Skip to main content

Paxton NET2 Access Control Integration

Overview

Paxton NET2 is an enterprise-grade access control platform that provides physical security management through on-premises hardware and software. The Nexudus integration with Paxton NET2 automates credential provisioning and area assignments based on customer contracts, passes, bookings, and desk assignments.

Key Features

  • On-premises management: Dedicated server installed at your location
  • OAuth2-based authentication: Secure API authentication using Resource Owner Password Credentials flow
  • Automatic provisioning: Access is granted and revoked automatically based on plan changes, bookings, and pass assignments
  • RFID token support: Multiple RFID tokens per customer with customizable token types
  • Area-based permissions: Map your inventory (passes, resources, desks) to Paxton NET2 areas
  • Booking-based temporary access: Automatic access during reservation windows for booking holders and guests
  • Check-in session tracking: Maintains access during check-in sessions based on active time passes
  • Team billing support: Members of team billing groups receive access to all team resources
  • Shared passes: Team members automatically receive access from shared time passes
  • Timezone support: Configure access permissions with specific timezone restrictions

Integration Type

On-premise with Bridge Support — Paxton NET2 requires a dedicated server installed at your location. Nexudus connects via Paxton’s REST API using either:
  • Network Bridge: Secure tunnel through https://bridge.nexudus.com/{device_id}/ (recommended)
  • Port Forwarding: Direct connection to https://public_ip:8443/ (requires firewall configuration)

Capabilities

FeatureSupportedNotes
Pass-based access✅ YesCustomers receive access based on their active passes
Plan-based access✅ IndirectPlans grant access through the passes they include
Resource-based access✅ YesGrants temporary access during reservations
Desk/unit-based access✅ YesIncludes support for team billing contracts
Visitor access✅ YesBooking guests receive access during booking windows
Booking guest access✅ YesCustomers added as booking guests can access spaces during their booking windows
Door event check-ins❌ NoDoor access events are not sent back to Nexudus to create automatic check-ins
Mobile app access❌ NoNo mobile app integration available
Remote door unlock❌ NoPhysical tokens required for access

How It Works

Access Control Model

Paxton NET2 uses an area-based model to manage access permissions:
  • Users represent individuals in the system (mapped to Nexudus customers)
  • Areas define collections of doors that users can access
  • Tokens are physical RFID cards assigned to users
  • Doors are individual access points managed by door controllers
  • Timezones define when access is permitted (e.g., 24/7, business hours only)
When a customer’s access needs change in Nexudus (e.g., they purchase a pass, book a resource, check in, or their contract renews), the integration automatically updates their user record in Paxton NET2 with the appropriate area permissions.

Access Calculation

The integration evaluates multiple sources to determine a customer’s access:
  1. Active Time Passes: All passes currently valid for the customer
  2. Shared Passes: Passes shared by paying member in team billing arrangements
  3. Check-in Sessions: Active check-ins maintain pass-based access for session duration
  4. Upcoming Bookings: Resources booked by customer (access granted 15 minutes early)
  5. Booking Guest Access: Resources where customer is added as a guest
  6. Contract Desks: Desks included in active contracts
  7. Team Billing Desks: Desks from paying member’s contracts for team members
All area permissions from these sources are aggregated and applied to the customer’s Paxton NET2 user record.

Multi-Door Support

Paxton NET2 uses areas to grant permissions to multiple doors. Instead of mapping each door individually:
  1. In Paxton NET2, create an area (e.g., “Coworking Space Access”)
  2. Add the relevant doors to that area in Paxton NET2
  3. In Nexudus, select that area from the dropdown when mapping your pass/resource/desk
  4. Customers with that pass automatically get access to all doors in the area
You must configure which doors belong to each area in the Paxton NET2 system. Nexudus assigns customers to areas by selecting from the available areas retrieved from your Paxton NET2 system. The door-to-area mapping is managed in Paxton NET2.

