Skip to main content

Genetec Access Control Integration

Overview

Genetec Security Center is an enterprise-grade unified security platform that provides physical access control, video surveillance, and other security management features through an on-premise installation. The Nexudus integration with Genetec automates cardholder provisioning and access group assignments based on customer contracts, passes, bookings, and desk assignments.

Key Features

  • Cloud-based management: Manage access through Genetec Security Center’s web interface
  • Automatic provisioning: Access is granted and revoked automatically based on plan changes, bookings, and pass assignments
  • RFID card support: Single RFID card per customer with facility code configuration
  • PIN code support: Optional PIN codes for keypad access
  • Group-based permissions: Map your inventory (passes, resources, desks) to Genetec cardholder groups
  • Booking-based temporary access: Automatic access during reservation windows
  • Partition support: Multi-site organizations can configure default partitions

Integration Type

On-premise with Bridge Support — Genetec Security Center is installed on-premise at your location. Nexudus connects via Genetec’s REST API using either:
  • Network Bridge: Secure tunnel through https://bridge.nexudus.com/{device_id}/WebSdk/
  • Port Forwarding: Direct connection to http://public_ip:4590/WebSdk/ (requires firewall configuration)

Capabilities

FeatureSupportedNotes
Pass-based access✅ YesCustomers receive access based on their active passes
Plan-based access✅ IndirectPlans grant access through the passes they include
Resource-based access✅ YesGrants temporary access during reservations
Desk/unit-based access✅ YesIncludes support for team billing contracts
Visitor access❌ NoNot supported by this integration
Booking guest access✅ YesCustomers added as booking guests can access spaces during booking windows
Check-in tracking❌ NoDoor events are not processed for automatic check-ins
Mobile app access❌ NoNo mobile app integration available
Remote door unlock❌ NoPhysical cards/PIN codes required for access

How It Works

Access Control Model

Genetec uses a cardholder group model to manage access permissions:
  • Cardholders represent individuals in the system (mapped to Nexudus customers)
  • Cardholder Groups define collections of doors that cardholders can access
  • Credentials are physical access methods (RFID cards, PIN codes) linked to cardholders
  • Partitions organize entities within multi-site Genetec deployments
When a customer’s access needs change in Nexudus (e.g., they purchase a pass, book a resource, or their contract renews), the integration automatically updates their cardholder record in Genetec with the appropriate group memberships.

Multi-Door Support

Genetec uses cardholder groups to grant permissions to multiple doors. Instead of mapping each door individually:
  1. In Genetec Security Center, create a cardholder group (e.g., “24/7 Building Access”)
  2. Add the relevant doors to that group in Genetec
  3. In Nexudus, select that group from the dropdown when mapping your pass/resource/desk
  4. Customers with that pass automatically get access to all doors in the group
You must configure which doors belong to each group in the Genetec Security Center platform. Nexudus assigns customers to groups by selecting from the available groups retrieved from your Genetec system. The door-to-group mapping is managed in Genetec.

Prerequisites

Before connecting Nexudus to Genetec, ensure you have:
  1. Genetec Security Center installed on-premise with administrator access
  2. API credentials (username and password for API authentication)
  3. Network connectivity — Either:
    • Network Bridge configured: Device ID from your Nexudus Network Bridge installation
    • Port forwarding configured: Public IP address with port 4590 forwarded to your Genetec server
  4. Genetec system configured with door controllers installed and online
  5. Cardholder groups created in Genetec for different access levels (e.g., 24/7 access, business hours only)
  6. Nexudus location configured with plans, passes, and resources
  7. (Optional) Default partition GUID if using Genetec’s partition feature for multi-site organizations

