Mobile Key Quick Start

Create your first mobile key credential to start controlling an access control system with Seam.

In this quick start, create a user identity for a virtual Salto KS access control system. Then, grant the user access to an entrance using a mobile key credential. With mobile keys, developers can create mobile apps that download users' credentials and then use Bluetooth low energy (BLE) or similar communications technologies to unlock granted nearby entrances. For more information about Seam's mobile access solution, see Mobile Access.

This quick start walks you through the process that applies specifically to the Salto KS ACS. There are often differences between access control systems. Once you've completed this quick start, learn how to work with your ACS using Seam, by reading the system integration guide for your ACS.

Overview

This quick start walks you through the following basic steps:

Connect an access control system to Seam.
- To get started quickly, use a virtual ACS in a sandbox workspace.
Install a Seam SDK and create an API key.
Create a user identity.
- Seam user identities enable you to match your own mobile app users to ACS users.
Identify a credential manager to use for the mobile credential.
Set up an enrollment automation for the user identity, to enable mobile keys.
Assign the user identity to an access group.
- Access groups are preconfigured to grant access to specific entrances. While some access control systems use access groups, others specify allowed entrances directly within the credential. For more details, see Access Permission Assignment Variations.
Create a mobile key ACS credential for the user identity.
View the list of entrances to which the user now has access.

🚀 Let's get started!

Step 1: Connect a Virtual ACS

In this quick start, use Seam Console to connect a virtual ACS to your sandbox workspace. Alternately, you can use the Seam API to create a Connect Webview and then use it to connect an ACS to Seam.

Log in to Seam Console.
In the upper-left corner, click the workspace switcher and select or create a sandbox workspace.
In the top navigation pane, click ACS Systems.
Click ACS Systems to go to the Access Systems page.
On the Access Systems page, click New Access System.
Seam Console displays a Connect Webview that enables you to connect a virtual ACS to Seam.
In the Connect Webview, authorize the connection.
1. Click Continue.
2. In the device brand list, click Salto KS.
3. On the Salto KS authorization page:
  1. In the Email field, type jane@example.com.
  2. In the Password field, type 1234.
  3. Click Log In.
  4. When prompted to allow application access, click Yes, Allow.
  5. In the sites list, select Main Site and then click Continue.
  6. Click Close.
The Access Systems page now displays the newly-connected virtual Salto KS access control system.

Step 2: Install a Seam SDK and Create an API Key

Download and install a Seam SDK in your favorite programming language.

npm i seam

pip install seam
# For some development environments, use pip3 in this command instead of pip.

bundle add seam

composer require seamapi/seam

Gradle:

// build.gradle
dependencies {
    implementation 'io.github.seamapi:java:0.x.x'
}

Maven:

<!-- pom.xml -->
<dependency>
    <groupId>io.github.seamapi</groupId>
    <artifactId>java</artifactId>
    <version>0.x.x</version>
</dependency>

go get github.com/seamapi/go

Create an API key.
1. In the top navigation pane of Seam Console, click Developer.
2. In the left navigation pane, click API Keys.
3. In the upper-right corner of the API Keys page, click Add API Key.
4. In the Add API Key dialog, type a name for your new API key and then click Create API Key.
5. Copy the newly-created API key and store it for future use.
Open a terminal window and export your API key as an environment variable.
```
export SEAM_API_KEY=seam_test2bMS_94SrGUXuNR2JmJkjtvBQDg5c
```
The Seam SDK that you have installed automatically uses this API key once you have exported it.

Step 3: Create a User Identity

Create a user identity to represent a mobile app user.