Prerequisites

Before connecting Nexudus to Paxton NET2, ensure you have:
  1. Paxton NET2 system installed on-premise with administrator access
  2. Local API enabled via the NET2 Local API Configuration Utility
  3. Nexudus license file installed for API access (provided by Nexudus support)
  4. API credentials (username and password for API authentication)
  5. Network connectivity — Either:
    • Network Bridge configured: Device ID from your Nexudus Network Bridge installation
    • Port forwarding configured: Public IP address with port 8443 (or custom port) forwarded to your Paxton NET2 server
  6. Paxton NET2 configured with door controllers installed and online
  7. Areas created in Paxton NET2 for different access levels (e.g., 24/7 access, business hours only)
  8. Timezones configured in Paxton NET2 for when access should be granted
  9. Nexudus location configured with plans, passes, and resources
The Local API Configuration Utility is located on the security tab of the NET2 Configuration Utility. The default location on Windows is C:\Program Files (x86)\Paxton Access\Access Control\SvrConf.exe. Contact Nexudus support to obtain the license file for API access. After installing the license file, restart the NET2 Service to enable the API.

Configuration

Step 1: Enable and Connect to Paxton NET2

  1. In the Nexudus dashboard, go to Settings > Integrations
  2. Find Paxton Net2 in the list and expand the settings
  3. Enable the Enable Paxton Net2 integration toggle
  4. Enter your connection details (fields appear when toggle is enabled):
    • Paxton Net2 server address: Choose one of the following:
      • Network Bridge: https://bridge.nexudus.com/{DEVICE_ID}/ (replace {DEVICE_ID} with your Bridge device ID)
      • Port Forwarding: https://YOUR_PUBLIC_IP:8443/ (replace YOUR_PUBLIC_IP with your public IP address and port)
    • Paxton Net2 username: Your Paxton NET2 API username
    • Paxton Net2 password: Your Paxton NET2 API password
    • Paxton Net2 Client ID: Use 8bea7086-c5bb-4d71-98ca-a81be791e82b (fixed Nexudus identifier)
    • Token Type (optional): The token type for RFID cards (defaults to “Unspecified”)
  5. Click Save to establish the connection
  6. Once connected successfully, the configuration panels for passes, resources, and desks will load below
If using the Network Bridge, ensure your Bridge Agent is running and registered. If using port forwarding, ensure port 8443 (or your custom port) is accessible from the internet and forwarded to your Paxton NET2 server.

Step 2: Map Passes to Areas

Passes are the primary way customers receive access in Nexudus. Each pass can be mapped to one or more Paxton NET2 areas.
  1. In the Passes section, you’ll see all passes configured for this location
  2. For each pass, select one or more Paxton NET2 areas from the dropdown menu
    • The dropdown shows all areas available in your connected Paxton NET2 system
    • Areas are automatically retrieved when you save the connection settings
    • You can select multiple areas for a single pass
  3. Leave blank if a pass should not grant physical access
How it works:
  • When a customer has an active contract on a plan that includes passes, they automatically receive those passes
  • If the pass is mapped to Paxton NET2 areas, the customer is granted access to those areas
  • When the pass expires or is consumed, access is revoked
  • Time-limited passes (e.g., day passes with validity windows) automatically grant and revoke access at the appropriate times
Example mapping:
Pass NamePaxton NET2 AreasPurpose
24/7 Access PassMain Building, Meeting RoomsRound-the-clock building and meeting room access
Business Hours PassMain BuildingAccess only during operating hours
Meeting Room PassMeeting RoomsAccess to meeting room zones only
Areas are automatically retrieved from your Paxton NET2 system. If you don’t see an area in the dropdown, verify it exists in Paxton NET2 and re-save your connection settings to refresh the list.
Plans are not directly mapped to areas. Instead:
  1. Plans include passes via the plan configuration
  2. Passes are what get mapped to areas (selected from dropdown)
  3. When a customer starts a contract on a plan, they receive the passes included in that plan
  4. Those passes then grant the associated Paxton NET2 access