Configuration

Step 1: Connect to Genetec

  1. In the Nexudus dashboard, go to Settings > Integrations
  2. Find Genetec in the list and expand the settings
  3. Enable the Enable Genetec integration toggle
  4. Enter your connection details (fields appear when toggle is enabled):
    • Genetec server address: Choose one of the following:
      • Network Bridge: https://bridge.nexudus.com/{DEVICE_ID}/WebSdk/ (replace {DEVICE_ID} with your Bridge device ID)
      • Port Forwarding: http://YOUR_PUBLIC_IP:4590/WebSdk/ (replace YOUR_PUBLIC_IP with your public IP address)
    • Genetec username: Your Genetec API username
    • Genetec password: Your Genetec API password
    • Default partition (optional): The GUID of the default partition for new cardholders (for multi-site Genetec deployments)
  5. Click Save to establish the connection
  6. Once connected successfully, the configuration panels for passes, resources, and desks will load below
The server URL must end with /WebSdk/ to properly access the Genetec API. If using the Network Bridge, ensure your Bridge Agent is running and registered. If using port forwarding, ensure port 4590 is accessible from the internet.

Step 2: Map Passes to Cardholder Groups

Passes are the primary way customers receive access in Nexudus. Each pass can be mapped to a Genetec cardholder group.
  1. In the Passes section, you’ll see all passes configured for this location
  2. For each pass, select a Genetec access group from the dropdown menu
    • The dropdown shows all cardholder groups available in your connected Genetec system
    • Groups are automatically retrieved when you save the connection settings
  3. Leave blank if a pass should not grant physical access
How it works:
  • When a customer has an active contract on a plan that includes passes, they automatically receive those passes
  • If the pass is mapped to a Genetec cardholder group, the customer is added to that group
  • When the pass expires or is consumed, access is revoked
  • Time-limited passes (e.g., day passes with validity windows) automatically grant and revoke access at the appropriate times
Example mapping:
Pass NameGenetec GroupPurpose
24/7 Access Pass24/7 Building AccessRound-the-clock building access
Business Hours PassBusiness Hours AccessAccess only during operating hours
Meeting Room PassMeeting Room ZonesAccess to meeting room areas
Cardholder groups are identified by GUID internally but displayed by name in the dropdown. If you don’t see a group in the dropdown, verify it exists in Genetec Security Center and re-save your connection settings to refresh the list.
Plans are not directly mapped to cardholder groups. Instead:
  1. Plans include passes via the plan configuration
  2. Passes are what get mapped to cardholder groups (selected from dropdown)
  3. When a customer starts a contract on a plan, they receive the passes included in that plan
  4. Those passes then grant the associated Genetec access

Step 3: Map Resources to Cardholder Groups

Resources (meeting rooms, event spaces, etc.) can require specific access permissions for bookings.
  1. In the Resources section, you’ll see all resources configured for this location
  2. For each resource, select a Genetec access group from the dropdown menu
  3. Leave blank if resource bookings should not grant physical access
How it works:
  • When a customer books a resource, Nexudus grants them access 15 minutes before the booking starts
  • Access is automatically revoked when the booking ends
  • If the booking is cancelled, access is removed immediately
Example mapping:
Resource NameGenetec GroupPurpose
Conference Room AConference Room A AccessAccess to specific meeting room
Event SpaceEvent Hall AccessAccess to event space for bookings
Private OfficePrivate Office AreaAccess to private office area
Resource-based access is temporary and booking-specific. A customer only receives access during their booking window, even if they don’t hold a general access pass.

Step 4: Map Desks/Units to Cardholder Groups

Floor plan desks and units can grant access to specific areas when included in a customer’s contract.
  1. In the Desks/Units section, you’ll see all desks from your floor plans
  2. For each desk, select a Genetec access group from the dropdown menu
  3. Leave blank if desk assignments should not grant physical access
How it works:
  • When a desk is added to a customer’s contract, they receive access to the mapped group
  • Access is granted when the contract starts and revoked when it ends
  • Team billing support: If a customer uses team billing (merged billing), they also receive access to desks included in the paying member’s contracts
Example mapping:
Desk/Unit NameGenetec GroupPurpose
Private Office #101Private Office Floor 1Access to first-floor private office area
Dedicated Desk Zone ADesk Area A AccessAccess to dedicated desk zone A
Studio #5Studio Access AreaAccess to individual studio unit
Desk access is based on contract assignments, not direct desk bookings. Customers must have the desk included in an active contract to receive access. Ad-hoc desk bookings (if using desk booking) do not automatically grant Genetec access.