Find the ACS system ID.
1. In the top navigation pane of Seam Console, click ACS Systems.
2. On the Access Systems page, locate the Salto KS Main Site ACS.
3. In the acs_system_id column for the Main Site ACS, click the ID to copy it.
4. Store this ACS system ID for future use.
Create the user identity, as follows:

Code:

from seam import Seam

seam = Seam()  # Seam automatically uses your exported SEAM_API_KEY.

jen_doe_user = seam.user_identities.create(
  full_name: "Jen Doe",
  email_address = "jen.doe@example.com",
  # Use the ACS system ID that you copied earlier from Seam Console.
  acs_system_ids = [acs_system_id]
)

Output:

UserIdentity(
  user_identity_id='22222222-2222-2222-2222-222222222222',
  full_name='Jen Doe',
  email_address='jen.doe@example.com',
  ...
)

Code:

# Use the ACS system ID that you copied earlier from Seam Console.
jen_doe_user=$(curl -X 'POST' \
  'https://connect.getseam.com/user_identities/create' \
  -H 'accept: application/json' \
  -H "Authorization: Bearer ${SEAM_API_KEY}" \
  -H 'Content-Type: application/json' \
  -d "{
  \"full_name\": \"Jen Doe\",
  \"email_address\": \"jen.doe@example.com\",
  \"acs_system_id\": \"${acs_system_id}\",
}")

Output:

{
  "user_identity": {
    "user_identity_id": "22222222-2222-2222-2222-222222222222",
    "full_name": "Jen Doe",
    "email_address": "jen.doe@example.com",
    ...
  },
  "ok": true
}

Code:

import { Seam } from "seam";

const seam = new Seam(); // Seam automatically uses your exported SEAM_API_KEY.

const jenDoeUser = await seam.userIdentities.create({
  full_name: "Jen Doe",
  email_address: "jen.doe@example.com",
  // Use the ACS system ID that you copied earlier from Seam Console.
  acs_system_id: acsSystemId,
});

Output:

{
  "user_identity_id": "22222222-2222-2222-2222-222222222222",
  "full_name": "Jen Doe",
  "email_address": "jen.doe@example.com",
  ...
}

Code:

require "seam"

seam = Seam.new() # Seam automatically uses your exported SEAM_API_KEY.

jen_doe_user = seam.user_identities.create(
  full_name: "Jen Doe",
  email_address: "jen.doe@example.com",
  # Use the ACS system ID that you copied earlier from Seam Console.
  acs_system_id: acs_system_id,
)

Output:

<Seam::Resources::UserIdentity:0x005f0
  user_identity_id="22222222-2222-2222-2222-222222222222"
  full_name="Jen Doe"
  email_address="jen.doe@example.com"
  ...
>

Code:

<?php
require 'vendor/autoload.php';

$seam = new Seam\SeamClient(); // Seam automatically uses your exported SEAM_API_KEY.

$jen_doe_user = $seam->user_identities->create(
  full_name: "Jen Doe",
  email_address: "jen.doe@example.com",
  // Use the ACS system ID that you copied earlier from Seam Console.
  acs_system_id: $acs_system_id,
);

Output:

{
  "user_identity_id": "22222222-2222-2222-2222-222222222222",
  "full_name": "Jen Doe",
  "email_address": "jen.doe@example.com",
  ...
}

Code:

// Coming soon!

Output:

// Coming soon!

Code:

// Coming soon!

Output:

// Coming soon!

Code:

package main

import (
  "context"
  "fmt"
  "os"

  api "github.com/seamapi/go"
  seam "github.com/seamapi/go/client"
  acs "github.com/seamapi/go/acs" // To be used later in this quick start
)

func main() {
  if err := run(); err != nil {
    _, _ = fmt.Fprintln(os.Stderr, err.Error())
    os.Exit(1)
  }
}

func run() error {
  client := seam.NewClient(
    seam.WithApiKey(SEAM_API_KEY),
  )

  jenDoeUser, err := client.UserIdentities.Create(
    context.Background(), &api.UserIdentitiesCreateRequest{
      FullName: api.String("Jen Doe"),
      EmailAddress: api.String("jen.doe@example.com"),
      // Use the ACS system ID that you copied earlier from Seam Console.
      AcsSystemId: acsSystemId,
    },
  )
  if err != nil {
    return err
  }
  
  return nil
}

Output:

{
  "user_identity_id": "22222222-2222-2222-2222-222222222222",
  "full_name": "Jen Doe",
  "email_address": "jen.doe@example.com",
  ...
}

Step 4: Identify a Credential Manager

To create mobile keys for mobile app users, you must use a credential manager. When you added the virtual Salto KS ACS to your sandbox workspace earlier in this quick start, Seam automatically added a compatible virtual credential manager. Identify the ID of this credential manager.

