IdPoint service
IdPoint service guide
The IdPoint service is used for management of IdPoints. An IdPoint is a representation of a physical device where a user can input identification information. For example:
Card readers
Keypads
Biometric sensors
The diagram shows the data types that are used by the IdPoint Service.
![](topic//image/t10068094.png)
Setting up an IdPoint
A functioning IdPoint consists of two parts:
IdPoint
— The abstract representation in the systemIdPointConfiguration
— The hardware configuration bound to the IdPoint
These two structures are connected by giving them the same token
. These structures can be added or removed in any order. When only one of them exists, the IdPoint service will not do anything with the data until the complementary structure is set.
Creating the IdPoint
Creating an abstract IdPoint
is straight-forward. The token returned can be used to set the IdPointConfiguration
later. Note that the opposite order is also possible. Alternatively, it is possible to use predefined tokens.
{
"axtid:SetIdPoint": {
"IdPoint": [ {
"token": "idpoint1",
"Name": "Name1",
"Area": "Area1",
"MinPINSize": 4,
"MaxPINSize": 4,
"EndOfPIN": "#",
"HeartbeatInterval": "PT10M",
"Location": "Loc1",
"Timeout": "PT3S",
"Action": "Action1",
"Description": "Desc1"
} ]
}
}
<axtid:SetIdPoint>
<axtid:IdPoint token="token">
<axtid:Action>Action1</axtid:Action>
<axtid:Area>Area1</axtid:Area>
<axtid:Description>Desc1</axtid:Description>
<axtid:EndOfPin>#</axtid:EndOfPin>
<axtid:HeartbeatInterval>PT10M</axtid:HeartbeatInterval>
<axtid:Location>Loc1</axtid:Location>
<axtid:MaxPINSize>4</axtid:MaxPINSize>
<axtid:MinPINSize>4</axtid:MinPINSize>
<axtid:Name>Name1</axtid:Name>
<axtid:Timeout>PT3S</axtid:Timeout>
</axtid:IdPoint>
</axtid:SetIdPoint>
Configuring reader hardware
Hardware configuration of the IdPoint is done in the IdPointConfiguration
structure. It consists of token
, DeviceUUID
, Configuration
and IdDataConfiguration
. These configuration fields are described in turn below
DeviceUUID
An IdPoint is bound to a specific hardware unit using the DeviceUUID
field. When setting an IdPointConfiguration with an empty DeviceUUID
field, the field will be filled in with the UUID of the device to which the request is made. This will bind the configuration to that specific unit. For more information about the UUID field, see UUID.
Configuration structure
The Configuration
data structure describes the common hardware devices connected to the door controller and their connection types, see table. Some of the settings generate new IoUsers
that can be bound to physical pins using axisio:SetIoAssignment
, see I/O assignment service guide.
When issuing a call to SetIdPointConfiguration
without a value for all parameters, one of two things will happen:
If a structure with the same token already exists in the database, only the supplied parameters will be replaced.
If a structure with the specified token does not exist in the database, any missing parameters will be replaced with default values (the first value in each list of possible values).
Parameter | Valid values | Description |
---|---|---|
IdPoint.Reader.Type |
| The low-level protocol to use for the connected reader. If the IdPoint only has connected Request to EXit (REX) devices, None can be used. Use RS-485HD for Aperio readers, see section Aperio doors. Use TCPIP for Smart Intego readers, see section Smart Intego Doors. |
IdPoint.RS-485HD.Protocol |
| Protocol to use for RS-485FD. Valid when Reader.Type is RS-485FD |
IdPoint.TCPIP.Protocol | SmartIntego | Protocol to usefor TCPIP. Valid when Reader.Type is TCPIP. |
IdPoint.TCPIP.Address | Dotted—decimal number | Address of TCPIP reader/gateway in dotted—decimal format, for example 192.168.123.132 |
IdPoint.TCPIP.Port | Decimal number | Port number of TCPIP reader/gateway in decimal format. Use 2010 for Smart Intego readers. |
IdPoint.LED.Type |
| Specify the reader’s LED configuration: None if reader does not have any LED, SingleLED if the reader has one LED (e.g. red or green) or DualLED if the reader has two LEDs (e.g. both green and red). |
IdPoint.LED.ActiveLevel |
| Applicable if the reader has LEDs configured by IdPoint.LED.Type . Select ActiveLow if closed circuit will activate the LEDs. Select ActiveHigh if opened circuit will activate the LEDs. |
IdPoint.Beeper.Type |
| Specify the reader’s beeper configuration: Select |
IdPoint.Tampering.Type |
| Specify the reader’s tampering detection: Select |
IdPoint.Tampering.SupervisedCut | mV | Applicable if IoMode in IoAssignment is set to supervised , see section Assign I/O:s to services. Target voltage (in millivolts) for the cut (open circuit) state when using supervised inputs. End of line resistors must be used. |
IdPoint.Tampering.SupervisedShort | mV | Applicable if IoMode in IoAssignment is set to supervised , see section Assign I/O:s to services. Target voltage (in millivolts) for the short circuit state when using supervised inputs. End of line resistors must be used. |
IdPoint.Tampering.SupervisedHigh | mV | Applicable if IoMode in IoAssignment is set to supervised , see section Assign I/O:s to services. Target voltage (in millivolts) for the high state when using supervised inputs. End of line resistors must be used. |
IdPoint.Tampering.SupervisedLow | mV | Applicable if IoMode in IoAssignment is set to supervised , see section Assign I/O:s to services. Target voltage (in millivolts) for the low state when using supervised inputs. End of line resistors must be used. |
IdPoint.REX.Type |
| Specify if one or more REX devices are connected: Select None if no REX device is connected. Select ActiveLow if activating the REX device closes the circuit. Select ActiveHigh if activating the REX device opens the circuit. Select SupervisedActiveLow to trigger tampering detection if the target voltage for the supervised low state is reached. Select SupervisedActiveHigh to trigger tampering detection if the target voltage for the supervised high state is reached. Select RS-485HD if using Aperio doors. |
IdPoint.REX.SupervisedCut | mV | Applicable if IoMode in IoAssignment is set to supervised , see section Assign I/O:s to services. Target voltage (in millivolts) for the cut (open circuit) state when using supervised inputs. End of line resistors must be used. |
IdPoint.REX.SupervisedShort | mV | Applicable if IoMode in IoAssignment is set to supervised , see section Assign I/O:s to services. Target voltage (in millivolts) for the short circuit state when using supervised inputs. End of line resistors must be used. |
IdPoint.REX.SupervisedLow | mV | Applicable if IoMode in IoAssignment is set to supervised , see section Assign I/O:s to services. Target voltage (in millivolts) for the low state when using supervised inputs. End of line resistors must be used. |
IdPoint.REX.SupervisedHigh | mV | Applicable if IoMode in IoAssignment is set to supervised , see section Assign I/O:s to services. Target voltage (in millivolts) for the high state when using supervised inputs. End of line resistors must be used. |
IdPoint.Keypress.Types |
| Selecting Auto here usually works, but if a keypress format is not recognized correctly it may be necessary to set it explicitly. |
IdPoint.Hardware.Address | Hexadecimal number | Applies to both Aperio readers and Smart Intego readers. The reader’s hardware address. A six-digit hexadecimal number for Aperio readers, for example A0B1C2 and a hexadecimal number for Smart Intego readers, for example 0x200. |
IdPoint.Hardware.Id | string | Applies to Smart Intego readers. The “phi” string of a Smart Intego reader device. See section Smart Intego doors. |
IdPoint.Hub.Hardware.Address | Hexadecimal number | Applies to Smart Intego readers. The gateway’s device address, for example: 0x100. See section Smart Intego doors. |
IdPoint.SecureChannel.KeyToken | The token | See section Keystore service guide |
IdPoint.SecureChannel.KeyType |
|
|
IdPoint.Status.BatteryAlarm |
| Applicable if
|
IdPoint.Status.RadioDisturbance |
| Applicable if
|
IdPoint.Status.SecureChannel | string | Applicable if Indicates the status of the IdPoint device and is only sent for IdPoint readers using the OSDP protocol Human readable status of the secure channel. |
IdPoint.Status.Device | True False | Applicable if
|
IdPoint.Whitelist.IdData.Name | string | A credential may contain several Note Parameter only applicable to SmartIntego doors. |
Implementing mV
It is recommended that you place a supervised resistor-circuit as close to the monitoring device as possible.
