Access control | Access control software

Using Kisi's API to Unlock Doors With Your App

With our API, replace nearly all your physical access credentials with secure digital ones - and save time and effort.

7 min reading time

Access Control API

Updated on December 01, 2022

Written by Mike Tong

Share this article

How much time and money do you spend issuing and programming new ID cards and keys every year?

What if, for a fraction of the cost and time, you could replace nearly all your physical access credentials with secure digital ones that require only a smartphone to use?

Access-Control-as-a-Service (ACaaS) gives you more control over building management. As well as handling access control, it gives you real-time information on who is in your buildings, and you can integrate ACaaS platforms with other external sources of information in your organization such as CRM and calendars. This helps solve the problem of onboarding and offboarding staff, members, and visitors, as well as lost keys and security concerns.

This article explains how Kisi fits into this ecosystem and highlights why it is better than alternatives like HID, August, Nuki, or the Amazon door lock API. It starts by outlining basic architectural decisions of how a custom application, the Kisi API, Kisi backend, and external data sources connect and work together. To illustrate this, an example JavaScript application is included that authenticates with the API and highlights how areas of the web application (authentication, users, places, gateways, locks, etc.) relate to the code in an application. If you want to go straight to the API documentation, you can find it here.

Kisi Access Control System with API and webhook

How smart lock platforms compare #

Most smartphone-based ACaaS platforms share a few key attributes: Users typically download an app through which you assign permissions to them, and then they gain access through readers or sensors posted at entrances. This is similar to how a badge or contactless card works.

Most smart lock solutions on the market are not designed for multiple access points and don’t have the ability to grant different permissions for different locations depending on the type of access a staff member or visitor needs. With Kisi, you can handle this process with an administration or front desk member of staff.

Now, you may be thinking that just as people don’t carry keys all the time, they may not always carry—or even own—a smartphone. Kisi offers the ability to supply alternative credentials, including integration with swipe cards.

Let’s take a look at all of the available API options:

August Smart Lock #

  • Replace entire lock: No (replaces only the inside)
  • Means of entry: Smartphone app, key, key code (with optional keypad)
  • Integrations: Apple HomeKit, Amazon Alexa, IFTTT, Google Assistant, and more.
  • API access: Only with a partner program or IFTTT.


  • Replace entire lock: Unsure
  • Means of entry: Smartphone, tablet, or wearable
  • Limitations: Aimed at enterprise and hard to understand what they offer
  • Integrations: Unsure
  • API access: Several APIs

Brivo API #

  • Replace entire lock: Yes
  • Means of entry: Keycard and remote access
  • Integrations: Specialized hardware
  • API access: Yes, comprehensive

Nuki #

  • Replace entire lock: No—lace over lock, requires a drill
  • Means of entry: Smartphone, tablet, wearable, and key fob
  • Integrations: Amazon Alexa, Google Assistant, IFTTT
  • API access: Yes

Amazon Lock API #

  • Replace entire lock: Depends on lock
  • Means of entry: Amazon Alexa
  • Integrations: Amazon Alexa
  • API access: Yes, but only with Amazon Alexa skills

The Kisi Platform #

The main area of your Kisi dashboard shows the locations you’ve defined and allows you to click on the location to see the access points, users, groups, and settings for that location. For example, the “Kisi Demo” location in the screenshot below has two access points and 366 users in one group.


The Kisi Dashboard

The Settings pane of the dashboard provides access to analytics information and any integrations you’ve added.

To integrate Kisi’s services into your application, you need to use our API. You can find all of the functions of the web interface in the API, plus many more. We use our JavaScript SDK to demonstrate; for other languages, you need to use standard HTTP libraries to communicate with the API.

To start, create an instance of the client, authenticate with the API, and list your places, use the following:

Kisi API

This code results in a JSON response of your places, with all the metadata associated with each place. To get the details of a particular lock, use the following with the ID of the place:

Kisi API

This code is equivalent to the below screen in the web dashboard:

locks in the Kisi dashboard

Locks in a place

To unlock a lock, pass the lock ID:

Kisi API

External data sources #

If you don’t want to build a custom integration, Kisi includes integrations with a dozen services that provide your places, locks, and members with data from external sources. These include Active Directory and Google Apps for user lists, door management linked to calendar entries, member access levels from six different membership services, and connectivity to security video systems. You can add these integrations from the web app, as well as from the API by using our integrations resources.


Add a calendar connection to Kisi

Combining these integrations with your custom applications gives tremendous potential. For example, when a new client signs up with their Google account, your custom application checks that the user has a valid membership and if so, grants them access to your doors.

Advanced use cases #

The power of the Kisi platform comes from its extensibility: An open API allows limitless possibilities for getting data in and out of the platform to trigger actions and create applications beyond pure access control.

“Kisi’s API documentation is so clear that we had our beta version up and running in 24 hours." Nigel Thomas, CEO at GoLocker

Take, for example, intrusion detection. You could use sensors connected to your Kisi controller and attached to external doors or windows. Then, with a custom application, use the integrations endpoint to add a new webhook listener:

Kisi API

When a sensor triggers that webhook, you can use the body set above to then trigger further Kisi or 3rd party API endpoints that match your use case, such as preventing the intruder from opening the door from the inside or triggering an alarm system.

Alternatively, take the example of using proximity sensors to introduce even more convenience to your building: By using a proximity sensor triggered by an authorized keycard or mobile device, you can use the unlock endpoint to open a lock as the person nears it and simultaneously record exit events for individuals and your building.

Conclusion #

There are three use cases that we see most frequently for working with the Kisi API and integrating it with your application or infrastructure:

  1. Using one of the default integrations
  2. Custom provisioning and de-provisioning of new users, responding to data from external CRM or membership systems
  3. Building a custom app for locking and unlocking doors

Thanks to the API, the potential use cases go further than these, and we look forward to hearing what you build. For inspiration, check out some advanced implementations from customers who leveraged the potential of our API.


Mike Tong

Technical Operations at Kisi

Save time. Enhance security.

Modernize your access control with remote management and useful integrations.