In the top navigation pane of Seam Console, click ACS Systems.
On the Access Systems page, locate the Salto KS Credential Manager.
In the acs_system_id column for the Salto KS Credential Manager, click the ID to copy it.
Store this credential manager ID for future use.

Step 5: Set up an Enrollment Automation for the User Identity

Once you've identified the the credential manager to use for mobile app users, launch an enrollment automation to initialize the phones for an app user, that is, a user identity. This enrollment automation oversees the registration of each new phone for the user identity with the credential manager.

Code:

seam.user_identities.enrollment_automations.launch(
  user_identity_id = jen_doe_user.user_identity_id,
  create_credential_manager_user = True,
  # Use the credential manager ID that you copied earlier from Seam Console.
  credential_manager_acs_system_id = credential_manager_acs_system_id
)

Output:

EnrollmentAutomation(
  user_identity_id='22222222-2222-2222-2222-222222222222',
  enrollment_automation_id='77777777-8888-7777-7777-888888888888',
  ...
)

Code:

# Use the credential manager ID that you copied earlier from Seam Console.
curl -X 'POST' \
  'https://connect.getseam.com/user_identities/enrollment_automations/launch' \
  -H 'accept: application/json' \
  -H "Authorization: Bearer ${SEAM_API_KEY}" \
  -H 'Content-Type: application/json' \
  -d "{
  \"user_identity_id\": \"$(jq -r '.user_identity.user_identity_id' <<< ${jen_doe_user})\",
  \"create_credential_manager_user\": true,
  \"credential_manager_acs_system_id\": \"${credential_manager_acs_system_id}\"
}"

Output:

{
  "enrollment_automation": {
    "user_identity_id": "22222222-2222-2222-2222-222222222222",
    "enrollment_automation_id": "77777777-8888-7777-7777-888888888888",
    ...
  },
  "ok": true
}

Code:

await seam.userIdentities.enrollmentAutomations.launch({
  user_identity_id: jenDoeUser.user_identity_id,
  create_credential_manager_user: true,
  // Use the credential manager ID that you copied earlier from Seam Console.
  credential_manager_acs_system_id: credentialManagerAcsSystemId
});

Output:

{
  "user_identity_id": "22222222-2222-2222-2222-222222222222",
  "enrollment_automation_id": "77777777-8888-7777-7777-888888888888",
  ...
}

Code:

seam.user_identities.enrollment_automations.launch(
  user_identity_id: jen_doe_user.user_identity_id,
  create_credential_manager_user: true,
  # Use the credential manager ID that you copied earlier from Seam Console.
  credential_manager_acs_system_id: credential_manager_acs_system_id
)

Output:

<Seam::Resources::EnrollmentAutomation:0x005f0
  user_identity_id="22222222-2222-2222-2222-222222222222"
  enrollment_automation_id="77777777-8888-7777-7777-888888888888"
  ...
>

Code:

$seam->user_identities->enrollment_automations->launch(
  user_identity_id: $jen_doe_user->user_identity_id,
  create_credential_manager_user: true,
  // Use the credential manager ID that you copied earlier from Seam Console.
  credential_manager_acs_system_id: $credential_manager_acs_system_id
);

Output:

{
  "user_identity_id": "22222222-2222-2222-2222-222222222222",
  "enrollment_automation_id": "77777777-8888-7777-7777-888888888888",
  ...
}

Code:

// Coming soon!

Output:

// Coming soon!

Code:

// Coming soon!

Output:

// Coming soon!

Code:

client.UserIdentities.EnrollmentAutomations.Launch(
  context.Background(), &useridentities.EnrollmentAutomationsLaunchRequest{
    UserIdentityId: jenDoeUser.UserIdentityId,
    CreateCredentialManagerUser: api.Bool(true),
    // Use the credential manager ID that you copied earlier from Seam Console.
    CredentialManagerAcsSystemId: credentialManagerAcsSystemId,
  },
)

return nil

Output:

{
  "user_identity_id": "22222222-2222-2222-2222-222222222222",
  "enrollment_automation_id": "77777777-8888-7777-7777-888888888888",
  ...
}

Step 6: Assign the User Identity to an Access Group

Add the user identity to an access group. For Salto KS, access groups specify the entrances to which users have access.