Step 3: Map Resources to Areas

Resources (meeting rooms, event spaces, etc.) can require specific access permissions for bookings.
  1. In the Resources section, you’ll see all resources configured for this location
  2. For each resource, select one or more Paxton NET2 areas from the dropdown menu
  3. Leave blank if resource bookings should not grant physical access
How it works:
  • When a customer books a resource, Nexudus grants them access 15 minutes before the booking starts
  • Access is automatically revoked when the booking ends
  • If the booking is cancelled, access is removed immediately
Example mapping:
Resource NamePaxton NET2 AreasPurpose
Conference Room AFloor 2, Meeting RoomsAccess to second floor and meeting room area
Event SpaceEvent Hall, Main EntranceAccess to event space and main entrance
Private OfficePrivate Office WingAccess to private office area
Resource-based access is temporary and booking-specific. A customer only receives access during their booking window, even if they don’t hold a general access pass.

Step 4: Map Desks/Units to Areas

Floor plan desks and units can grant access to specific areas when included in a customer’s contract.
  1. In the Desks/Units section, you’ll see all desks from your floor plans
  2. For each desk, select one or more Paxton NET2 areas from the dropdown menu
  3. Leave blank if desk assignments should not grant physical access
How it works:
  • When a desk is added to a customer’s contract, they receive access to the mapped areas
  • Access is granted when the contract starts and revoked when it ends
  • Team billing support: If a customer uses team billing (merged billing), they also receive access to desks included in the paying member’s contracts
Example mapping:
Desk/Unit NamePaxton NET2 AreasPurpose
Private Office #101Floor 1 Private, Main BuildingAccess to first-floor private office area
Dedicated Desk Zone ACoworking Floor 2, Main BuildingAccess to dedicated desk zone
Studio #5Studios, Loading DockAccess to studio unit and loading area
Desk access is based on contract assignments, not direct desk bookings. Customers must have the desk included in an active contract to receive access. Ad-hoc desk bookings (if using desk booking) do not automatically grant Paxton NET2 access.

Step 5: Save Configuration

  1. Review all mappings to ensure they’re correct
  2. Verify area names match exactly with your Paxton NET2 system
  3. Click Save to apply the configuration
  4. Nexudus will immediately start provisioning access for customers based on the new mappings

How Access is Managed

When Access is Granted

Nexudus automatically grants Paxton NET2 access when:
  1. Contract starts: Customer begins a contract on a plan → receives passes included in that plan → assigned to corresponding Paxton NET2 areas
  2. Pass activated: Customer receives a pass directly (not via a contract) → assigned to the mapped Paxton NET2 areas
  3. Check-in created: Customer checks in with a time pass → maintains access to pass areas for the duration of the check-in session
  4. Booking created: Customer books a resource → granted access to resource’s areas 15 minutes before booking start time
  5. Booking guest added: Customer is added as a guest on a booking → granted access to resource’s areas during the booking window
  6. Desk added to contract: Desk is added to an active contract → customer receives access to the desk’s mapped areas
  7. Team member access: Paying member’s team receives access to all areas from paying member’s passes and desks
  8. Shared passes: Team members receive access from shared passes of their paying member

When Access is Revoked

Nexudus automatically revokes Paxton NET2 access when:
  1. Contract ends or cancelled: Customer loses passes from that contract → removed from corresponding Paxton NET2 areas
  2. Pass expires: Pass validity ends or usage is consumed → removed from mapped Paxton NET2 areas
  3. Check-in ends: Customer checks out or check-in session expires → pass-based access is re-evaluated
  4. Booking ends or cancelled: Booking time expires or is cancelled → access to resource’s areas is removed
  5. Booking guest removed: Customer is removed as a guest from a booking → access to resource’s areas is revoked
  6. Desk removed from contract: Desk is removed from contract → access to desk’s areas is revoked
  7. Customer deactivated: Customer account is deactivated → all Paxton NET2 access removed

Access Update Timing

  • Immediate updates: Contract changes, pass assignments, and customer deactivations trigger access updates within seconds
  • Booking lead time: Booking access is granted 15 minutes before the booking start time
  • Background processing: Access updates are queued in background jobs to handle high volumes efficiently
  • Distributed locking: Prevents concurrent updates to the same customer across multiple servers
  • Debouncing: 5-second debounce prevents rapid repeated updates for the same customer
If a customer should have access but doesn’t, the system automatically retries access provisioning. Check the Business Checkup page for any integration errors.

