Using Kisi's API to Unlock Doors With Your App

By Mike Tong
October 25, 2018

How much time and money do you spend issuing and programming new ID cards and keys every year? For a fraction of the cost and time, you could replace nearly all your physical access credentials with secure digital ones that require a smartphone to use. This helps solve the problem of onboarding and offboarding staff, members and visitors as well as lost keys and security concerns.

Access-Control-as-a-Service (ACaaS) gives you more control over building management. As well as handling access control it gives you real-time information on who is your buildings, and you can integrate ACaaS platforms with other external sources of information in your organization such as CRM and calendars.

This article explains how Kisi fits into this ecosystem and highlight why it is better than alternatives such as HID, August, Nuki or the Amazon door lock API. It outlines basic architectural decisions of how a custom application, the Kisi API, Kisi backend and external data sources connect and work together. To illustrate this the article creates an example JavaScript application that authenticates with the API and highlights how areas of the web application (authentication, users, places, gateways, locks, etc.) relate to the code in an application.

Kisi Access Control System with API and webhook

How smart lock platforms compare

Most smartphone-based ACaaS platforms share a few key attributes. Users typically download an app through which you assign permissions to them and then gain access through readers or sensors posted at entrances, similar to how a badge or contactless card works.

Most smart lock solutions on the market are not designed for multiple access points with different permissions for different locations depending on the role of a staff member or visitor. With Kisi, you can handle this process with an administration or front desk member of staff.

Just as people don’t carry keys all the time, they may not always carry (or even own) a smartphone. Kisi offers the ability to supply alternative credentials, including integration with swipe cards.

Let’s take a look at the available options:

August smart lock

Replace entire lock: No (replaces only the inside) Means of entry: Smartphone app, key, key code (with optional keypad) Integrations: Apple HomeKit, Amazon Alexa, IFTTT, Google Assistant and more. API access: Only with partner program or IFTTT.


Replace entire lock: Unsure Means of entry: Smartphone, tablet or wearable. Limitations: Aimed at enterprise and hard to understand what they offer Integrations: Unsure API access: Several APIs

Brivo API

Replace entire lock: Yes Means of entry: Keycard and remote access Integrations: Specialized hardware, find out more API access: Yes, comprehensive


Replace entire lock: No. Place over lock requires a drill. Means of entry: Smartphone, tablet, wearable and key fob. Integrations: Amazon Alexa, Google Assistant, IFTTT API access: Yes

Amazon Lock API

Replace entire lock: Depends on lock Means of entry: Amazon Alexa Integrations: Amazon Alexa API access: Yes, but only with Amazon Alexa skills.


The Kisi Platform

The main area of your Kisi dashboard shows the locations you’ve defined, click on the location to see the access points, users, groups and settings for that location. The place in the screenshot below has two access points and 366 users in one group.

The Kisi Dashboard

The Settings pane of the dashboard provides access to analytics information and any integrations you’ve added.

To integrate Kisi’s services into your application, you need to use our API. You can find all of the functions of the web interface in the API, plus many more. We use our JavaScript SDK to demonstrate, for other languages you need to use standard HTTP libraries to communicate with the API.

To start, create an instance of the client, authenticate with the API and list your places, use the following:

Kisi API

This code results in a JSON response of your places, with all the metadata associated with each place. To get the details of a particular lock use the following with the ID of the place:

Kisi API

Which is equivalent to this screen in the web dashboard.

Locks in a place

To unlock a lock, pass the lock ID:

Kisi API

External data sources

If you don’t want to build a custom integration, Kisi includes integrations with a dozen services that provide your places, locks and members with data from external sources. These include Active Directory and Google Apps for user lists, door management linked to calendar entries, member access levels from six different membership services and connectivity to security video systems. You can add these integrations from the web app, and from the API with the integrations resources.

Add a calendar connection to Kisi

Combining these integrations with your custom applications gives tremendous potential. A new client can sign up with their Google account; your custom application checks that the user has a valid membership and if so, grants them access to your doors.

Advanced use cases

The power of the Kisi platform comes from its extensibility. An open API allows limitless possibilities for getting data in and out of the platform to trigger actions and create applications beyond pure access control.

Take for example intrusion detection. You could use sensors connected to your Kisi controller and attached to external doors or windows. Then with a custom application, use the integrations endpoint to add a new webhook listener:

Kisi API

When a sensor triggers that webhook, you can use the body set above to then trigger further Kisi or 3rd party API endpoints that match your use case, such as preventing the intruder from opening the door from the inside or trigger an alarm system.

Alternatively, take another example of using proximity sensors to introduce even more convenience to your building. By using a proximity sensor triggered by an authorized keycard or mobile device, you can use the unlock endpoint to open a lock as the person nears it and simultaneously record exit events for individuals and your building.


There are three use cases that we see most frequently for working with the Kisi API and integrating it with your application or infrastructure:

  • Using one of the default integrations.
  • A custom provisioning and de-provisioning of new users, responding to data from external CRM or membership systems.
  • Building a custom app for locking and unlocking doors.

Thanks to the API, the potential use cases go further than these, and we look forward to hearing what you build. Here you can find some advanced implementations from customers that leveraged the potential of our API.

Mike Tong

Technical Operations at Kisi