Step 5: Save Configuration

  1. Review all mappings to ensure they’re correct
  2. Verify group selections match your intended access levels
  3. Click Save to apply the configuration
  4. Nexudus will immediately start provisioning access for customers based on the new mappings

How Access is Managed

When Access is Granted

Nexudus automatically grants Genetec access when:
  1. Contract starts: Customer begins a contract on a plan → receives passes included in that plan → assigned to corresponding Genetec cardholder groups
  2. Pass activated: Customer receives a pass directly (not via a contract) → assigned to the mapped Genetec cardholder group
  3. Booking created: Customer books a resource → granted access to resource’s group 15 minutes before booking start time
  4. Desk added to contract: Desk is added to an active contract → customer receives access to the desk’s mapped group
  5. Booking guest added: Non-customer is added as a guest on a booking → granted access to resource’s group for the booking duration

When Access is Revoked

Nexudus automatically revokes Genetec access when:
  1. Contract ends or cancelled: Customer loses passes from that contract → removed from corresponding Genetec cardholder groups
  2. Pass expires: Pass validity ends or usage is consumed → removed from mapped Genetec cardholder group
  3. Booking ends or cancelled: Booking time expires or is cancelled → access to resource’s group is removed
  4. Desk removed from contract: Desk is removed from contract → access to desk’s group is revoked
  5. Customer deactivated: Customer account is deactivated in Nexudus → cardholder is deactivated in Genetec

Cardholder Activation Status

Genetec cardholders can be in two states:
  • Active: Cardholder has at least one group assignment and credentials configured
  • Inactive: Cardholder has no group assignments or credentials have been removed
Nexudus automatically activates cardholders when they gain access to any groups, and deactivates them when all access is removed.

Access Update Timing

  • Immediate updates: Contract changes, pass assignments, and customer deactivations trigger access updates within seconds
  • Booking lead time: Booking access is granted 15 minutes before the booking start time
  • Background processing: Access updates are queued in background jobs to handle high volumes efficiently
  • Distributed locking: Prevents concurrent updates to the same customer across multiple servers
If a customer should have access but doesn’t, the system automatically retries access provisioning. Check the Business Checkup page for any integration errors.

RFID Card and PIN Management

Genetec supports both RFID access cards and PIN codes for physical access.

Assigning RFID Cards

To assign an RFID card to a customer:
  1. Go to Operations > Customers
  2. Select the customer
  3. In their profile, enter the following:
    • Access Card ID: The card number (e.g., 12345)
    • Key Fob Number: The facility code (e.g., 100)
  4. Save the customer profile
Card credential format:
  • Genetec uses the Wiegand Corporate 1000 format by default
  • Format: WiegandCorporate1000CredentialFormat(facilityCode, cardNumber)
  • Both facility code and card number are required
Single card only: Unlike some other systems, Genetec integration supports one card per customer. If you need to replace a card, simply update the Access Card ID field.

Assigning PIN Codes

To assign a PIN code for keypad access:
  1. Go to Operations > Customers
  2. Select the customer
  3. In their profile, enter a PIN code in the Access PIN Code field (e.g., 1234)
  4. Save the customer profile
PIN behavior:
  • PIN codes are separate credentials from RFID cards
  • A customer can have both a card and a PIN code
  • PINs are stored as “Keypad” credential type in Genetec
  • Removing the PIN code from Nexudus deletes the PIN credential in Genetec

Credential Management Logic

When you save a customer profile, Nexudus:
  1. Creates cardholder: If the customer doesn’t exist in Genetec (lookup by email)
  2. Updates cardholder: Updates first name, last name, and email if cardholder exists
  3. Manages card credential:
    • If card ID is present: Creates or updates the “UndecodedWiegand” credential
    • If card ID is removed: Deletes the card credential
  4. Manages PIN credential:
    • If PIN is present: Creates or updates the “Keypad” credential
    • If PIN is removed: Deletes the PIN credential
  5. Updates group memberships: Adds/removes cardholder from groups based on passes, bookings, and desk assignments
Credentials are separate entities in Genetec linked to cardholders. When updating a card or PIN, Nexudus deletes the old credential and creates a new one with the updated values.