RFID Token Management

Paxton NET2 supports traditional RFID access tokens (cards, fobs, tags). To assign tokens to customers:
  1. Go to Operations > Customers
  2. Select the customer
  3. In their profile, enter token IDs in the Access Card ID field
  4. Separate multiple tokens with commas: 123456,789012,345678
  5. Save the customer profile
Token behavior:
  • No token: User exists in Paxton NET2 but cannot unlock doors (no physical credentials)
  • Token assigned: Customer can use physical RFID token to unlock doors
  • Token removed: Physical access is revoked (user remains in system)
  • Multiple tokens: Customer can have multiple tokens assigned simultaneously
Token configuration:
  • Token Type: Configurable in integration settings (defaults to “Unspecified”)
  • Tokens are automatically created/updated/deleted based on the Access Card ID field
  • Token IDs should match the format expected by your Paxton NET2 system
  • Each token is associated with the customer’s user record in Paxton NET2
Unlike cloud-based systems, Paxton NET2 does not support mobile access. Customers must use physical RFID tokens to unlock doors.

Timezone Configuration

Paxton NET2 supports timezone-based access restrictions, allowing you to control when customers can access specific areas:
  • Timezone ID: Configured in the integration settings (defaults to timezone 1)
  • Timezones are created in Paxton NET2 (e.g., “24/7 Access”, “Business Hours Only”, “Weekend Access”)
  • When customers are assigned to areas, they receive the configured timezone for those permissions
  • Different areas can have different timezone restrictions
Common timezone configurations:
  • Timezone 1: Typically configured as 24/7 access
  • Timezone 2: Business hours only (e.g., Monday-Friday 8 AM - 6 PM)
  • Timezone 3: Extended hours (e.g., Monday-Sunday 6 AM - 11 PM)
Timezones must be created and configured in your Paxton NET2 system before use. Nexudus applies the configured timezone ID to all area permissions granted through the integration.