For example, the circuit schema for serial first is used for supervised settings specifically for the AXIS A1601 Network Door Controller, with the mV values listed in the first table below.
On the other hand, the circuit schema for parallel first is used for the supervised settings of the mV values, and refers to the column Parallel 22k 4k7 in the second table below.
This table showcases the mV values for an open collector output with 1k pull-up to 5V (HID RK40) when using IdPointConfiguration.Tampering
Level | Serial 1k | Serial 2k2 | Serial 4k7 | Serial 10k | Parallel 22k 2k7 |
SupervisedCut | 2796 | 2796 | 2796 | 2796 | 2796 |
SupervisedHigh | 2517 | 3308 | 3894 | 4132 | 3788 |
SupervisedLow | 331 | 563 | 925 | 1407 | 814 |
SupervisedShort | 0 | 0 | 0 | 0 | 0 |
This table showcases the mV values for a basic switch when using either IdPointConfiguration.REX
or DoorConfiguration.Doormonitor
.
Level | Serial 1k | Serial 2k2 | Serial 4k7 | Serial 10k | Parallel 22k 2k7 |
SupervisedCut | 2796 | 2796 | 2796 | 2796 | 2796 |
SupervisedHigh | 449 | 827 | 1336 | 1824 | 1888 |
SupervisedLow | 244 | 487 | 864 | 1359 | 760 |
SupervisedShort | 0 | 0 | 0 | 0 | 0 |
Configuring a Wiegand reader
This is a configuration for a Wiegand reader (e.g. HID RK40 with default parameters). It has the following features:
Wiegand output
A single LED that switches between red and green.
The LED turns to green when grounded.
A beeper which sounds when grounded.
A tampering detection line which indicates tampering when grounded.
{"IdPointConfiguration": [{
"token": "",
"DeviceUUID": "",
"IdDataConfiguration": [""],
"Configuration": [ {"Name": "IdPoint.Reader.Type",
"Value": "Wiegand"},
{"Name": "IdPoint.LED.Type",
"Value": "SingleLED"},
{"Name": "IdPoint.LED.ActiveLevel",
"Value": "ActiveLow"},
{"Name": "IdPoint.Beeper.Type",
"Value": "ActiveLow"},
{"Name": "IdPoint.Tampering.Type",
"Value": "ActiveLow"} ]
}]
}
<axtid:IdPointConfiguration token="">
<axtid:Configuration>
<axconf:Name>IdPoint.Reader.Type</axconf:Name>
<axconf:Value>Wiegand</axconf:Value>
</axtid:Configuration>
<axtid:Configuration>
<axconf:Name>IdPoint.LED.Type</axconf:Name>
<axconf:Value>SingleLED</axconf:Value>
</axtid:Configuration>
<axtid:Configuration>
<axconf:Name>IdPoint.LED.ActiveLevel</axconf:Name>
<axconf:Value>ActiveLow</axconf:Value>
</axtid:Configuration>
<axtid:Configuration>
<axconf:Name>IdPoint.Beeper.Type</axconf:Name>
<axconf:Value>ActiveLow</axconf:Value>
</axtid:Configuration>
<axtid:Configuration>
<axconf:Name>IdPoint.Tampering.Type</axconf:Name>
<axconf:Value>ActiveLow</axconf:Value>
</axtid:Configuration>
<axtid:DeviceUUID></axtid:DeviceUUID>
<axtid:IdDataConfiguration></axtid:IdDataConfiguration>
</axtid:IdPointConfiguration>
Note that IdDataConfiguration
is set to empty in this request since it will be covered later. Note also that DeviceUUID
is set to empty here. This will be replaced by the UUID of the device to which the request is made.
Once this configuration has been set together with its corresponding IdPoint
, some IoUsers
will exist on the unit to which the request was made. See I/O assignment service guide for how to assign these to physical pins.
Configuring an open supervised device protocol (OSDP) reader
For an OSDP reader, it is only necessary to assign the serial pins since LED, beeper, tampering information etc. is sent using serial commands. Here we are assuming a half-duplex RS485 connection.
{"IdPointConfiguration": [{
"token": "",
"DeviceUUID": "",
"IdDataConfiguration": [""],
"Configuration": [ {"Name": "IdPoint.Reader.Type",
"Value": "RS-485HD"},
{"Name": "IdPoint.RS-485HD.Protocol",
"Value": "OSDP"} ]
}]
}
<axtid:IdPointConfiguration token="">
<axtid:Configuration>
<axconf:Name>IdPoint.Reader.Type</axconf:Name>
<axconf:Value>RS-485HD</axconf:Value>
</axtid:Configuration>
<axtid:Configuration>
<axconf:Name>IdPoint.RS-485HD.Protocol</axconf:Name>
<axconf:Value>OSDP</axconf:Value>
</axtid:Configuration>
<axtid:DeviceUUID></axtid:DeviceUUID>
<axtid:IdDataConfiguration></axtid:IdDataConfiguration>
</axtid:IdPointConfiguration>
The RS-485HD IoUser
can now be assigned using the I/O Assignment service, see I/O assignment service.