Troubleshooting

Possible causes:
  1. Pass not mapped: The passes included in the customer’s plan are not mapped to any Genetec cardholder groups
    • Solution: Go to Settings > Integrations > Genetec and select a cardholder group for the relevant passes
  2. Group no longer exists: The selected group was deleted from Genetec Security Center
    • Solution: Select a different group or recreate the group in Genetec, then refresh the integration
  3. Pass expired or inactive: The customer’s pass has expired or hasn’t started yet
    • Solution: Check the customer’s passes under their profile to verify validity windows
  4. Cardholder not created: The customer wasn’t created in Genetec
    • Solution: Check the Business Checkup page for integration errors, or manually trigger an update by editing and saving the customer’s profile
  5. Group permissions: The Genetec cardholder group exists but isn’t assigned to any doors
    • Solution: In Genetec Security Center, verify the cardholder group includes the correct door controllers
  6. No credentials assigned: Customer exists in Genetec but has no card or PIN
    • Solution: Assign an RFID card or PIN code in the customer’s profile fields
  7. Cardholder inactive: Customer’s cardholder record is deactivated in Genetec
    • Solution: Verify customer has active passes/contracts that grant access; Nexudus should automatically activate the cardholder
Possible causes:
  1. Resource not mapped: The booked resource is not mapped to a Genetec cardholder group
    • Solution: Select a cardholder group for the resource in Settings > Integrations > Genetec
  2. Booking too far in future: Access is only granted 15 minutes before booking start time
    • Solution: Wait until booking is within 15 minutes of start time
  3. Booking not confirmed: Some resources require booking confirmation
    • Solution: Confirm the booking if it’s in pending state
  4. No credentials assigned: Customer has no physical card or PIN to use
    • Solution: Assign an RFID card or PIN code to the customer’s profile
Possible causes:
  1. Missing facility code: Key Fob Number (facility code) not configured
    • Solution: Ensure both Access Card ID and Key Fob Number fields are filled in the customer profile
  2. Credential format mismatch: Genetec reader expects a different card format
    • Solution: Verify your Genetec system uses Wiegand Corporate 1000 format; contact Genetec support if using a different format
  3. Credential not synced: Recent changes haven’t been synced to Genetec
    • Solution: Wait a few minutes for sync, or manually trigger by editing and saving the customer profile
  4. Cardholder inactive: Customer’s cardholder is deactivated in Genetec
    • Solution: Verify customer has active passes/contracts; Nexudus should automatically activate them
  5. Card reader issue: Physical hardware problem
    • Solution: Test cards on different readers to isolate hardware issues
Possible causes:
  1. Incorrect server URL: The Genetec server URL is incorrect or missing /WebSdk/ endpoint
    • Solution: Verify the server URL follows one of these formats:
      • Network Bridge: https://bridge.nexudus.com/{DEVICE_ID}/WebSdk/
      • Port Forwarding: http://YOUR_PUBLIC_IP:4590/WebSdk/
  2. Invalid credentials: Username or password is incorrect
    • Solution: Verify credentials have administrative access in Genetec Security Center
  3. API access disabled: Your Genetec account doesn’t have API access enabled
    • Solution: Contact Genetec support to enable API access for your account
  4. Network connectivity: Firewall or network issue preventing connection
    • Solution: If using port forwarding, verify port 4590 is accessible from the internet. If using Network Bridge, verify the Bridge Agent is running and connected to Nexudus
  5. License key issue: Genetec API license key not configured correctly
    • Solution: Nexudus uses dedicated API keys embedded in the integration; contact Nexudus support if you see licensing errors
Possible causes:
  1. Connection not saved: Settings haven’t been saved to retrieve groups
    • Solution: Save the connection settings (server URL, username, password) to retrieve groups from Genetec
  2. No groups created: No cardholder groups exist in Genetec Security Center
    • Solution: Create cardholder groups in Genetec Security Center, then re-save your Nexudus integration settings
  3. API permissions: Genetec user doesn’t have permission to read cardholder groups
    • Solution: Ensure the API user has administrator permissions in Genetec
  4. Connection error: Authentication or network error preventing group retrieval
    • Solution: Check connection status and verify credentials are correct
Possible causes:
  1. Groups not assigned: Customer’s passes/bookings/desks aren’t mapped to Genetec groups
    • Solution: Map passes, resources, and desks to cardholder groups in Settings > Integrations > Genetec
  2. Signature unchanged: Access hasn’t changed since last update (optimization)
    • Solution: This is normal behavior; if access genuinely changed, save the customer profile to force an update
  3. Background job delay: Access update is queued but not yet processed
    • Solution: Wait a few minutes for background jobs to process
  4. Error during provisioning: API call to Genetec failed
    • Solution: Check Business Checkup page for error details