Troubleshooting

Possible causes:
  1. Pass not mapped: The passes included in the customer’s plan are not mapped to any Paxton NET2 areas
    • Solution: Go to Settings > Integrations > Paxton Net2 and select areas for the relevant passes
  2. Area no longer exists: The selected area was deleted from Paxton NET2
    • Solution: Select a different area or recreate the area in Paxton NET2, then refresh the integration
  3. Pass expired or inactive: The customer’s pass has expired or hasn’t started yet
    • Solution: Check the customer’s passes under their profile to verify validity windows
  4. User not created: The customer wasn’t created in Paxton NET2
    • Solution: Check the Business Checkup page for integration errors, or manually trigger an update by editing and saving the customer’s profile
  5. Area permissions: The Paxton NET2 area exists but isn’t assigned to any doors
    • Solution: In Paxton NET2, verify the area includes the correct door controllers
  6. No token assigned: Customer exists in Paxton NET2 but has no physical credentials
    • Solution: Assign an RFID token in the customer’s Access Card ID field
  7. Network connectivity: Nexudus cannot reach your Paxton NET2 server
    • Solution: Check firewall rules, port forwarding (8443), and verify the Server IP is correct
  8. Timezone restrictions: Access is restricted by timezone settings
    • Solution: Verify the timezone configured in Paxton NET2 allows access at the current time
Possible causes:
  1. Resource not mapped: The booked resource is not mapped to any Paxton NET2 areas
    • Solution: Select areas for the resource in Settings > Integrations > Paxton Net2
  2. Booking too far in future: Access is only granted 15 minutes before booking start time
    • Solution: Wait until booking is within 15 minutes of start time
  3. Booking not confirmed: Some resources require booking confirmation
    • Solution: Confirm the booking if it’s in pending state
  4. No token assigned: Customer has no physical token to use
    • Solution: Assign an RFID token to the customer’s profile
Possible causes:
  1. Token format: Token IDs don’t match the format expected by your Paxton NET2 system
    • Solution: Check your Paxton NET2 system documentation for the correct token ID format
  2. Token not synced: Recent token changes haven’t been synced to Paxton NET2
    • Solution: Wait a few minutes for sync, or manually trigger by editing and saving the customer profile
  3. Token type mismatch: Token type configured in Nexudus doesn’t match Paxton NET2
    • Solution: Verify the Token Type setting matches your Paxton NET2 configuration
  4. User inactive: Customer’s user account is inactive in Paxton NET2
    • Solution: Verify customer has active passes/contracts that grant access
  5. Token reader issue: Physical hardware problem
    • Solution: Test tokens on different readers to isolate hardware issues
Possible causes:
  1. Incorrect server address: The server URL is incorrect or malformed
    • Solution: Verify the correct URL format:
      • Network Bridge: https://bridge.nexudus.com/{DEVICE_ID}/
      • Port Forwarding: https://YOUR_PUBLIC_IP:8443/
  2. Network Bridge not running: If using the bridge, it may not be online
    • Solution: Verify the Bridge Agent is running and registered (check bridge status dashboard)
  3. Port not forwarded: If using port forwarding, port 8443 is not accessible
    • Solution: Configure port forwarding on your firewall to forward port 8443 to your Paxton NET2 server, or switch to Network Bridge for easier setup
  4. Invalid credentials: Username or password is incorrect
    • Solution: Verify credentials have administrative access in Paxton NET2
  5. Client ID incorrect: Wrong Client ID entered
    • Solution: Ensure you’re using 8bea7086-c5bb-4d71-98ca-a81be791e82b as the Client ID
  6. License file missing: Nexudus license file not installed in NET2
    • Solution: Contact Nexudus support to obtain the license file and install it via the Local API Configuration Utility
  7. SSL certificate issues: Certificate validation failing
    • Solution: Ensure valid SSL certificates, or contact support if using self-signed certificates
  8. Service not running: Paxton NET2 Service is not running
    • Solution: Restart the NET2 Service from Windows Services panel
  9. API not enabled: Local API not enabled in NET2 Configuration Utility
    • Solution: Enable the Local API via NET2 Local API Configuration Utility and restart the service
Possible causes:
  1. Area deleted: Area was selected but has since been deleted from Paxton NET2
    • Solution: Recreate the area in Paxton NET2 or select a different area in Nexudus
  2. Stale area list: Available areas not refreshed after changes in Paxton NET2
    • Solution: Re-save your connection settings to refresh the area list from Paxton NET2
  3. API permissions: Paxton NET2 user doesn’t have permission to modify area assignments
    • Solution: Ensure the API user has administrative permissions in Paxton NET2
  4. Background job delay: Updates are queued but not yet processed
    • Solution: Wait a few minutes for background jobs to process
  5. Timezone configuration error: Invalid timezone ID configured
    • Solution: Verify the timezone ID exists in your Paxton NET2 system

Monitoring Integration Errors

Nexudus monitors your access control integration and alerts you to any issues that need attention.

Business Checkup Dashboard

Access control integration errors are displayed on the Business Checkup page:
  1. Go to Home > Important Items in the dashboard, or
  2. Navigate directly to dashboard.nexudus.com/dashboards/checkup
  3. Look for the Access Control Integration tile
  4. If there are errors, the tile will be displayed in red

What Gets Flagged

  • Authentication failures: Invalid credentials or connection errors
  • Provisioning errors: Failed attempts to create or update customer access
  • Configuration issues: Missing or invalid area mappings
  • Network connectivity: Connection timeouts or unreachable server
  • API errors: Errors returned by the Paxton NET2 API
Each error includes:
  • The customer affected
  • The nature of the problem
  • When the error occurred
  • Suggested actions to resolve it
Nexudus automatically retries failed operations. If errors persist, check the Business Checkup page for detailed information and follow the suggested resolution steps.