Configuring an open supervised device protocol (OSDP) secure channel reader
Step1: Start by adding a key to the key store, by issuing the following to the axkey
service:
{
"axkey:SetEncryptionKey": {
"axkey:EncryptionKey": [
{
"Name": "My key name",
"Description": "My key description",
"token": "my_key",
"Key": "00010203040506070809101112131415"
}
]
}
}
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:key="http://www.axis.com/vapix/ws/KeyStore">
<soap:Header/>
<soap:Body>
<key:SetEncryptionKey>
<!--1 or more repetitions:-->
<key:EncryptionKey token="my_key">
<key:Key>00010203040506070809101112131415</key:Key>
<!--Optional:-->
<key:Name>My key name</key:Name>
<!--Optional:-->
<key:Description>My key description</key:Description>
</key:EncryptionKey>
</key:SetEncryptionKey>
</soap:Body>
</soap:Envelope>
Step 2: Continue by configuring an IdPoint. Please refer to the IdPoint
service for details:
{
"axtid:SetIdPoint": {
"IdPoint": [
{
"Name": "My OSDP SC IdPoint",
"Action": "Access",
"token": "osdp_sc_idpoint",
"MaxPINSize": 4,
"MinPINSize": 4
}
]
}
}
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:idp="http://www.axis.com/vapix/ws/IdPoint">
<soap:Header/>
<soap:Body>
<idp:SetIdPoint>
<!--1 or more repetitions:-->
<idp:IdPoint token="osdp_sc_idpoint">
<idp:Name>My OSDP SC IdPoint</idp:Name>
<!--Optional:-->
<idp:Description></idp:Description>
<idp:Location></idp:Location>
<idp:Area></idp:Area>
<!--Optional:-->
<idp:Action>Access</idp:Action>
<!--Optional:-->
<idp:MinPINSize>4</idp:MinPINSize>
<!--Optional:-->
<idp:MaxPINSize>4</idp:MaxPINSize>
<!--Optional:-->
<idp:EndOfPIN></idp:EndOfPIN>>
<idp:Timeout></idp:Timeout>
<idp:HeartbeatInterval></idp:HeartbeatInterval>
</idp:IdPoint>
</idp:SetIdPoint>
</soap:Body>
</soap:Envelope>
<>
Once the IdPoint is set, add an IdPointConfiguration
, using the same token as in the call to tid:SetIdPoint
. Note that there are further parameters for SetIdPointConfiguration
- only those relevant to OSDP secure channel configuration are shown here. Please refer to IdPoint
Service API for details.
{
"axtid:SetIdPointConfiguration": {
"IdPointConfiguration": [
{
"token": "osdp_sc_idpoint",
"Configuration": [
{
"Name": "IdPoint.Reader.Type",
"Value": "RS-485HD"
},
{
"Name": "IdPoint.RS-485HD.Protocol",
"Value": "OSDP"
},
{
"Name": "IdPoint.SecureChannel.KeyToken",
"Value": "my_key"
},
{
"Name": "IdPoint.SecureChannel.KeyType",
"Value": "KeyBase"
}
]
}
]
}
}
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:idp="http://www.axis.com/vapix/ws/IdPoint" xmlns:con="http://www.axis.com/vapix/ws/Config">
<soap:Header/>
<soap:Body>
<idp:SetIdPointConfiguration>
<!--1 or more repetitions:-->
<idp:IdPointConfiguration token="osdp_sc_idpoint">
<idp:DeviceUUID></idp:DeviceUUID>
<!--Zero or more repetitions:-->
<idp:IdDataConfiguration></idp:IdDataConfiguration>
<!--Zero or more repetitions:-->
<idp:Configuration>
<con:Name>IdPoint.Reader.Type</con:Name>
<con:Value>RS-485HD</con:Value>
</idp:Configuration>
<idp:Configuration>
<con:Name>IdPoint.RS-485HD.Protocol</con:Name>
<con:Value>OSDP</con:Value>
</idp:Configuration>
<idp:Configuration>
<con:Name>IdPoint.SecureChannel.KeyToken</con:Name>
<con:Value>my_key</con:Value>
</idp:Configuration>
<idp:Configuration>
<con:Name>IdPoint.SecureChannel.KeyType</con:Name>
<con:Value>KeyBase</con:Value>
</idp:Configuration>
</idp:IdPointConfiguration>
</idp:SetIdPointConfiguration>
</soap:Body>
</soap:Envelope>
The IdPoint
is now configured to use the key with the token my_key
from the keystore (the value of this key is 00010203040506070809101112131415). We have also specified that we will use this key as a base key (no diversification using cUID). Valid values for KeyType are KeyBase
, KeyMaster
or None
. Once the steps above have been completed, the rest of the setup may be done as usual, to get a working system (IO assignments, doors, access points, credentials and users).
Configuring a REX device
A REX device can be represented as a standalone IdPoint
or be added to an IdPoint
that already has a reader. It is possible to connect an unlimited amount of REX devices to the same IdPoint
using the I/O Assignment service, see I/O assignment service guide.
Here is an example of an IdPoint
that contains only a REX device. The REX device is active when the circuit is closed.
{"IdPointConfiguration": [{
"token": "",
"DeviceUUID": "",
"IdDataConfiguration": [""],
"Configuration": [ {"Name": "IdPoint.Reader.Type",
"Value": "None"},
{"Name": "IdPoint.REX.Type",
"Value": "ActiveLow"} ]
}]
}
<axtid:IdPointConfiguration token="">
<axtid:Configuration>
<axconf:Name>IdPoint.Reader.Type</axconf:Name>
<axconf:Value>None</axconf:Value>
</axtid:Configuration>
<axtid:Configuration>
<axconf:Name>IdPoint.REX.Type</axconf:Name>
<axconf:Value>ActiveLow</axconf:Value>
</axtid:Configuration>
<axtid:DeviceUUID></axtid:DeviceUUID>
<axtid:IdDataConfiguration></axtid:IdDataConfiguration>
</axtid:IdPointConfiguration>
When this has been set, a REX IoUser
has been created for this IdPoint
that can be assigned to one or more physical pins.
Setting up access card formats
The IdDataConfiguration
data structure specifies access card formats. The structure contains a mapping of the access card’s binary data into key/value pairs as well as the binary data’s complete bit length. The mapping describes how to interpret the binary data bits.
Some access card formats are provided by default, for example the Wiegand 26-bit format (H10301). Use axtid:GetIdDataConfigurationList
to retrieve the list of available configurations.
The IdPoint/Request/IdData
event is sent when a person swipes his access card. The event contains raw data from the card in the Card
field and the bit length of the raw data in the BitCount
field. If the IdPoint
has no assigned IdDataConfiguration
, or if no assigned IdDataConfiguration
matches the bit length, the event contains only the Card
and BitCount
fields.
IdDataFieldMap data structure
The general format for the IdDataFieldMap
is <Format>,
<Format>, ...
where <Format>
is described in the table below.
Format | Meaning | Example |
---|---|---|
N | Bit N | 7 |
M-N | Bit M-N | 13–16 |
dB...B | Constant binary data | b0110 |
xX...X | Constant hexadecimal data | xF7D |
All the chunks will then be added together to form the value of the map. The most common case will be to use a single M-N
format for each IdDataFieldMap
. The constant data is only useful for adapting to legacy systems.
The table below shows the available encodings.
