Rhombus API for pushing card swipe events to cameras

[stakach]

Here’s the high level information to get you started, let us know if you have any additional questions.

Our API documentation can be found here: https://apidocs.rhombussystems.com/reference/introduction. We provide our API as an OpenAPI doc as well if you are interested in generating code stubs: https://api.rhombussystems.com/api/openapi/public.json. We have a variety of code examples in python, java, and typescript here: https://github.com/RhombusSystems.

As a note, our public API is also used for our own console, so any http calls that you see while on our console can be done via our API.

With regards to the access control integration on our end, we request the following http endpoints/functionality for us to manage webhooks and configuration:

• Authentication. Some way to authenticate a user or credentials. This can be an endpoint that returns a token, or just including username/password on other requests.
• getDoors. This should give us a list of access control devices that we can map to cameras in our system. We will need some unique identifier on the devices that is also included in the webhook payload so that we can route events to the correct camera feeds.
• subscribeWebhook. We will give you a unique URL for the webhook that we will expect to receive the webhook POSTs. Often we provide a secret or a secret token is given back in this request that is used to sign the webhook payloads so that we can verify the payload is legitimate from you. We will also want a unique ID for the webhook so that we can unsubscribe if the integration is disabled.
• unsubscribeWebhook. If a user in our system disables the integration through our console, we will unsubscribe from the webhook using the unique ID provided on the subscription.
• unlockDoor. This is a new feature that we are rolling out to other access control integrations where a user will be able to unlock specified doors directly from our console on the camera pages. This is optional depending on your use case, but does provide a good user experience of buzzing someone in while looking at the video. In this case, we would just need to be able to unlock a door remotely given a door ID. When configuring the integration in our console, users will have the option of allowing/disallowing remote unlock for specific doors.

As for the webhook payload, we need the following fields either accessible directly in the payload or retrievable from the API given the payload contents:

• door ID corresponding to a device returned from the getDoors API endpoint
• timestamp
• action (e.g. Access Granted/Unlocked, Access Denied, REX, etc)
• badge name so that we can do facial recognition matching/learning