Updating an Access Grant
Useaccess_grants.update when you need to change when or where a person has access. Common scenarios include:
- Extended stay: A hotel guest extends their checkout from Friday to Sunday — update
ends_at. - Early access: A contractor needs to start a day earlier — update
starts_at. - Scope change: A resident moves from Unit 101 to Unit 205 — update
device_ids,space_ids, oracs_entrance_ids.
Updating the Schedule
Passstarts_at and/or ends_at to change the access window. The new schedule applies to all access methods under the grant.
Updating Resources
Passdevice_ids, space_ids, or acs_entrance_ids to change where the person has access. For example, if a resident moves units, update the grant to point to the new space instead of deleting and recreating it.
Re-issuance After an Update
When you update an Access Grant, Seam needs to re-program the credentials on the affected devices. During this process, each access method temporarily becomes invalid.What happens to each access method
- Seam emits an
access_method.revokedevent and setsis_issuedtofalse. The credential is no longer valid on the device. - Seam re-programs the credential with the updated schedule or resources.
- Once the credential is active again, the next step depends on the mode:
| Mode | What happens | Event |
|---|---|---|
| PIN code | The code value stays the same. Seam updates the valid time window on the lock automatically. | access_method.reissued |
| Mobile key | Seam updates the credential automatically. | access_method.reissued |
| Cloud key | Seam updates the credential automatically. | access_method.reissued |
| Card | The physical card must be re-encoded with the new credential. | access_method.card_encoding_required, then access_method.reissued after encoding |
For cards, you’ll need to re-encode the card before the updated credential takes effect. Plan for this if your workflow relies on physical cards — the guest will need to visit the front desk.
Listening for re-issuance events
Use webhooks or pollaccess_methods.list to track when access methods become valid again after an update:
access_method.revoked— The credential has been invalidated and is being re-programmed. The access method’sis_issuedisfalse.access_method.card_encoding_required— (Cards only) The new credential is ready but needs to be encoded onto the physical card.access_method.reissued— The credential is active again. The access method’sis_issuedistrue.
Deleting an Access Grant
Delete an Access Grant when a person’s access should end entirely — for example, when a guest checks out, an employee is offboarded, or a contractor’s engagement ends. Deleting the grant removes all access methods under it at once.access_grant.deleted event and an access_method.deleted event for each access method that was removed.
To revoke a single access method while keeping the rest active (for example, disabling a lost key card but keeping the guest’s PIN code), use
access_methods.delete instead.Delete vs. Update
| Scenario | Action |
|---|---|
| Guest checks out, employee offboards — all access should end | Delete the Access Grant |
| Guest extends stay, schedule changes | Update starts_at / ends_at |
| Person moves to a different unit or building | Update device_ids, space_ids, or acs_entrance_ids |
| One credential is lost but the person still needs access | Delete the access method, not the grant |