the ACS system ID that you copied earlier from Seam Console.
  acs_system_id: $acs_system_id,
  user_identity_id: $jen_doe_user->user_identity_id,
  access_schedule: array(
    "starts_at" => "2025-02-10T15:00:00.000Z",
    "ends_at" => "2025-02-12T11:00:00.000Z"
  )
);

Output:

{
  "acs_user_id": "33333333-3333-3333-3333-333333333333",
  "user_identity_id": "22222222-2222-2222-2222-222222222222",
  "full_name": "Jen Doe",
  "access_schedule": {
    "starts_at": "2025-02-10T15:00:00.000Z",
    "ends_at": "2025-02-12T11:00:00.000Z"
  },
  ...
}

Code:

// Coming soon!

Output:

// Coming soon!

Code:

// Coming soon!

Output:

// Coming soon!

Code:

checkIn, err := time.Parse(time.RFC3339, "2025-02-10T15:00:00.000Z")
checkOut, err := time.Parse(time.RFC3339, "2025-02-12T11:00:00.000Z")
if err != nil {
  return err
}

acsUser, err := client.Acs.Users.Create(
  context.Background(), &acs.UsersCreateRequest{
    FullName: api.String("Jen Doe"),
    EmailAddress: api.String("jen.doe@example.com"),
    // Use the ACS system ID that you copied earlier from Seam Console.
    AcsSystemId: acsSystemId,
    UserIdentityId: jenDoeUser.UserIdentityId,
    AccessSchedule: &acs.UsersCreateRequestAccessSchedule{
      StartsAt: checkIn,
      EndsAt: checkOut,
    },
  },
)
if err != nil {
  return err
}

return nil

Output:

{
  "acs_user_id": "33333333-3333-3333-3333-333333333333",
  "user_identity_id": "22222222-2222-2222-2222-222222222222",
  "full_name": "Jen Doe",
  "access_schedule": {
    "starts_at": "2025-02-10T15:00:00.000Z",
    "ends_at": "2025-02-12T11:00:00.000Z"
  },
  ...
}

Step 7: Assign the ACS User to an Access Group

Add the ACS user to an access group. For Salto KS, access groups specify the entrances to which users have access.

Find the access group ID.
2. On the Access Systems page, click the Salto KS Main Site ACS.
3. On the Main Site page, click the Access Groups tab.
4. Locate the Main Group, click ..., and click Copy Id.
5. Store this access group ID for future use.
Assign the ACS user to the Main Group, as follows:

Code:

seam.acs.users.add_to_access_group(
  acs_user_id = acs_user.acs_user_id,
  # Use the access group ID that you copied earlier from Seam Console.
  acs_access_group_id = access_group_id
)

Output:

None

Code:

# Use the access group ID that you copied earlier from Seam Console.
curl -X 'POST' \
  'https://connect.getseam.com/acs/users/add_to_access_group' \
  -H "Authorization: Bearer ${SEAM_API_KEY}" \
  -H 'Content-Type: application/json' \
  -d "{
  \"acs_user_id\": \"$(jq -r '.acs_user.acs_user_id' <<< ${acs_user})\",
  \"acs_access_group_id\": \"${access_group_id}\"
}"

Output:

{
  "ok": true
}

Code:

await seam.acs.users.addToAccessGroup({
  acs_user_id: acsUser.acs_user_id,
  // Use the access group ID that you copied earlier from Seam Console.
  acs_access_group_id: accessGroupId
});

Output:

void

Code:

seam.acs.users.add_to_access_group(
  acs_user_id: acs_user.acs_user_id,
  # Use the access group ID that you copied earlier from Seam Console.
  acs_access_group_id: access_group_id
)

Output:

nil

Code:

$seam->acs->users->add_to_access_group(
  acs_user_id: $acs_user->acs_user_id,
  // Use the access group ID that you copied earlier from Seam Console.
  acs_access_group_id: $access_group_id
);

Output:

void

Code:

// Coming soon!

Output:

// Coming soon!

Code:

// Coming soon!

Output:

// Coming soon!

Code:

_, err := client.Acs.Users.AddToAccessGroup(
  context.Background(), &acs.UsersAddToAccessGroupRequest{
    AcsUserId: acsUser.AcsUserId,
    // Use the access group ID that you copied earlier from Seam Console.
    AcsAccessGroupId: accessGroupId,
  },
)
if err != nil {
  return err
}

Output:

void

Step 8: Create a Mobile Key Credential

Create a mobile key credential for the ACS user.

