Physical access cards that people scan at card readers. The most common and reliable type of credential in DoorFlow.
What Are Card Credentials?
Physical cards containing embedded chips or magnetic strips that are scanned at card readers to unlock doors.
Technology
When to Use Cards
Best for
Not ideal for
Checking Your Credential Types
Before creating card credentials, verify your account supports them:
Request:
curl -X GET "https://api.doorflow.com/api/3/credential_types" \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN"
Response:
{
"credential_types": [
{
"id": 5,
"name": "Card",
"format": "numeric",
"description": "Physical access card"
}
]
}
Note the id - you'll use this when creating credentials (typically 5 for cards).
Creating Card Credentials
Request:
curl -X POST "https://api.doorflow.com/api/3/people/12345/credentials" \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"person_credential": {
"credential_type_id": 5,
"value": "1234567890",
"enabled": true
}
}'
Parameters
credential_type_id: ID for "Card" from your credential types (typically 5)
value: The card number (facility code + card number combined)
- Format varies by card type
- Usually 8-10 digits
- Must match the physical card number
enabled: Set to true to activate immediately
Response:
{
"id": "cred_abc123",
"credential_type_id": 5,
"value": "1234567890",
"enabled": true,
"person_id": 12345,
"created_at": "2024-01-15T14:25:00Z"
}
Understanding Card Number Formats
Different card technologies use different number formats:
26-bit Wiegand (most common)
FFFCCCCC (3-digit facility code + 5-digit card number)
001, Card 12345 → stored as 00112345
34-bit Wiegand
012345 67890
Finding the card number
Example:
Physical card prints: "001 - 12345"
API value: "00112345" (combined, no spaces)
Managing Card Credentials
Disabling a Card
Temporarily disable without deleting (maintains audit trail):
curl -X PUT "https://api.doorflow.com/api/3/people/12345/credentials/cred_abc123" \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"person_credential": {
"enabled": false
}
}'
Use cases
Re-enabling a Card
curl -X PUT "https://api.doorflow.com/api/3/people/12345/credentials/cred_abc123" \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"person_credential": {
"enabled": true
}
}'
Deleting a Card
Permanently remove:
curl -X DELETE "https://api.doorflow.com/api/3/people/12345/credentials/cred_abc123" \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN"
Warning: Deleting removes the credential from audit trail. Prefer disabling unless you have a specific reason to delete.
Listing a Person's Credentials
See all credentials for a person:
curl -X GET "https://api.doorflow.com/api/3/people/12345/credentials" \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN"
Response:
{
"credentials": [
{
"id": "cred_abc123",
"credential_type_id": 5,
"credential_type_name": "Card",
"value": "1234567890",
"enabled": true,
"person_id": 12345,
"created_at": "2024-01-15T14:25:00Z"
}
]
}
Best Practices
Issue backup credentials: Give users both a card AND a PIN in case they forget their card.
# Issue card
POST /api/3/people/12345/credentials
{
"credential_type_id": 5,
"value": "1234567890",
"enabled": true
}
# Issue backup PIN
POST /api/3/people/12345/credentials
{
"credential_type_id": 6,
"value": "******",
"enabled": true
}
Track physical cards
Collect cards on termination
Disable lost cards immediately
enabled: false instead of deleting
Test new cards
Common Questions
Can I change a card number after creation?
A: No. Credential values are immutable. To change a card number, disable the old credential and create a new one.
What happens if I enter the wrong card number?
A: The card won't work at doors. Disable the incorrect credential and create a new one with the correct number.
Can two people have the same card number?
A: No. DoorFlow prevents duplicate credential values. Each card number must be unique.
What happens if a person has both an enabled and disabled card?
A: The enabled card works normally. The disabled card won't grant access but remains in the system for audit purposes.
How do I replace a lost card?
A: Disable the old card credential, obtain a new physical card with a different number, and create a new credential with the new card number.
Can I reuse a card number after deleting it?
A: Yes, but only after deletion. If disabled, the number is still in use. However, prefer disabling over deletion for audit trail purposes.
Quick Reference
List credential types:
GET /api/3/credential_types
Create card:
POST /api/3/people/{person_id}/credentials
Body: {
"credential_type_id": 5,
"value": "card_number",
"enabled": true
}
List person's credentials:
GET /api/3/people/{person_id}/credentials
Disable card:
PUT /api/3/people/{person_id}/credentials/{credential_id}
Body: { "enabled": false }
Delete card:
DELETE /api/3/people/{person_id}/credentials/{credential_id}
Required OAuth scope: account.person (write) or account.person.readonly (read)
Next Steps
Need different credential types?
- [PIN Credentials] - Keypad codes for backup access
- [Mobile Credentials] - Smartphone-based access