Security Considerations

Data Shared with Paxton NET2

When provisioning access, Nexudus shares the following information with Paxton NET2:
  • Customer data: First name, last name
  • External ID: Nexudus customer ID stored in the FAX field (used to link records between systems)
  • RFID tokens: Token IDs from the Access Card ID field
  • Token type: Token type from integration settings
Nexudus does not share:
  • Email addresses
  • Phone numbers
  • Billing information
  • Payment details
  • Contract specifics (only area assignments)
  • Personal notes or custom fields

Network Security

  • HTTPS encryption: All communication uses HTTPS (SSL/TLS)
  • OAuth2 authentication: Resource Owner Password Credentials flow with access tokens
  • On-premises control: Your Paxton NET2 system remains on your local network
  • Bridge security: If using Network Bridge, all traffic is encrypted through secure tunnel (no inbound ports)
  • Port forwarding security: If using port forwarding, restrict firewall rules to Nexudus IP addresses only
The Network Bridge is recommended for enhanced security as it requires no inbound firewall ports. See Network Bridge documentation for security details.

Credential Management

  • Physical tokens: Managed in both Nexudus and Paxton NET2; always assign through Nexudus
  • User passwords: Never shared with Nexudus; authentication is handled by Paxton NET2
  • API credentials: Stored securely in Nexudus; transmitted over HTTPS only

Best Practices

Area Organization

Create areas in Paxton NET2 based on access levels, not products or plans:
  • Good: “24/7Access”, “BusinessHours”, “MeetingRooms”, “PrivateOffices”
  • Avoid: “HotDeskPlan”, “DedicatedDeskPlan” (these are billing products, not access types)
This approach lets you grant the same physical access through multiple plans.

Naming Conventions

  • Create descriptive area names in Paxton NET2 that make them easy to identify in the dropdown
  • Avoid overly long area names that are difficult to read in the admin panel
  • Document area-to-door mappings in Paxton NET2 for future reference
  • Use consistent naming across different access control zones

Token Management

  • Assign unique token IDs to each customer
  • Keep spare tokens for emergencies
  • Regularly audit token assignments and deactivate unused tokens
  • Use the correct Token Type for your RFID card system
  • Test new tokens immediately after assignment

Timezone Configuration

  • Configure timezones in Paxton NET2 before mapping areas in Nexudus
  • Use timezone 1 for 24/7 access (most common)
  • Create separate timezones for business hours, extended hours, and weekends
  • Document which timezone ID corresponds to which access schedule
  • Test timezone restrictions to ensure they work as expected

Network Connectivity

Using Network Bridge (Recommended):
  • No firewall configuration required
  • Secure outbound connection to Nexudus
  • Easy setup and maintenance
  • See Network Bridge documentation for installation
Using Port Forwarding:
  • Configure firewall to forward port 8443 (or custom port) to Paxton NET2 server
  • Restrict access to Nexudus IP addresses only
  • Ensure valid SSL certificates for production use
  • Use static IP or DNS for consistent connectivity

Technical Details

API Architecture

  • Protocol: HTTPS with JSON-based REST API
  • Authentication: OAuth2 Resource Owner Password Credentials flow
  • Token Endpoint: {ServerIp}/api/v1/authorization/tokens
  • Base URL: {ServerIp}/api/ (typically https://YOUR_IP:8443/api/)
  • Client Credential Style: POST body
  • Scope: offline_access

User Model

Paxton NET2 users created by Nexudus:
  • FirstName: Customer’s first name
  • LastName: Customer’s last name
  • Fax: Nexudus customer ID (used for external reference)
  • ActivateDate: Set to 15 minutes before current time
  • IndividualPermissions: List of area IDs with timezone restrictions