Encoding | Description | Length limit |
---|---|---|
BinLE2hex | Little-endian, encoded to lowercase hexadecimal | None |
BinLEIBO2hex | Inversed byte order Little-endian, encoded to lowercase hexadecimal | None |
BinBE2hex | Big-endian, encoded to lowercase hexadecimal | None |
BinBEIBO2hex | Inversed byte order Big-endian, encoded to lowercase hexadecimal | None |
Bin2Base64 | Base64 encoded | None |
BinIBO2Base64 | Inversed byte order Base64 encoded | None |
BinLE2Int | Little-endian, encoded to integer | 64bit |
BinLEIBO2Int | Inversed byte order Little-endian, encoded to integer | 64bit |
BinBE2Int | Big-endian, encoded to integer | 64bit |
BinBEIBO2Int | Inversed byte order Big-endian, encoded to integer | 64bit |
IdDataConfiguration example
This section is an example for the H10301 format.
The table shows the data field mapping. Note that the CardNrHex
is supplied as an example to show that it is possible to use the same bits but with different encodings (compare with CardNr
).
Map | Value | Encoding |
---|---|---|
EvenParity | 1 | BinLE2Int |
FacilityCode | 2–9 | BinLE2Int |
CardNr | 10–25 | BinLE2Int |
CardNrHex | 10–25 | BinLE2hex |
OddParity | 26 | BinLE2Int |
Let us assume that the 26 bits received from the reader are:
1
0000 0000 0010 0111 1110 0101 1
This will generate key/value pairs as described in the table below. Note that the complete raw data is always automatically encoded as hexadecimal and supplied in the Card
field.
Name | Value |
---|---|
Card | 02004fcb |
EvenParity | 1 |
FacilityCode | 0 |
CardNr | 10213 |
CardNrHex | 27e5 |
OddParity | 1 |
BitCount | 26 |
The complete axtid:SetIdDataConfiguration
request would look like:
{
"axtid:SetIdDataConfiguration":{
"IdDataConfiguration":[ {
"token":"",
"InputBitlength":26,
"Name":"IdDataConfig example",
"IdDataFieldMap": [ {
"Map": "1-26",
"Name": "FullCard",
"Encoding":"BinLE2hex"
},{
"Map":"1",
"Name":"ParityEven",
"Encoding": "BinLE2Int"
}, {
"Map": "2-9",
"Name": "FacilityCode",
"Encoding": "BinLE2Int"
}, {
"Map":"10-25",
"Name": "CardNr",
"Encoding": "BinLE2Int"
}, {
"Map": "10-25",
"Name": "CardNrHex",
"Encoding":"BinLE2hex"
},{
"Map":"26",
"Name": "ParityOdd",
"Encoding": "BinLE2Int"
} ],
"Description":"Test Description" } ]
}
}
<axtid:SetIdDataConfiguration>
<axtid:IdDataConfiguration token="">
<axtid:Description>Test Description</axtid:Description>
<axtid:IdDataFieldMap>
<axtid:Encoding>BinLE2hex</axtid:Encoding>
<axtid:Map>1-26</axtid:Map>
<axtid:Name>FullCard</axtid:Name>
</axtid:IdDataFieldMap>
<axtid:IdDataFieldMap>
<axtid:Encoding>BinLE2Int</axtid:Encoding>
<axtid:Map>1</axtid:Map>
<axtid:Name>ParityEven</axtid:Name>
</axtid:IdDataFieldMap>
<axtid:IdDataFieldMap>
<axtid:Encoding>BinLE2Int</axtid:Encoding>
<axtid:Map>2-9</axtid:Map>
<axtid:Name>FacilityCode</axtid:Name>
</axtid:IdDataFieldMap>
<axtid:IdDataFieldMap>
<axtid:Encoding>BinLE2Int</axtid:Encoding>
<axtid:Map>10-25</axtid:Map>
<axtid:Name>CardNr</axtid:Name>
</axtid:IdDataFieldMap>
<axtid:IdDataFieldMap>
<axtid:Encoding>BinLE2hex</axtid:Encoding>
<axtid:Map>10-25</axtid:Map>
<axtid:Name>CardNrHex</axtid:Name>
</axtid:IdDataFieldMap>
<axtid:IdDataFieldMap>
<axtid:Encoding>BinLE2Int</axtid:Encoding>
<axtid:Map>26</axtid:Map>
<axtid:Name>ParityOdd</axtid:Name>
</axtid:IdDataFieldMap>
<axtid:InputBitlength>26</axtid:InputBitlength>
<axtid:Name>IdDataConfig example</axtid:Name>
</axtid:IdDataConfiguration>
</axtid:SetIdDataConfiguration>
Getting card data from a reader
To get information about the last swiped card or other type of user token accepted by the reader, use the axtid:GetLastCredential
API call. This will also be parsed using the IdDataConfiguration
.
{"axtid:GetLastCredential":{
"Token": "idpoint1" }
}
<axtid:GetLastCredential>
<axtid:Token>idpoint1</axtid:Token>
</axtid:GetLastCredential>
{"IdData":[
{"Name": "FullCard", "Value":"02004fcb"},
{"Name": "ParityEven","Value": "1"},
{"Name": "FacilityCode","Value": "0"},
{"Name": "CardNr","Value": "10213"},
{"Name": "CardNrHex","Value": "27e5"},
{"Name": "ParityOdd","Value": "1"},
{"Name": "Card","Value": "02004fcb"},
{"Name":"BitCount", "Value": "26"} ]
}
<axtid:IdData Name="EvenParity" Value="1"></axtid:IdData>
<axtid:IdData Name="FacilityCode" Value="0"></axtid:IdData>
<axtid:IdData Name="CardNr" Value="10213"></axtid:IdData>
<axtid:IdData Name="CardNrHex" Value="27e5"></axtid:IdData>
<axtid:IdData Name="OddParity" Value="1"></axtid:IdData>
<axtid:IdData Name="Card" Value="02004fcb"></axtid:IdData>
<axtid:IdData Name="BitCount" Value="26"></axtid:IdData>
The Card
and BitCount
fields are always included, also if they are not in the IdDataConfiguration
.
Sending activities from a remote device
Axis physical access control products support IP based remote activity input devices such as IP card readers , License Plate Recognition cameras and Wireless sensors via the Indicate Remote Activities API. This provide a way for most IP devices to simulate activities such as presenting credentials or REX (Request to exit) inputs such as Wiegand, OSDP (Open Supervised Device Protocol) or via wireless sensors.
One typical use-case is license plate recognition, where an Axis camera sends the license plate number to the Access Controller, which in turn decides if the vehicle should be granted access. Further examples can be a remote indication of card swipes, PIN inputs or REX button-presses.
Calling the IndicateRemoteActivities API triggers the same type of endpoint events as a user swiping a card against a card reader or pushing a REX button that is directly connected to and configured by the Access Controller.
For each activity, two IdPoint events are sent. The first event is tns1:IdPoint/tnsaxis:Activity
for all supported activities. Params are mandatory for Activity-type Card
and PIN
, but not allowed for REX
. For Activity-type PIN
a param named ‘PIN’ is mandatory.
For each activity, two IdPoint events are sent, which are the same amount as for the wired Wiegand/OSDP reader.
The first event is tns1:IdPoint/tnsaxis:Activity
for all supported activities.