Some other access control systems do not use access groups and, instead, specify allowed entrances directly within the credential. For more details, see Access Permission Assignment Variations.

Find the access group ID.
1. In the top navigation pane of Seam Console, click ACS Systems.
2. On the Access Systems page, click the Salto KS Main Site ACS.
3. On the Main Site page, click the Access Groups tab.
4. Locate the Main Group, click ..., and click Copy Id.
5. Store this access group ID for future use.
Assign the user identity to the Main Group, as follows:

Code:

seam.acs.access_groups.add_user(
  # Use the access group ID that you copied earlier from Seam Console.
  acs_access_group_id = access_group_id,
  user_identity_id = jen_doe_user.user_identity_id
)

Output:

None

Code:

# Use the access group ID that you copied earlier from Seam Console.
curl -X 'POST' \
  'https://connect.getseam.com/acs/access_groups/add_user' \
  -H "Authorization: Bearer ${SEAM_API_KEY}" \
  -H 'Content-Type: application/json' \
  -d "{
  \"acs_access_group_id\": \"${access_group_id}\",
  \"user_identity_id\": \"$(jq -r '.user_identity.user_identity_id' <<< ${jen_doe_user})\"
}"

Output:

{
  "ok": true
}

Code:

await seam.acs.accessGroups.addUser({
  // Use the access group ID that you copied earlier from Seam Console.
  acs_access_group_id: accessGroupId,
  user_identity_id: jenDoeUser.user_identity_id
});

Output:

void

Code:

seam.acs.access_groups.add_user(
  # Use the access group ID that you copied earlier from Seam Console.
  acs_access_group_id: access_group_id,
  user_identity_id: jen_doe_user.user_identity_id
)

Output:

nil

Code:

$seam->acs->access_groups->add_user(
  // Use the access group ID that you copied earlier from Seam Console.
  acs_access_group_id: $access_group_id,
  user_identity_id: jen_doe_user.user_identity_id
);

Output:

void

Code:

// Coming soon!

Output:

// Coming soon!

Code:

// Coming soon!

Output:

// Coming soon!

Code:

_, err := client.Acs.AccessGroups.AddUser(
  context.Background(), &acs.AccessGroupsAddUserRequest{
    // Use the access group ID that you copied earlier from Seam Console.
    AcsAccessGroupId: accessGroupId,
    UserIdentityId: jenDoeUser.UserIdentityId,
  },
)
if err != nil {
  return err
}

Output:

void

Step 7: Create a Mobile Key Credential

Create a mobile key credential for the user identity.

Code:

mobile_key = seam.acs.credentials.create(
  user_identity_id = jen_doe_user.user_identity_id,
  is_multi_phone_sync_credential = True,
  access_method = "mobile_key"
)

Output:

AcsCredential(
  acs_credential_id='66666666-6666-6666-6666-666666666666',
  acs_system_id='11111111-1111-1111-1111-111111111111',
  user_identity_id='22222222-2222-2222-2222-222222222222',
  access_method='mobile_key',
  ...
)

Code:

mobile_key=$(curl -X 'POST' \
  'https://connect.getseam.com/acs/credentials/create' \
  -H 'accept: application/json' \
  -H "Authorization: Bearer ${SEAM_API_KEY}" \
  -H 'Content-Type: application/json' \
  -d "{
  \"user_identity_id\": \"$(jq -r '.user_identity.user_identity_id' <<< ${jen_doe_user})\",
  \"is_multi_phone_sync_credential\": true,
  \"access_method\": \"mobile_key\"
}")

Output:

{
  "acs_credential":{
    "acs_credential_id": "66666666-6666-6666-6666-666666666666",
    "acs_system_id": "11111111-1111-1111-1111-111111111111",
    "user_identity_id": "22222222-2222-2222-2222-222222222222",
    "access_method": "mobile_key",
    ...
  }
}