Token Model

RFID tokens managed by Nexudus:
  • TokenValue: The RFID card number
  • TokenType: Configurable type (defaults to “Unspecified”)
  • Tokens are created, updated, and deleted based on Access Card ID field
  • Multiple tokens per user supported

Permission Set Model

{
  "AccessLevels": [],
  "IndividualPermissions": [
    {
      "Id": 123,
      "TimezoneId": 1
    }
  ]
}

Business Settings Reference

SettingPurpose
PaxtonNet2.EnabledIntegration enabled flag (“true”/“false”)
PaxtonNet2.UsernameAdministrator username for API authentication
PaxtonNet2.PasswordAdministrator password for API authentication
PaxtonNet2.ServerIpServer URL in format https://IP:PORT
PaxtonNet2.ClientIdFixed Nexudus identifier: 8bea7086-c5bb-4d71-98ca-a81be791e82b
PaxtonNet2.TokenTypeRFID token type (defaults to “Unspecified”)
PaxtonNet2.TimeZoneIdTimezone ID for area permissions (defaults to 1)

Access Update Logic

  1. Passes: Active passes from contracts + shared passes from paying member
  2. Check-ins: Passes from open check-ins (maintains access during session)
  3. Bookings: Resources with bookings starting within 15 minutes
  4. Booking guests: Resources from bookings where customer is a visitor
  5. Desks: Desks from active contracts (own + team billing)
  6. Areas: Aggregated list of unique area IDs
  7. User provisioning: Create/update user with aggregated area permissions
  8. Token management: Create/update/delete tokens based on AccessCardID field
  9. Signature: Access signature stored to detect changes

External IDs

  • Customers: Fax field set to Nexudus coworker ID (integer as string)
  • Lookup: Users retrieved via API filtering on Fax field
  • Uniqueness: Fax field ensures no duplicate users

Error Handling

  • Authentication failures: Logged to business log entries; integration automatically disabled
  • Provisioning errors: Automatic retry with exponential backoff (5 attempts, 60-second delay)
  • Business Checkup: Integration errors displayed on dashboard
  • Event system: OnExceptionHandler raises AccessControlEventData for error tracking
  • Distributed locking: Prevents concurrent updates to same customer

Token Management Logic

  • Multiple tokens: Comma-separated list in AccessCardID field
  • Token sync: Existing tokens compared with current AccessCardID, unused tokens deleted
  • No tokens: If AccessCardID is empty, all tokens are removed
  • Token creation: Each token ID gets separate token record with specified type

Performance Optimization

  • Debouncing: 5-second debounce prevents rapid repeated updates for same customer
  • Queue: Access control updates run in dedicated Hangfire queue (1_access_control)
  • Critical queue: Immediate updates use priority queue (1_critical)
  • Distributed locking: Prevents concurrent access updates across multiple servers
  • Read uncommitted: Uses read uncommitted isolation level for performance

Network Requirements

Using Network Bridge:
  • Bridge Agent must be installed and running on local network
  • Outbound HTTPS connection to bridge.nexudus.com (no inbound ports)
  • Local network access to Paxton NET2 server
  • See Network Bridge documentation for full requirements
Using Port Forwarding:
  • Public IP address with port 8443 (or custom port) forwarded to Paxton NET2 server
  • Firewall configured to allow HTTPS from Nexudus servers
  • Static IP or DNS hostname recommended
  • SSL/TLS certificate (self-signed accepted but not recommended)

License File Installation

  1. Contact Nexudus support to obtain the Nexudus license file for Paxton NET2
  2. Open NET2 Configuration Utility (SvrConf.exe)
  3. Navigate to Security tab
  4. Open Local API Configuration Utility
  5. Install the Nexudus-provided license file
  6. Restart NET2 Service
  7. Use the fixed Client ID 8bea7086-c5bb-4d71-98ca-a81be791e82b in Nexudus integration settings