Monitoring Integration Errors

Nexudus monitors your access control integration and alerts you to any issues that need attention.

Business Checkup Dashboard

Access control integration errors are displayed on the Business Checkup page:
  1. Go to Home > Important Items in the dashboard, or
  2. Navigate directly to dashboard.nexudus.com/dashboards/checkup
  3. Look for the Access Control Integration tile
  4. If there are errors, the tile will be displayed in red

What Gets Flagged

  • Authentication failures: Invalid credentials or connection errors
  • Provisioning errors: Failed attempts to create or update customer access
  • Configuration issues: Missing or invalid cardholder group mappings
  • Credential errors: Failed attempts to create or update cards/PINs
Each error includes:
  • The customer affected
  • The nature of the problem
  • When the error occurred
  • Suggested actions to resolve it
Nexudus automatically retries failed operations. If errors persist, check the Business Checkup page for detailed information and follow the suggested resolution steps.

Security Considerations

Data Shared with Genetec

When provisioning access, Nexudus shares the following information with Genetec:
  • Customer data: First name, last name, email address
  • Credentials: Card IDs, facility codes, PIN codes
  • External ID: Nexudus uses the customer’s email as the lookup key
Nexudus does not share:
  • Phone numbers (unless part of customer name fields)
  • Billing information
  • Payment details
  • Contract specifics (only cardholder group assignments)
  • Personal notes or custom fields

Network Security

  • HTTPS encryption: All communication uses HTTPS (SSL/TLS)
  • Basic authentication: Username and password sent with each request (over HTTPS)
  • API keys: Nexudus uses dedicated license keys for Genetec API access
  • Distributed locking: Prevents race conditions and concurrent updates to the same customer

Credential Management

  • Physical cards: Managed in both Nexudus and Genetec; always assign through Nexudus
  • PIN codes: Stored in Nexudus and synced to Genetec
  • User passwords: Never shared with Nexudus; authentication is handled by Genetec

Best Practices

Cardholder Group Organization

Create cardholder groups in Genetec based on access levels, not products or plans:
  • Good: “24/7 Building Access”, “Business Hours Access”, “Meeting Room Zones”, “Private Office Areas”
  • Avoid: “Hot Desk Plan”, “Dedicated Desk Plan” (these are billing products, not access types)
This approach lets you grant the same physical access through multiple plans.