Code:

const mobileKey = await seam.acs.credentials.create({
  user_identity_id: jenDoeUser.user_identity_id,
  is_multi_phone_sync_credential: true,
  access_method: "mobile_key"
});

Output:

{
  acs_credential_id: '66666666-6666-6666-6666-666666666666',
  acs_system_id: '11111111-1111-1111-1111-111111111111',
  user_identity_id: '22222222-2222-2222-2222-222222222222',
  access_method: 'mobile_key',
  ...
}

Code:

mobile_key = seam.acs.credentials.create(
  user_identity_id: jen_doe_user.user_identity_id,
  is_multi_phone_sync_credential: true,
  access_method: "mobile_key"
)

Output:

<Seam::Resources::AcsCredential:0x005f0
  acs_credential_id="66666666-6666-6666-6666-666666666666"
  acs_system_id="11111111-1111-1111-1111-111111111111"
  user_identity_id= "22222222-2222-2222-2222-222222222222"
  access_method="mobile_key"
  ...
>

Code:

$pin_code_credential = $seam->acs->credentials->create(
  user_identity_id: $jen_doe_user->user_identity_id,
  is_multi_phone_sync_credential: true,
  access_method: "mobile_key"
);

Output:

{
  "acs_credential_id": "66666666-6666-6666-6666-666666666666",
  "acs_system_id": "11111111-1111-1111-1111-111111111111",
  "user_identity_id": "22222222-2222-2222-2222-222222222222",
  "access_method": "mobile_key",
  ...
}

Code:

// Coming soon!

Output:

// Coming soon!

Code:

// Coming soon!

Output:

// Coming soon!

Code:

mobileKey, err := client.Acs.Credentials.Create(
  context.Background(), &acs.CredentialsCreateRequest{
    UserIdentityId: jenDoeUser.UserIdentityId,
    IsMultiPhoneSyncCredential: api.Bool(true),
    AccessMethod: "mobile_key",
})
if err != nil {
    return err
}

fmt.Println(mobileKey)
return nil

Output:

{
  "acs_credential_id": "66666666-6666-6666-6666-666666666666",
  "acs_system_id": "11111111-1111-1111-1111-111111111111",
  "user_identity_id": "22222222-2222-2222-2222-222222222222",
  "access_method": "mobile_key",
  ...
}

Step 8: View Your New Credential

You can use Seam Console, the Seam API, or the Seam CLI to view the list of entrances to which the ACS user now has access.

To use Seam Console to view information about your new PIN code credential:

In the top navigation pane of Seam Console, click ACS Systems.
On the Access Systems page, click the Salto KS Main Site ACS.
In the Users table, click Jen Doe, the ACS user that you created.
Click the ACS user to view their credentials.
In the Credentials tab for the ACS user, note the mobile key credential (multi-phone sync credential) that you created.
Click the Access Groups tab for the ACS user.
Click the Main Group access group.
On the Main Group page click the Entrances tab and then view the entrances to which this access group grants the ACS user access.
View the entrances to which the ACS user has access as a member of the access group.

This quick start shows the server-side portion of the mobile access development process. The other piece of this process is to develop a mobile app that downloads the user's mobile keys and then uses BLE or similar technology to unlock nearby entrances to which the user's credentials grant access. For details, see Integrating into your mobile application.

Next Steps

Now that you've created a mobile key credential, try out the other ACS quick starts.

Then, connect your ACS to Seam.

Learn More

For a deeper dive into ACS concepts and instructions, see the following topics:

Learn about ACS concepts.
- Access Control System Resources
- Understanding ACS Differences
Create user identities.
- Managing Mobile App User Accounts with User Identities
For relevant access control systems, assign user identities to access groups.
- Adding User Identities to Access Groups
Learn about available entrances.
- Retrieving Entrance Details
Create credentials for ACS users.
- Managing Credentials
Learn more about the Seam mobile access solution.
- Mobile Access
- Integrating into your mobile application
See the Seam Access Control Systems API reference.

PreviousEncodable Key Card Quick Start NextConnect an ACS to Seam

Last updated 10 days ago

Was this helpful?