Create Card Template
Only available for enterprise customers - allows you to create an empty card template using our console API.
name
string
The name to display for this card template in the AccessGrid console UI
platform
string
Must be one of `apple` or `google`
use_case
string
Must be one of `corporate_id`, `student_id`, `multi_family`, or `hotel`
protocol
string
Must be `desfire` or `seos` - HID Seos only available for enterprise customers
allow_on_multiple_devices
nullable boolean
False by default. Set to true if you'd like to enable the Access Passes issued using this template to exist on multiple devices (think phone and watch)
watch_count
nullable integer
Only allowed to be set if `allow_on_multiple_devices` is set to true. Any number between 1-5 is acceptable.
iphone_count
nullable integer
Only allowed to be set if `allow_on_multiple_devices` is set to true. Any number between 1-5 is acceptable.
background_color
nullable string
Must be a 6 character hexadecimal value for the background color of the template, i.e. #FFFFFF
label_color
nullable string
Must be a 6 character hexadecimal value for the label color for the template, i.e. #000000
label_secondary_color
nullable string
Must be a 6 character hexadecimal value for the secondary label color for the template, i.e. #333333
support_url
nullable string
Shows on the back of the issued Access Pass.
support_phone_number
nullable string
Shows on the back of the issued Access Pass.
support_email
nullable string
Shows on the back of the issued Access Pass.
privacy_policy_url
nullable string
Shows on the back of the issued Access Pass.
terms_and_conditions_url
nullable string
Shows on the back of the issued Access Pass.
metadata
nullable object
Custom JSON object for storing additional metadata associated with the pass template. Can contain any valid JSON data.
background
nullable string
Base64-encoded PNG image for the card background. Max 10MB. Dimension limits vary by platform: Apple ≤1536×969, Android Smart Tap ≤1032×336, Android Seos ≤1456×928. For Seos templates, the HID logo is automatically composited onto the background.
logo
nullable string
Base64-encoded PNG image for the card logo. Max 10MB. Dimension limits vary by platform: Apple ≤1372×283, Android Smart Tap ≤430×430, Android Seos must be exactly 200×200, 133×133, or 67×67.
icon
nullable string
Base64-encoded PNG image for the card icon. Max 10MB. Apple must be exactly 200×200. Android Seos must be exactly 200×200, 133×133, or 67×67. Not accepted for Android Smart Tap.
Request
curl -v \
-X POST \
-H 'X-ACCT-ID: 123' \
-H "X-PAYLOAD-SIG: $HASH" \
-d '{
"name": "Employee Access Pass",
"platform": "apple",
"use_case": "corporate_id",
"protocol": "desfire",
"allow_on_multiple_devices": true,
"watch_count": 2,
"iphone_count": 3,
"background_color": "#FFFFFF",
"label_color": "#000000",
"label_secondary_color": "#333333",
"support_url": "https://help.yourcompany.com",
"support_phone_number": "+1-555-123-4567",
"support_email": "[email protected]",
"privacy_policy_url": "https://yourcompany.com/privacy",
"terms_and_conditions_url": "https://yourcompany.com/terms",
"metadata": {
"version": "2.1",
"approval_status": "approved"
}
}' \
"https://api.accessgrid.com/v1/console/card-templates/"
require 'accessgrid'
acct_id = ENV['ACCOUNT_ID']
secret_key = ENV['SECRET_KEY']
client = AccessGrid.new(acct_id, secret_key)
template = client.console.create_template(
name: "Employee Access Pass",
platform: "apple",
use_case: "corporate_id",
protocol: "desfire",
allow_on_multiple_devices: true,
watch_count: 2,
iphone_count: 3,
background_color: "#FFFFFF",
label_color: "#000000",
label_secondary_color: "#333333",
support_url: "https://help.yourcompany.com",
support_phone_number: "+1-555-123-4567",
support_email: "[email protected]",
privacy_policy_url: "https://yourcompany.com/privacy",
terms_and_conditions_url: "https://yourcompany.com/terms",
metadata: {
version: "2.1",
approval_status: "approved"
}
)
puts "Template created successfully: #{template.id}"
import AccessGrid from 'accessgrid';
const accountId = process.env.ACCOUNT_ID;
const secretKey = process.env.SECRET_KEY;
const client = new AccessGrid(accountId, secretKey);
const createTemplate = async () => {
try {
const template = await client.console.createTemplate({