The Reason field for this event is:
CardPresented for activity-type
Card
REX for activity-type
REX
CodeEntered for activity-type
PIN
The second event for each activity is:
tns1:IdPoint/tnsaxis:Request/tnsaxis:IdData
for activity-typeCard
tns1:IdPoint/tnsaxis:Request/tnsaxis:REX
for activity-typeREX
tns1:IdPoint/tnsaxis:Request/tnsaxis:PIN
for activity-typePIN
Examples
For more examples on how to use remote activities, see Indicating remote activities.
Considerations
A hardware configuration needs to be in place due to the IndicateRemoteActivities-request body requiring a valid IdPoint-token to be able to send the IdPoint events.
For detailed information about configuring the hardware, see AXIS A1001 and AXIS Entry Manager User Manual.
The second step is the access decision that will be triggered by the tns1:IdPoint/tnsaxis:Request
event.
To get a positive access decision the following criteria need to be met:
The Name/Value pairs of the params in the API request need to match the Name/Value pairs of the
IdData
in a credential and have the same ordering. This credential needs to be associated with an AccessProfile, AccessPoint and IdPoint, that matches the ID and AuthenticationProfile as seen in Setting the credential.Each Name in the Params of the IndicateRemoteActivities request must match the
IdDataName
in theIdFactor
list of an AuthenticationProfile that is associated with either the Credential, AccessPoint or AccessProfile mentioned above. For additional information, see Setting the access point, Setting the access profile and Retrieve default configuration in the Access Control Service Guide.
If a Card
and a PIN
is expected from physical access control system all the following parameters are granted access:
IndicateRemoteActivities
(Card) +IndicateRemoteActivities
(PIN) (Separate API requests)IndicateRemoteActivities
(Card + PIN) (Same API request)IndicateRemoteActivities
(PIN + Card) (Same API request)
But this can be denied access:
IndicateRemoteActivities
(PIN) +IndicateRemoteActivities
(Card) (Separate API requests)
IdPoint service API
axtid = http://www.axis.com/vapix/ws/IdPoint
The IdPoint service handles identification points (IdPoints or IDP:s), which are typically card readers with keypads for pin code entry, but which could also be biometric readers. A Request-for-Exit button can also be seen as an IdPoint. Multiple physical readers/Identification Points can be handled by a service.
Use GetIdPointInfoList
to get the list of IdPoints with brief information and capabilities. Use GetIdPointList
to get the list of IdPoints and their configurations.
The IdPoint service sends events when there is activity, when a card is presented or pin is entered, etc. An Access Controller typically subscribes to these events and takes appropriate actions, e.g. unlocks a door. The FeedbackMessage
function is used by the Access Controller to give feedback or annunciations to the user.
The way the identification data is to be interpreted and sent is assumed to be configurable in a vendor-specific way. By default, the IdData Name "Card" should be used to send card data as a lower case hex string. Keypad input is sent as IdData Name "PIN" as string, PIN:s can be alfanumeric. REX request is sent as IdData Name "REX" with the value "Active".
The IdPoint generates events with IdData encoded as SimpleItem in the Data: section of the Notification. Additional IdData entries can be configured in a vendor-specific way.
Please refer to the ONVIF Access Control specification for generic operation guidelines and design principles behind ONVIF PACS services family.
AxisConfig service
See AxisConfig service.
Service capabilities
axtid = http://www.axis.com/vapix/ws/IdPoint
An ONVIF compliant device shall provide service capabilities in two ways:
With the
GetServices
method of the Device service whenIncludeCapability
is true. Please refer to the ONVIF Core Specification for more details.With the
GetServiceCapabilities
method.
Service capabilities data structure
The service capabilities reflect optional functionality of a service. The information is static and does not change during device operation. The following capabilities are available:
- SetIdPoint
True if SetIdPoint and SetIdPointList is supported.
GetServiceCapabilitiesCommand
This operation returns the capabilities of the IdPoint service.
An ONVIF compliant device which provides the IdPoint service shall implement this method.
GetServiceCapabilities | Access Class: PRE_AUTH |
Message name | Description |
GetServiceCapabilitiesRequest | This message shall be empty. |
GetServiceCapabilitiesResponse | This message contains:
|
IdPoint information
IdPointInfo data structure
The IdPointInfo type represents the IdPoint as a physical object. The structure contains information and capabilities of a specific idpoint instance. An ONVIF compliant device shall provide the following fields for each IdPoint instance:
- Token
A service-unique identifier of the IdPoint.
- Name
Name of the structure.
- Location
Text description of location of IdPoint.
- Area
The Area the IdPoint is in.
- Capabilities
The capabilities for this IdPoint.
To provide more information, the device may include the following optional field:
- Description
Description of the structure
IdPointCapabilities data structure
IdPointCapabilities reflect optional functionality of a particular physical entity. Different IdPoint instances may have different set of capabilities. This information may change during device operation, e.g. if hardware settings are changed. The following capabilities are available:
- Configurable
True if the IdPoint settings can be modified
- SupportCard
True if the IdPoint support reading Card data
- SupportPIN
True if the IdPoint support PIN/keypad entry.
- SupportREX
True if the IdPoint support/has a REX input.
- SupportBiometric
True if the IdPoint support/has some kind of Biometric input.
- SupportedMessageTypes
List of supported mime types for Message in FeedbackMessage function, e.g. text/plain - but may be an empty list.
- SupportedGraphicsTypes
List of supported mime types for Graphics in FeedbackMessage function, e.g. image/jpeg, image/png - but may be an empty list.
- SupportedAudioTypes
List of supported Audio formats in FeedbackMessage function, e.g. audio/basic, audio/mp3
- AdditionalCapabilities
General list of supported features, currently not specified in the specification.
GetIdPointInfoList command
This operation requests a list of all of IdPointInfo
items provided by the device. An ONVIF compliant device which provides the IdPoint service shall implement this method.
The returned list shall start with the item specified by a StartReference
parameter. If it is not specified by the client, the device shall return items starting from the beginning of the dataset.
StartReference
is a device internal identifier used to continue fetching data from the last position, and shall allow a client to iterate over a large dataset in smaller chunks. The device shall be able to handle a reasonable number of different StartReferences at the same time and they must live for a reasonable time so that clients are able to fetch complete datasets.
An ONVIF compliant client shall not make any assumptions on StartReference contents and shall always pass the value returned from a previous request to continue fetching data. Client shall not use the same reference more than once.
For example, the StartReference
can be incrementing start position number or underlying database transaction identifier.
The returned NextStartReference
shall be used as the StartReference
parameter in successive calls, and may be changed by device in each call.
The number of items returned shall not be greater than Limit
parameter. If Limit
parameter is not specified by the client, the device shall assume it unbounded. The number of returned elements is determined by the device and may be less than requested if the device is limited in its resources.
GetIdPointInfoList | Access Class: READ_SYSTEM |
Message name | Description |
GetIdPointInfoListRequest | This message contains:
|
GetIdPointInfoListResponse | This message contains:
|
Fault codes | Description |
| StartReference is invalid or has timed out. Client need to start fetching from the beginning. |
GetIdPointInfo command
This operation request a list of IdPointInfo
items matching the given tokens. An ONVIF-compliant device that provides IdPoint service shall implement this method.
The device shall ignore tokens it cannot resolve and may return an empty list if there are no items matching specified tokens.
