Open APIs

Our Open REST based APIs allow you to integrate NoahFace with your existing IT systems and applications. For example, you could:

  • Interface with a payroll, access control, student management, or membership system that we do not currently support.
  • Control and record access to your business applications (ie: provide a secure and convenient login mechanism).
  • Control and record access to specialist machines (lathes, etc), vehicles (trucks, forklifts, trains, etc), or a key safe.

The opportunities are endless.

User Synchronisation

NoahFace can automatically retrieve your list of users from an existing IT system so you don't need to import/export users or manually maintain them in two places. To do this, you simply implement our User Synchronisation API (a REST end-point), and configure NoahFace to call it.

User Synchronisation API

Your implementation of the User Synchronisation API should return JSON data. The JSON data should containing a Users array, which is your list of users. Each user can contain any of the following elements:

  • SyncGuid. The unique identifier of the user in your user directory. This is the only mandatory element.
  • Name. The preferred name of the user, which if present is displayed on the recognition screen.
  • FirstName. The first name of the user.
  • LastName. The last name of the user.
  • UserNumber. The business-defined number for the user, such as an employee number or membership number.
  • UserType. The business-defined type of user, which is used for categorisation.
  • Country. The country code for the user's phone number (eg: 1 = USA, 44 = UK, 61 = Australia).
  • Mobile. The mobile phone number of the user. This can be used to send passcode notifications.
  • Email. The email address of the user. This can be used to send passcode notifications.
  • CardNumber. The access card number of the user, which is used in secure access control applications.
  • Site. The name of the primary site the user belongs to, which is used for categorisation.
  • Groups. The list of groups the user belongs to, which can be used to restrict access through access rules.

Example JSON

The following is an example of the JSON that your API should return. Only the SyncGuid and at least one of the Name and FirstName elements are mandatory for each user.

{ 
    "Users" : [           
        {  
            "SyncGuid"   : "12345",
            "Name"       : "Sammy",
            "FirstName"  : "Samara",  
            "LastName"   : "Smith", 
            "UserNumber" : "1001", 
            "UserType"   : "", 
            "Country"    : "61", 
            "Mobile"     : "0414736886", 
            "Email"      : "sammy@gmail.com", 
            "Site"       : "Melbourne", 
            "Groups"     : ["Finance"],
            "CardNumber" : "12345"
        },
        {
            "SyncGuid"   : "55555", 
            "Name"       : "Jimmy", 
            "FirstName"  : "James",  
            "LastName"   : "Smith", 
            "UserNumber" : "1002", 
            "UserType"   : "", 
            "Country"    : "61", 
            "Mobile"     : "0414736887",  
            "Email"      : "james@gmail.com", 
            "Site"       : "Sydney", 
            "Groups"     : ["Finance", "Management"],
            "CardNumber" : ""
        }
    ]
}

Configuration

To enable user synchronisation, simply add a synchronisation instance, select 'Custom' as the type of synchronisation, and specifying your API endpoint details (see example below).

User Recognition

NoahFace can forward user recognition events to your applications or IT systems. To do this, you simply implement our User Recognition API (a REST end-point), and configure NoahFace to call it when a user is recognised.

User Recognition API

Your implementation of the User Recognition API should expect to receive the following elements:

  • eventid. The unique identifier of the event.
  • utc. The time of the event in the UTC timezone.
  • time. The time of the event in the local timezone.
  • org. The name of the organisation where the event was recorded.
  • site. The name of the site where the event was recorded.
  • device. The name of the device where the event was recorded.
  • devid. The identifier of the device where the event was recorded (if defined).
  • type. The type of event (eg: access granted, clock in, clock out, present, start job, end job, etc).
  • detail. Additional details associated with the event (eg: a job number, a task type, etc).
  • method. The method used to identify the user (eg: face, passcode, etc)
  • userid. The unique identifier of the user from your user directory (ie: SyncGuid).
  • number. The business-defined number for the recognised user, such as an employee number or membership number.
  • firstname. The first name of the recognised user.
  • lastname. The last name of the recognised user.
  • cardnum. The card number of the recognised user which is used in secure access control applications.

Your API can be designed to be called using an HTTP GET, PUT, or POST method. If you use GET, the event data will be sent in query parameters. If you specify PUT or POST, the event data will be sent in JSON format (see example below).

Example JSON

The following is an example of the JSON that your API should expect. All elements will be present even if they are empty.

{  
    "eventid"   : "109997645",
    "utc"       : "2018-12-21 21:03:47",
    "time"      : "2018-12-22 08:03:47",  
    "org"       : "Acme Corporation", 
    "site"      : "Sydney", 
    "device"    : "Time Clock",
    "devid"     : "",
    “type”      : "clockin”, 
    ”detail”    : "", 
    “method”    : "face",
    "userid"    : "12345",
    “number”    : "1001”, 
    “firstname” : "Samara”,
    “lastname”  : "Smith”,
    "cardnum"   : ""
}

Configuration

To forward user recognition events, simply add an access point type, select 'Web Server' as the type of receiver, and specifying your API endpoint details (see example below). Once you have done this, add an access point using the type you just created, and activate it.

Security

Your implementation of the NoahFace APIs should enforce one of the following authentication methods:

  • Basic Security. You provide a username and password which is passed in the Authorization header of each HTTP request.
  • Token Security. You provide a bearer token which is passed in the Authorization header of each HTTP request.

If your implementation of the NoahFace APIs is being designed to service multiple organisations, you should use different credentials for each organisation so you can access the appropriate data in your IT system or application.

Regardless of which authentication method you choose, all API calls are over SSL so your data and credentials are encrypted.

FAQs
Contact
Privacy
Legal
Terms of Use
© NoahFace 2018
.