name: "Employee Access Pass",
platform: "apple",
useCase: "corporate_id",
protocol: "desfire",
allowOnMultipleDevices: true,
watchCount: 2,
iphoneCount: 3,
backgroundColor: "#FFFFFF",
labelColor: "#000000",
labelSecondaryColor: "#333333",
supportUrl: "https://help.yourcompany.com",
supportPhoneNumber: "+1-555-123-4567",
supportEmail: "[email protected]",
privacyPolicyUrl: "https://yourcompany.com/privacy",
termsAndConditionsUrl: "https://yourcompany.com/terms",
metadata: {
version: "2.1",
approvalStatus: "approved"
}
});
console.log(`Template created successfully: ${template.id}`);
} catch (error) {
console.error('Error creating template:', error);
}
};
createTemplate();
from accessgrid import AccessGrid
import os
account_id = os.getenv('ACCOUNT_ID')
secret_key = os.getenv('SECRET_KEY')
client = AccessGrid(account_id, secret_key)
template = client.console.create_template(
name="Employee Access Pass",
platform="apple",
use_case="corporate_id",
protocol="desfire",
allow_on_multiple_devices=True,
watch_count=2,
iphone_count=3,
background_color="#FFFFFF",
label_color="#000000",
label_secondary_color="#333333",
support_url="https://help.yourcompany.com",
support_phone_number="+1-555-123-4567",
support_email="[email protected]",
privacy_policy_url="https://yourcompany.com/privacy",
terms_and_conditions_url="https://yourcompany.com/terms",
metadata={
"version": "2.1",
"approval_status": "approved"
}
)
print(f"Template created successfully: {template.id}")
package main
import (
"context"
"fmt"
"os"
"github.com/Access-Grid/accessgrid-go"
)
func main() {
accountID := os.Getenv("ACCOUNT_ID")
secretKey := os.Getenv("SECRET_KEY")
client, err := accessgrid.NewClient(accountID, secretKey)
if err != nil {
fmt.Printf("Error creating client: %v\n", err)
return
}
params := accessgrid.CreateTemplateParams{
Name: "Employee Access Pass",
Platform: "apple",
UseCase: "corporate_id",
Protocol: "desfire",
AllowOnMultipleDevices: true,
WatchCount: 2,
IPhoneCount: 3,
BackgroundColor: "#FFFFFF",
LabelColor: "#000000",
LabelSecondaryColor: "#333333",
SupportURL: "https://help.yourcompany.com",
SupportPhoneNumber: "+1-555-123-4567",
SupportEmail: "[email protected]",
PrivacyPolicyURL: "https://yourcompany.com/privacy",
TermsAndConditionsURL: "https://yourcompany.com/terms",
Metadata: map[string]interface{}{
"version": "2.1",
"approval_status": "approved",
},
}
ctx := context.Background()
template, err := client.Console.CreateTemplate(ctx, params)
if err != nil {
fmt.Printf("Error creating template: %v\n", err)
return
}
fmt.Printf("Template created successfully: %s\n", template.ID)
}
using AccessGrid;
public async Task CreateTemplateAsync()
{
var accountId = Environment.GetEnvironmentVariable("ACCOUNT_ID");
var secretKey = Environment.GetEnvironmentVariable("SECRET_KEY");
var client = new AccessGridClient(accountId, secretKey);
var template = await client.Console.CreateTemplateAsync(new CreateTemplateRequest
{
Name = "Employee Access Pass",
Platform = "apple",
UseCase = "corporate_id",
Protocol = "desfire",
AllowOnMultipleDevices = true,
WatchCount = 2,
IPhoneCount = 3,
BackgroundColor = "#FFFFFF",
LabelColor = "#000000",
LabelSecondaryColor = "#333333",
SupportUrl = "https://help.yourcompany.com",
SupportPhoneNumber = "+1-555-123-4567",
SupportEmail = "[email protected]",
PrivacyPolicyUrl = "https://yourcompany.com/privacy",
TermsAndConditionsUrl = "https://yourcompany.com/terms",
Metadata = new Dictionary<string, object>
{
["version"] = "2.1",
["approval_status"] = "approved"
}
});
Console.WriteLine($"Template created successfully: {template.Id}");
}
import com.organization.accessgrid.AccessGridClient;
import com.organization.accessgrid.model.CreateTemplateRequest;
import com.organization.accessgrid.model.Template;
public class ConsoleService {
private final AccessGridClient client;
public ConsoleService() {
String accountId = System.getenv("ACCOUNT_ID");
String secretKey = System.getenv("SECRET_KEY");
this.client = new AccessGridClient(accountId, secretKey);
}
public Template createTemplate() throws AccessGridException {
CreateTemplateRequest request = CreateTemplateRequest.builder()
.name("Employee Access Pass")
.platform("apple")
.useCase("corporate_id")
.protocol("desfire")
.allowOnMultipleDevices(true)