If the number of requested items is greater than the max limit supported, a TooManyItems
fault shall be returned
GetIdPointInfo | Access Class: READ_SYSTEM |
Message name | Description |
GetIdPointInfoRequest | This message contains:
|
GetIdPointInfoResponse | This message contains:
|
Fault codes | Description |
| Too many items were requested, see MaxLimit capability. |
IdPoint configuration
IdPoint data structure
The IdPoint type provides the full configuration for an id point.
The following fields are available:
- Token
A service-unique identifier of the IdPoint.
- Name
Name of the structure.
- Location
Text description of location of IdPoint.
- Area
The Area the IdPoint is in.
- Timeout
Timeout between user interactions.
- HeartbeatInterval
The time between heartbeat event updates. A time of 0 means no heartbeat events.
To provide more information, the device may include the following optional fields:
- Description
Description of the structure.
- Action
The default action the IdPoint want to do. If not set, assume "Access".
- MinPINSize
Minimum number of characters in the PIN.
- MaxPINSize
Maximum number of characters in the PIN.
- EndOfPIN
String/character that ends a PIN and trigs sending of PIN.
GetIdPointList command
This operation requests a list of all of IdPoint
items provided by the device. An ONVIF compliant device which provides the IdPoint service shall implement this method.
The returned list shall start with the item specified by a StartReference
parameter. If it is not specified by the client, the device shall return items starting from the beginning of the dataset.
StartReference
is a device internal identifier used to continue fetching data from the last position, and shall allow a client to iterate over a large dataset in smaller chunks. The device shall be able to handle a reasonable number of different StartReference
:s at the same time and they must live for a reasonable time so that clients are able to fetch complete datasets.
An ONVIF compliant client shall not make any assumptions on StartReference
contents and shall always pass the value returned from a previous request to continue fetching data. Client shall not use the same reference more than once.
For example, the StartReference
can be incrementing start position number or underlying database transaction identifier.
The returned NextStartReference
shall be used as the StartReference
parameter in successive calls, and may be changed by device in each call.
The number of items returned shall not be greater than Limit
parameter. If Limit
parameter is not specified by the client, the device shall assume it unbounded. The number of returned elements is determined by the device and may be less than requested if the device is limited in its resources.
GetIdPointList | Access Class: READ_SYSTEM_SENSITIVE |
Message name | Description |
GetIdPointListRequest | This message contains:
|
GetIdPointListResponse | This message contains:
|
Fault codes | Description |
| StartReference is invalid or has timed out. Client need to start fetching from the beginning. |
GetIdPoint command
This operation request a list of IdPoint
items matching the given tokens. An ONVIF-compliant device that provides IdPoint service shall implement this method.
The device shall ignore tokens it cannot resolve and may return an empty list if there are no items matching specified tokens.
If the number of requested items is greater than the max limit supported, a TooManyItems
fault shall be returned
GetIdPoint | Access Class: READ_SYSTEM_SENSITIVE |
Message name | Description |
GetIdPointRequest | This message contains:
|
GetIdPointResponse | This message contains:
|
Fault codes | Description |
| Too many items were requested, see MaxLimit capability. |
SetIdPoint command
Set a list of IdPoints. If the specified token in an IdPoint is empty, a new unique token is created by the service. If an IdPoint with the specified token already exist it will be updated. If the token does not exist, a new IdPoint is created. The list of supplied or created tokens is returned.
SetIdPointList | Access Class: READ_SYSTEM |
Message name | Description |
SetIdPointRequest | This message contains:
|
SetIdPointResponse | This message contains:
|
Fault codes | Description |
| Not allowed to create or modify the IdPoint |
|
RemoveIdPoint command
Remove the IdPoints specified by the Tokens.
RemoveIdPoint | Access Class: WRITE_SYSTEM |
Message name | Description |
RemoveIdPointRequest | This message contains:
|
RemoveIdPointResponse | This message shall be empty. |
Fault codes | Description |
| Not allowed to remove the IdPoint. |
| IdPoint not found. |
GetIdPointCapabilities command
GetIdPointCapabilities | Access Class: READ_CAPABILITIES |
Message name | Description |
GetIdPointCapabilitiesRequest | This message contains:
|
GetIdPointCapabilitiesResponse | This message contains:
|
Fault codes | Description |
| IdPoint not found |
IdPoint feedback
IdPointFeedback data structure
The IdPointFeedback type enumerates the different type of feedback profiles. The actual implementation of these profiles is defined by the vendor and out of scope for ONVIF. Typically InvalidCredential, AccessDenied, Fault, Warning and Alarm would give "negative" feedback involving red LED and buzzer.
The following values are available:
- Other
The feedback mode is specified in some other defined way.
- Idle
Normal state - typically DoorLocked or DoorUnlocked is used instead (if the IdPoint controls a door).
- DoorLocked
Indicates that the Door is locked.
- DoorUnlocked
Indicates that the Door is unlocked.
- DoorOpenTooLong
Indicates that the Door is open too long.
- DoorPreAlarmWarning
Indicates that the Door soon is open too long.
- RequirePIN
PIN (Personal Identification Number/Code) is required.
- RequireCard
Card is required.
- Processing
Processing in progress.
- InvalidCredential
Credential is not valid.
- AccessGranted
Access is granted.
- AccessDenied
Access is denied.
- Ok
Generic Ok indication
- Fault
Generic fault indication
- Warning
Generic Warning indication.
- Alarm
Generic Warning indication.
- Custom
Some custom mode.
FeedbackMessage command
Control how the IdPoint
specified by the Token
should give feedback.
FeedbackMessage | Access Class: ACTUATE |
Message name | Description |
FeedbackMessageRequest | This message contains:
|
FeedbackMessageResponse | This message shall be empty. |
Fault codes | Description |
| The specified token is not found. |
IdPoint hardware configuration
IdPointConfiguration data structure
The device and hardware configuration for an IdPoint.
The following fields are available:
- Token
IdPoint Id to use for set, remove and usage.
- DeviceUUID
What device the IdPoint is on.
- IdDataConfiguration
Reference to the IdDataConfigurations to use.
- Configuration
Configuration for the IdPoint.
GetIdPointConfigurationList command
This operation requests a list of all of IdPointConfiguration
items provided by the device. An ONVIF compliant device which provides the DoorControl service shall implement this method.
The returned list shall start with the item specified by a StartReference
parameter. If it is not specified by the client, the device shall return items starting from the beginning of the dataset.
StartReference
is a device internal identifier used to continue fetching data from the last position, and shall allow a client to iterate over a large dataset in smaller chunks. The device shall be able to handle a reasonable number of different StartReferences at the same time and they must live for a reasonable time so that clients are able to fetch complete datasets.
An ONVIF compliant client shall not make any assumptions on StartReference
contents and shall always pass the value returned from a previous request to continue fetching data. Client shall not use the same reference more than once.
For example, the StartReference
can be incrementing start position number or underlying database transaction identifier.
The returned NextStartReference
shall be used as the StartReference
parameter in successive calls, and may be changed by device in each call.