Code:

mobile_key = seam.acs.credentials.create(
  acs_user_id = acs_user.acs_user_id,
  is_multi_phone_sync_credential = True,
  access_method = "mobile_key"
)

Output:

AcsCredential(
  acs_credential_id='66666666-6666-6666-6666-666666666666',
  acs_system_id='11111111-1111-1111-1111-111111111111',
  acs_user_id='33333333-3333-3333-3333-333333333333',
  access_method='mobile_key',
  ...
)

Code:

mobile_key=$(curl -X 'POST' \
  'https://connect.getseam.com/acs/credentials/create' \
  -H 'accept: application/json' \
  -H "Authorization: Bearer ${SEAM_API_KEY}" \
  -H 'Content-Type: application/json' \
  -d "{
  \"acs_user_id\": \"$(jq -r '.acs_user.acs_user_id' <<< ${acs_user})\",
  \"is_multi_phone_sync_credential\": true,
  \"access_method\": \"mobile_key\"
}")

Output:

{
  "acs_credential":{
    "acs_credential_id": "66666666-6666-6666-6666-666666666666",
    "acs_system_id": "11111111-1111-1111-1111-111111111111",
    "acs_user_id": "33333333-3333-3333-3333-333333333333",
    "access_method": "mobile_key",
    ...
  }
}

Code:

const mobileKey = await seam.acs.credentials.create({
  acs_user_id: acsUser.acs_user_id,
  is_multi_phone_sync_credential: true,
  access_method: "mobile_key"
});

Output:

{
  acs_credential_id: '66666666-6666-6666-6666-666666666666',
  acs_system_id: '11111111-1111-1111-1111-111111111111',
  acs_user_id: '33333333-3333-3333-3333-333333333333',
  access_method: 'mobile_key',
  ...
}

Code:

mobile_key = seam.acs.credentials.create(
  acs_user_id: acs_user.acs_user_id,
  is_multi_phone_sync_credential: true,
  access_method: "mobile_key"
)

Output:

<Seam::Resources::AcsCredential:0x005f0
  acs_credential_id="66666666-6666-6666-6666-666666666666"
  acs_user_id="33333333-3333-3333-3333-333333333333"
  access_method="mobile_key"
  ...
>

Code:

$pin_code_credential = $seam->acs->credentials->create(
  acs_user_id: $acs_user->acs_user_id,
  is_multi_phone_sync_credential: true,
  access_method: "mobile_key"
);

Output:

{
  "acs_credential_id": "66666666-6666-6666-6666-666666666666",
  "acs_system_id": "11111111-1111-1111-1111-111111111111",
  "acs_user_id": "33333333-3333-3333-3333-333333333333",
  "access_method": "mobile_key",
  ...
}

Code:

// Coming soon!

Output:

// Coming soon!

Code:

// Coming soon!

Output:

// Coming soon!

Code:

mobileKey, err := client.Acs.Credentials.Create(
  context.Background(), &acs.CredentialsCreateRequest{
    AcsUserId: acsUser.AcsUserId,
    IsMultiPhoneSyncCredential: api.Bool(true),
    AccessMethod: "mobile_key",
})
if err != nil {
    return err
}

fmt.Println(mobileKey)
return nil

Output:

{
  "acs_credential_id": "66666666-6666-6666-6666-666666666666",
  "acs_system_id": "11111111-1111-1111-1111-111111111111",
  "acs_user_id": "33333333-3333-3333-3333-333333333333",
  "access_method": "mobile_key",
  ...
}

Step 9: View Your New Credential

The access schedule for the ACS user.
The list of entrances to which the ACS user now has access.

To use Seam Console to view information about your new PIN code credential:

On the Access Systems page, click the Salto KS Main Site ACS.
In the Users table, click Jen Doe, the ACS user that you created.
In the Credentials tab for the ACS user, note the mobile key credential (multi-phone sync credential) that you created.
In the Properties area for the ACS user, view the user's access schedule. Note that Seam Console displays times adjusted to your local computer settings. That is, the times that you see in Seam Console are the times that you specified when creating the credential, adjusted to match your computer's time settings.
Click the Access Groups tab for the ACS user.
Click the Main Group access group.
On the Main Group page click the Entrances tab and then view the entrances to which this access group grants the ACS user access.

Next Steps

Now that you've created a mobile key credential, try out the other ACS quick starts.

Learn More

For a deeper dive into ACS concepts and instructions, see the following topics:

Learn about ACS concepts.
Create ACS users.
For relevant access control systems, assign ACS users to access groups.
Learn about available entrances.
Create credentials for ACS users.
Learn more about the Seam mobile access solution.

PreviousEncodable Key Card Quick Start NextConnect an ACS to Seam

Last updated 27 days ago

Was this helpful?