.watchCount(2)
.iphoneCount(3)
.backgroundColor("#FFFFFF")
.labelColor("#000000")
.labelSecondaryColor("#333333")
.supportUrl("https://help.yourcompany.com")
.supportPhoneNumber("+1-555-123-4567")
.supportEmail("[email protected]")
.privacyPolicyUrl("https://yourcompany.com/privacy")
.termsAndConditionsUrl("https://yourcompany.com/terms")
.metadata(Map.of(
"version", "2.1",
"approval_status", "approved"
))
.build();
Template template = client.console().createTemplate(request);
System.out.printf("Template created successfully: %s%n", template.getId());
return template;
}
}
<?php
require 'vendor/autoload.php';
use AccessGridClient;
$accountId = $_ENV['ACCOUNT_ID'];
$secretKey = $_ENV['SECRET_KEY'];
$client = new Client($accountId, $secretKey);
$template = $client->console->createTemplate([
'name' => 'Employee Access Pass',
'platform' => 'apple',
'use_case' => 'corporate_id',
'protocol' => 'desfire',
'allow_on_multiple_devices' => true,
'watch_count' => 2,
'iphone_count' => 3,
'background_color' => '#FFFFFF',
'label_color' => '#000000',
'label_secondary_color' => '#333333',
'support_url' => 'https://help.yourcompany.com',
'support_phone_number' => '+1-555-123-4567',
'support_email' => '[email protected]',
'privacy_policy_url' => 'https://yourcompany.com/privacy',
'terms_and_conditions_url' => 'https://yourcompany.com/terms',
'metadata' => [
'version' => '2.1',
'approval_status' => 'approved'
]
]);
echo "Template created successfully: {$template->id}\n";
Response
{
"id": "tpl_0xd3adb00b5",
"estimated_publishing_date": "2026-01-05T12:00:00Z",
"metadata": {
"version": "2.1",
"approvalStatus": "approved"
}
}
Update Card Template
Only available for enterprise customers - allows you to update certain attributes of an existing card template using our console API.
card_template_id
string
The card template id you want to update
name
nullable string
The name to display for this card template in the AccessGrid console UI
platform
nullable string
Must be one of `apple` or `google`
use_case
nullable string
Must be one of `corporate_id`, `student_id`, `multi_family`, or `hotel`
protocol
nullable string
Must be `desfire` or `seos` - HID Seos only available for enterprise customers
allow_on_multiple_devices
nullable boolean
False by default. Set to true if you'd like to enable the Access Passes issued using this template to exist on multiple devices (think phone and watch)
watch_count
nullable integer
Only allowed to be set if `allow_on_multiple_devices` is set to true. Any number between 1-5 is acceptable.
iphone_count
nullable integer
Only allowed to be set if `allow_on_multiple_devices` is set to true. Any number between 1-5 is acceptable.
background_color
nullable string
Must be a 6 character hexadecimal value for the background color of the template, i.e. #FFFFFF
label_color
nullable string
Must be a 6 character hexadecimal value for the label color for the template, i.e. #000000
label_secondary_color
nullable string
Must be a 6 character hexadecimal value for the secondary label color for the template, i.e. #333333
support_url
nullable string
Shows on the back of the issued Access Pass.
support_phone_number
nullable string
Shows on the back of the issued Access Pass.
support_email
nullable string
Shows on the back of the issued Access Pass.
privacy_policy_url
nullable string
Shows on the back of the issued Access Pass.
terms_and_conditions_url
nullable string
Shows on the back of the issued Access Pass.
metadata
nullable object
Custom JSON object for storing additional metadata associated with the pass template. Can contain any valid JSON data.
background
nullable string
Base64-encoded PNG image for the card background. Max 10MB. Dimension limits vary by platform: Apple ≤1536×969, Android Smart Tap ≤1032×336, Android Seos ≤1456×928. For Seos templates, the HID logo is automatically composited onto the background.
logo
nullable string
Base64-encoded PNG image for the card logo. Max 10MB. Dimension limits vary by platform: Apple ≤1372×283, Android Smart Tap ≤430×430, Android Seos must be exactly 200×200, 133×133, or 67×67.
icon
nullable string
Base64-encoded PNG image for the card icon. Max 10MB. Apple must be exactly 200×200. Android Seos must be exactly 200×200, 133×133, or 67×67. Not accepted for Android Smart Tap.