The number of items returned shall not be greater than Limit parameter. If Limit parameter is not specified by the client, the device shall assume it unbounded. The number of returned elements is determined by the device and may be less than requested if the device is limited in its resources.
GetIdPointConfigurationList | Access Class: READ_SYSTEM_SENSITIVE |
Message name | Description |
GetIdPointConfigurationListRequest | This message contains:
|
GetIdPointConfigurationListResponse | This message contains:
|
Fault codes | Description |
| StartReference is invalid or has timed out. Client need to start fetching from the beginning. |
GetIdPointConfiguration command
This operation request a list of IdPointConfiguration
items matching the given tokens. An ONVIF-compliant device that provides IdPoint service shall implement this method.
The device shall ignore tokens it cannot resolve and may return an empty list if there are no items matching specified tokens.
If the number of requested items is greater than the max limit supported, a TooManyItems
fault shall be returned.
GetIdPointConfiguration | Access Class: READ_SYSTEM_SENSITIVE |
Message name | Description |
GetIdPointConfigurationRequest | This message contains:
|
GetIdPointConfigurationResponse | This message contains:
|
Fault codes | Description |
| Too many items were requested, see MaxLimit capability. |
SetIdPointConfiguration command
Add/update a list of IdPointConfiguration
items, the token in the IdPointConfiguration
should typically refer to an existing IdPoint
.
SetIdPointConfiguration | Access Class: WRITE_SYSTEM |
Message name | Description |
GeSetIdPointConfigurationRequest | This message contains:
|
GetISetIdPointConfigurationResponse | This message contains:
|
Fault codes | Description |
|
RemoveIdPointConfiguration command
Remove the IdPointConfiguration
items specified by the tokens. This is normally not needed, since when removing an IdPoint
, the configuration is removed as well - although it's possible to create configurations without a corresponding IdPoint
.
RemoveIdPointConfiguration | Access Class: WRITE_SYSTEM |
Message name | Description |
RemoveIdPointConfigurationRequest | This message contains:
|
RemoveIdPointConfigurationResponse | This message shall be empty. |
Fault codes | Description |
| IdPointConfiguration not found. |
GetIdPointConfigurationInfo command
Get the ConfigurationInfo
for a single IdPoint
specified by the token.
GetIdPointConfigurationInfo | Access Class: READ_SYSTEM |
Message name | Description |
GetIdPointConfigurationInfoRequest | This message contains:
|
GetIdPointConfigurationInfoResponse | This message contains:
|
Fault codes | Description |
| IdPoint not found. |
Reader functions
GetLastCredential command
Get the last entered credential on this reader.
GetLastCredential | Access Class: READ_SYSTEM_SENSITIVE |
Message name | Description |
GetLastCredentialRequest | This message contains:
|
GetLastCredentialResponse | This message contains:
|
Fault codes | Description |
| Configuration not found. |
IdDataConfigurations
An IdDataConfiguration describes how the binary data from a reader shall be parsed into IdData Name/Values.
IdDataConfiguration data structure
Specifies a configuration of how to map binary data input from a card reader or keypad to Request event messages.
The following fields are available:
- token
Id used to reference the structure.
- Name
Name of the configuration.
- Description
Description of configuration.
- InputBitlength
The number of bits the input data must have to use this configuration.
- IdDataFieldMap
List of maps.
IdDataEncoding data structure
Specifies the different encoding of binary data possible.
The following values are available:
- Other
For extendability, the encoding is specified some other way.
- BinLE2hex
Binary data is encoded as hex-lowercase.
- BinBE2hex
Binary data is encoded as hex-lowercase.
- Bin2Base64
Binary data is encoded as base64.
- Bin2String
Binary ASCII data is encoded as an URL encoded string.
- BinLEBCD2String
Binary Little Endian BCD data is encoded as a numeric string.
- BinBEBCD2String
Binary Big Endian BCD data is encoded as a string-
- BinLE2Int
Binary data is encoded as an integer number, with Little Endian byte order.
- BinBE2Int
Binary data is encoded as an integer number, with Big Endian byte order.
- BinLEIBO2hex
Binary data with inversed byte order is encoded as hex-lowercase.
- BinBEIBO2hex
Binary data with inversed byte order is encoded as hex-lowercase.
- BinIBO2Base64
Binary data with inversed byte order is encoded as base64.
- BinIBO2String
Binary with inversed byte order ASCII data is encoded as an URL encoded string.
- BinLEIBO2Int
Binary data with inversed byte order is encoded as an integer number using Little Endian byte order.
- BinBEIBO2Int
Binary data with inversed byte order encoded as an integer number using Big Endian byte order.
IdDataFieldMap data structure
The configuration for how binary card data read by the IdPoint should be mapped to an IdData name and value.
The following fields are available:
- Name
Name of the IdData field (e.g. UserNbr, SiteCode, FacilityCode).
- Map
Location of the field in the binary carddata (e.g. b0101,10-25,3,5,7,1,2,4,xFEDEBEDA,). First bit is bit 1, that is the first received over e.g. a wiegand port. The symbol 0bBBB (e.g. 0b111) indicates a sequence of constant binary digits BBB. The symbol 0xh..h indicates a constant sequence of hex digits h..h. The hex digits is interpreted with MSB first. The symbol sSSSS indicates a constant string SSSS, if you want the comma character ',' use ,0x2c, which is the ASCII representation of comma.
- Encoding
How the resulting bits is encoded to a Value.
GetIdDataConfigurationList command
This operation requests a list of all of IdDataConfiguration
items provided by the device. An ONVIF compliant device which provides the DoorControl service shall implement this method.
The returned list shall start with the item specified by a StartReference
parameter. If it is not specified by the client, the device shall return items starting from the beginning of the dataset.
StartReference
is a device internal identifier used to continue fetching data from the last position, and shall allow a client to iterate over a large dataset in smaller chunks. The device shall be able to handle a reasonable number of different StartReference
:s at the same time and they must live for a reasonable time so that clients are able to fetch complete datasets.
An ONVIF compliant client shall not make any assumptions on StartReference
contents and shall always pass the value returned from a previous request to continue fetching data. Client shall not use the same reference more than once.
For example, the StartReference
can be incrementing start position number or underlying database transaction identifier.
The returned NextStartReference
shall be used as the StartReference
parameter in successive calls, and may be changed by device in each call.
The number of items returned shall not be greater than Limit
parameter. If Limit
parameter is not specified by the client, the device shall assume it unbounded. The number of returned elements is determined by the device and may be less than requested if the device is limited in its resources.
GetIdDataConfigurationList | Access Class: READ_SYSTEM_SENSITIVE |
Message name | Description |
GetIdDataConfigurationListRequest | This message contains:
|
GetIdDataConfigurationListResponse | This message contains:
|
Fault codes | Description |
| StartReference is invalid or has timed out. Client need to start fetching from the beginning. |
GetIdDataConfiguration command
This operation request a list of IdDataConfiguration
items matching the given tokens. An ONVIF-compliant device that provides IdPoint service shall implement this method.
The device shall ignore tokens it cannot resolve and may return an empty list if there are no items matching specified tokens.