Naming Conventions

  • Create descriptive cardholder group names in Genetec that make them easy to identify in the dropdown
  • Avoid overly long group names that are difficult to read in the admin panel
  • Document group-to-door mappings in Genetec for future reference

Card Management

  • Use consistent facility codes across all cards at a location
  • Keep facility code and card number separate (don’t combine into Access Card ID)
  • Document your facility code for future card provisioning
  • Test new cards immediately after provisioning to ensure proper configuration

Partition Configuration

  • If using Genetec partitions for multi-site organizations, configure the Default Partition setting
  • Partition GUID should match your primary partition in Genetec Security Center
  • All cardholders created by Nexudus will be assigned to this partition

Access Signature Optimization

  • Nexudus uses access signatures to avoid unnecessary API calls
  • An access signature is a hash of all groups a customer should have access to
  • If the signature hasn’t changed, Nexudus skips the update
  • This optimization reduces API traffic and improves performance

Technical Details

API Architecture

  • Protocol: HTTPS REST API
  • Authentication: HTTP Basic Authentication (username/password)
  • API Format: Query-string based parameters (not JSON body)
  • Base URL: Configured per business with two options:
    • Network Bridge: https://bridge.nexudus.com/{DEVICE_ID}/WebSdk/
    • Port Forwarding: http://PUBLIC_IP:4590/WebSdk/
  • License Keys: Embedded in integration (Debug and Production keys)

Key Endpoints

  • Cardholders:
    • GET /report/CardholderConfiguration?q=EmailSearchMode=Is,Email={email} - Find cardholder by email
    • GET /entity/{guid} - Get cardholder by GUID
    • POST /entity?q=entity=NewEntity(Cardholder),Name={name},FirstName={fn},LastName={ln},EmailAddress={email},Status.Activate(),Guid,Name,FirstName,LastName,EmailAddress,State,Groups,Parents,Credentials - Create cardholder
    • POST /entity?q=entity={guid},Name={name},FirstName={fn},LastName={ln},EmailAddress={email},Guid,Name,FirstName,LastName,EmailAddress,State,Groups,Parents,Credentials - Update cardholder
    • POST /entity?q=entity={guid},Status.Activate() - Activate cardholder
    • POST /entity?q=entity={guid},Status.Deactivate() - Deactivate cardholder
    • DELETE /entity/{guid} - Delete cardholder
  • Cardholder Groups:
    • GET /report/EntityConfiguration?q=EntityTypes@CardholderGroup - List all cardholder groups
    • GET /entity/{guid} - Get cardholder group by GUID
    • POST /entity?q=entity={groupGuid},Members@({cardholderGuid}) - Add member to group
    • POST /entity?q=entity={groupGuid},Members-({cardholderGuid}) - Remove member from group
  • Credentials:
    • GET /entity/{guid} - Get credential by GUID
    • POST /entity?q=entity=NewEntity(Credential),Cardholder={cardholderGuid},Format=KeypadCredentialFormat({pin}),State=Active - Create PIN credential
    • POST /entity?q=entity=NewEntity(Credential),Cardholder={cardholderGuid},Format=WiegandCorporate1000CredentialFormat({facilityCode},{cardNumber}),State=Active - Create card credential
    • DELETE /entity/{guid} - Delete credential
  • Creation Partition:
    • POST /creationpartition/{partitionGuid} - Set default partition for new entities

Cardholder Model

{
  "Id": "guid",
  "Name": "First Last",
  "FirstName": "First",
  "LastName": "Last",
  "EmailAddress": "email@example.com",
  "State": "Active",
  "Groups": [],
  "Parents": ["guid1", "guid2"],
  "Credentials": ["credentialGuid1", "credentialGuid2"]
}
Key fields:
  • Parents: Array of GUIDs representing cardholder groups this cardholder belongs to
  • Credentials: Array of GUIDs representing credentials (cards, PINs) assigned to this cardholder
  • State: “Active” or “Inactive”

Credential Model

{
  "Id": "guid",
  "CardHolder": { "Id": "cardholderGuid" },
  "Type": "Keypad" | "UndecodedWiegand",
  "State": "Active"
}
Credential types:
  • Keypad: PIN code credential (format: KeypadCredentialFormat({pin}))
  • UndecodedWiegand: RFID card credential (format: WiegandCorporate1000CredentialFormat({facilityCode},{cardNumber}))