If the number of requested items is greater than the max limit supported, a TooManyItems
fault shall be returned.
GetIdDataConfiguration | Access Class: READ_SYSTEM_SENSITIVE |
Message name | Description |
GetIdDataConfigurationRequest | This message contains:
|
GetIdDataConfigurationResponse | This message contains:
|
Fault codes | Description |
| Too many items were requested, see MaxLimit capability. |
SetIdDataConfiguration command
Set (adds or modifies) the supplied list of IdDataConfiguration
items to the internal storage/database. If the token attribute is empty, a new unique token will be generated by the service. All supplied and generated tokens are returned.
SetIdDataConfiguration | Access Class: WRITE_SYSTEM |
Message name | Description |
SetIdDataConfigurationRequest | This message contains:
|
SetIdDataConfigurationResponse | This message contains:
|
Fault codes | Description |
|
RemoveIdDataConfiguration command
Remove the specified IdDataConfiguration
from storage.
RemoveIdDataConfiguration | Access Class: WRITE_SYSTEM |
Message name | Description |
RemoveIdDataConfigurationRequest | This message contains:
|
RemoveIdDataConfigurationResponse | This message shall be empty. |
Fault codes | Description |
|
Feedback functions
GetFeedbackMessage command
Get the current feedback message status of an IdPoint
.
GetFeedbackMessage | Access Class: READ_SYSTEM_SENSITIVE |
Message name | Description |
GetFeedbackMessageRequest | This message contains:
|
GetFeedbackMessageResponse | This message contains:
|
Fault codes | Description |
| IdPoint not found. |
Secure Channel functions
Enumeration: SecureChannel
The type SecureChannel
enumerates the different types of states for a secure channel.
The following values are available:
Unknown: Unknown state
ConnectionLost: The secure channel has stopped responding to communication
ConnectionEstablished: A working secure channel is active
NotSupported: Secure channel is not supported for this IdPoint
NoKey: No valid key found for this IdPoint
SecureChannelStatus
SecureChannelStatus
reflects the status of Secure Channel for an IdPoint
. If Secure Channel is configured and working, then Active will be True, otherwise Active will be False, and the Reason field will contain additional status information. The following fields are available:
Active: True if there is an active secure channel on the IdPoint
Reason: Status of the secure channel
GetSecureChannelStatus Command
Get the current secure channel status for an IdPoint.
GetSecureChannelStatus | Access Class: READ_SYSTEM_SENSITIVE |
Message name | Description |
GetSecureChannelStatusRequest | This message contains:
|
GetSecureChannelStatusResponse | This message contains:
|
Fault codes | Description |
env:Senderter:InvalidArgVal ter:NotFound | IdPoint not found |
WhiteList functions
WhiteList entries are uploaded one by one to their respective locks. The progress of the WhiteList entry upload for one or several locks, or the state of each of the WhiteList entries, can be requested using axtid:GetIdPointWhiteList
. On a similar note, the progress of the WhiteList entry upload for all locks, or the state of all WhiteList entries, can be requested by using axtid:GetIdPointWhiteListList
. The response presents all WhiteList entries of each lock and their states. The following states are available:
- Active
An active WhiteList entry has been successfully uploaded to a lock and is currently in use.
- Invalid
An invalid WhiteList entry cannot be uploaded to a lock because its data is not valid.
- PendingAdd
A WhiteList entry that is not currently in use, but is waiting to be uploaded to a lock. Once it has been successfully uploaded, its state is changed to
Active
- PendingRemove
A WhiteList entry that is currently in use, but is waiting to be removed from a lock.
GetIdPointWhiteList command
This operation request a list of IdPointWhiteList items matching the given tokens.
The device shall ignore tokens it cannot resolve and may return an empty list if there are no items matching specified tokens.
If the number of requested items is greater than the max limit supported, a TooManyItems
fault shall be returned.
GetIdPointWhiteList | Access Class: READ_SYSTEM_SENSITIVE |
Message name | Description |
GetIdPointWhiteListRequest | This message contains:
pt: ReferenceToken Token [1][unbounded] |
GetIdPointWhiteListResponse | This message contains:
axtid: IdPointWhiteList IdPointWhiteList [0][unbounded] |
Fault code | Description |
env: Sender ter: InvalidArgs ter: TooManyItems | Too many items were requested, see MaxLimit capability. |
GetIdPointWhiteListList command
This operation requests a list of all of the IdPointWhiteList
items provided by the device.
The returned list should start with the item specified by a StartReference
parameter. If it is not specified by the client, the device shall return items starting from the beginning of the dataset.
StartReference
is a device used for internal identifier and is used to fetch data from the last position, allowing the client to iterate over a large dataset in smaller chunks. The device shall be able to handle a reasonable number of different StartReferences
at the same time and they must live for a reasonable time so that clients are able to fetch complete datasets.
A client shall not make any assumptions on StartReference
contents and shall always pass the value returned from a previous request to continue fetching data. The client shall not use the same reference more than once.
For example, the StartReference
can increment the start position number or the underlaying database transaction identifier.
The returned NextStartReference
shall be used as the StartReference
parameter in successive calls and may be changed by the device in each call.
The number of items returned shall not be greater than the Limit
parameter. If the Limit
parameter is not specified by the client, the device will assume that it is unbounded. The number of returned elements is determined by the device and may be less than requested if the device is limited in its resources.
GetIdPointWhiteListList | Access Class: READ_SYSTEM_SENSITIVE |
Message name | Description |
GetIdPointWhiteListListRequest | This message contains:
xs:int Limit [0][1] xs:string StartReference [0][1] |
GetIdPointWhiteListListResponse | This message contains:
xs:string NextStartReference [0][1] axtid:IdPointWhiteList IdPointWhiteList [0][unbounded] |
Fault codes | Description |
env: Sender ter: InvalidArgVal ter: InvalidStartReference | StartReference is invalid or has timed out. Client need to start fetching from the beginning. |
Remote activity functions
NameValue
Generic construction containing a Name/Value pair.
The following fields are available:
Name
Value
Activity
The following fields are available:
- Type
Supported values for
REX
,Card
andPIN
- Params
Custom fields for Request-event. Mandatory for type
Card
andPIN
, but not allowed forREX
. For typePIN
a param named ‘PIN’ is mandatory.
IndicateRemoteActivities command
Applies activities for a remote IdPoint. For each activity two IdPoint events are sent.
The first event is tns1:IdPoint/tnsaxis:Activity
for all supported activities.
The Reason field for this event is:
CardPresented for activity-type
Card
REX for activity-type
REX
CodeEntered for activity-type
PIN
The second event for each activity is:
tns1:IdPoint/tnsaxis:Request/tnsaxis:IdData
for activity-typeCard
tns1:IdPoint/tnsaxis:Request/tnsaxis:REX
for activity-typeREX
tns1:IdPoint/tnsaxis:Request/tnsaxis:PIN
for activity-typePIN
| Access Class: ACTUATE |
Message name | Description |
| This message contains:
|
| This message shall be empty. |
Fault codes | Description |
env: Sender ter: InvalidArgVal ter: NotFound | IdPoint not found. |