Cardholder Group Model

{
  "Id": "guid",
  "Name": "Group Name"
}

Business Settings Reference

SettingPurpose
Genetec.EnabledIntegration enabled flag (“true”/“false”)
Genetec.ServerURLBase URL of Genetec Security Center with /WebSdk/ endpoint. Use either Network Bridge (https://bridge.nexudus.com/{DEVICE_ID}/WebSdk/) or port forwarding (http://PUBLIC_IP:4590/WebSdk/)
Genetec.UsernameAPI username for authentication (appended with license key)
Genetec.PasswordAPI password for authentication
Genetec.DefaultPartitionGUID of default partition for new cardholders (optional)

Access Update Logic

  1. Passes: Active passes from contracts + shared passes from paying member
  2. Check-ins: Passes from open check-ins (maintains access during session)
  3. Bookings: Resources with bookings starting within 15 minutes
  4. Booking guests: Resources from bookings where customer is a visitor
  5. Desks: Desks from active contracts (own + team billing)
  6. Group collection: Aggregated list of unique cardholder group GUIDs
  7. Access signature: Hash of sorted group GUIDs to detect changes
  8. Skip if unchanged: If signature matches previous signature, skip update
  9. Cardholder provisioning: Create or update cardholder with new information
  10. Credential management: Create/update/delete card and PIN credentials
  11. Group membership sync: Compare current groups to target groups, add/remove as needed
  12. Activation status: Activate if groups exist, deactivate if no groups

External ID System

  • Lookup key: Email address is used to find existing cardholders
  • Create if not found: New cardholder created if email doesn’t exist
  • No numeric external ID: Unlike some integrations, Genetec uses email as the unique identifier

Error Handling

  • Authentication failures: Logged to business log entries
  • Provisioning errors: Automatic retry with distributed locking
  • Business Checkup: Integration errors displayed on dashboard
  • Event system: OnExceptionHandler raises AccessControlEventData for error tracking
  • Credential errors: Separate error handling for card vs. PIN creation/update

Credential Management Logic

When updating cardholders:
  1. Fetch current credentials: Get list of credential GUIDs from cardholder
  2. Identify credential types:
    • “Keypad” = PIN credential
    • “UndecodedWiegand” = Card credential
  3. PIN logic:
    • If AccessPincode is empty and PIN exists: Delete PIN credential
    • If AccessPincode is present and PIN exists: Delete old PIN, create new PIN
    • If AccessPincode is present and PIN doesn’t exist: Create new PIN
  4. Card logic:
    • If AccessCardId is empty and card exists: Delete card credential
    • If AccessCardId is present and card exists: Delete old card, create new card
    • If AccessCardId is present and card doesn’t exist: Create new card
Credentials are updated by deleting and recreating rather than in-place updates. This ensures credential format changes are properly applied.

Performance Optimization

  • Debouncing: 5-second debounce prevents rapid repeated updates for same customer
  • Access signature hashing: Skips API calls when access hasn’t changed
  • Distributed locking: Prevents concurrent updates to same customer across servers
  • Background jobs: Queued in Hangfire for non-blocking execution
  • Priority queue: Critical updates use 1_critical queue for faster processing

License Key Integration

The integration includes embedded license keys for Genetec API access:
  • Debug key: KxsD11z743Hf5Gq9mv3+5ekxzemlCiUXkTFY5ba1NOGcLCmGstt2n0zYE9NsNimv
  • Production key: Ww9c2Z9pMRjeMAluH1V7UgCViwOedGiHJ98YwOwBRi8SkEW1TE2cc8B3WY6zlK7r
The license key is automatically appended to the username with a semicolon separator based on build configuration.

API Response Formats

Genetec API uses nested response objects:
{
  "Response": {
    "Result": {
      // Actual entity data here
    }
  }
}
For reports/lists:
{
  "Results": [
    {
      "Guid": "entity-guid",
      "Name": "Entity Name"
    }
  ]
}