Request
curl -v \
-X PATCH \
-H 'X-ACCT-ID: 123' \
-H "X-PAYLOAD-SIG: $HASH" \
-d '{
"card_template_id": "0xd3adb00b5",
"name": "Updated Employee Access Pass",
"allow_on_multiple_devices": true,
"watch_count": 2,
"iphone_count": 3,
"background_color": "#FFFFFF",
"label_color": "#000000",
"label_secondary_color": "#333333",
"support_url": "https://help.yourcompany.com",
"support_phone_number": "+1-555-123-4567",
"support_email": "[email protected]",
"privacy_policy_url": "https://yourcompany.com/privacy",
"terms_and_conditions_url": "https://yourcompany.com/terms",
"metadata": {
"version": "2.2",
"last_updated_by": "admin"
}
}' \
"https://api.accessgrid.com/v1/console/card-templates/{template_id}"
require 'accessgrid'
acct_id = ENV['ACCOUNT_ID']
secret_key = ENV['SECRET_KEY']
client = AccessGrid.new(acct_id, secret_key)
template = client.console.update_template(
card_template_id: "0xd3adb00b5",
name: "Updated Employee Access Pass",
allow_on_multiple_devices: true,
watch_count: 2,
iphone_count: 3,
background_color: "#FFFFFF",
label_color: "#000000",
label_secondary_color: "#333333",
support_url: "https://help.yourcompany.com",
support_phone_number: "+1-555-123-4567",
support_email: "[email protected]",
privacy_policy_url: "https://yourcompany.com/privacy",
terms_and_conditions_url: "https://yourcompany.com/terms",
metadata: {
version: "2.2",
last_updated_by: "admin"
}
)
puts "Template updated successfully: #{template.id}"
import AccessGrid from 'accessgrid';
const accountId = process.env.ACCOUNT_ID;
const secretKey = process.env.SECRET_KEY;
const client = new AccessGrid(accountId, secretKey);
const updateTemplate = async () => {
try {
const template = await client.console.updateTemplate({
cardTemplateId: "0xd3adb00b5",
name: "Updated Employee Access Pass",
allowOnMultipleDevices: true,
watchCount: 2,
iphoneCount: 3,
backgroundColor: "#FFFFFF",
labelColor: "#000000",
labelSecondaryColor: "#333333",
supportUrl: "https://help.yourcompany.com",
supportPhoneNumber: "+1-555-123-4567",
supportEmail: "[email protected]",
privacyPolicyUrl: "https://yourcompany.com/privacy",
termsAndConditionsUrl: "https://yourcompany.com/terms",
metadata: {
version: "2.2",
lastUpdatedBy: "admin"
}
});
console.log(`Template updated successfully: ${template.id}`);
} catch (error) {
console.error('Error updating template:', error);
}
};
updateTemplate();
from accessgrid import AccessGrid
import os
account_id = os.getenv('ACCOUNT_ID')
secret_key = os.getenv('SECRET_KEY')
client = AccessGrid(account_id, secret_key)
template = client.console.update_template(
card_template_id="0xd3adb00b5",
name="Updated Employee Access Pass",
allow_on_multiple_devices=True,
watch_count=2,
iphone_count=3,
background_color="#FFFFFF",
label_color="#000000",
label_secondary_color="#333333",
support_url="https://help.yourcompany.com",
support_phone_number="+1-555-123-4567",
support_email="[email protected]",
privacy_policy_url="https://yourcompany.com/privacy",
terms_and_conditions_url="https://yourcompany.com/terms",
metadata={
"version": "2.2",
"last_updated_by": "admin"
}
)
print(f"Template updated successfully: {template.id}")
package main
import (
"context"
"fmt"
"os"
"github.com/Access-Grid/accessgrid-go"
)
func main() {
accountID := os.Getenv("ACCOUNT_ID")
secretKey := os.Getenv("SECRET_KEY")
client, err := accessgrid.NewClient(accountID, secretKey)
if err != nil {
fmt.Printf("Error creating client: %v\n", err)
return
}
allowMulti := true
params := accessgrid.UpdateTemplateParams{
CardTemplateID: "0xd3adb00b5",
Name: "Updated Employee Access Pass",
AllowOnMultipleDevices: &allowMulti,
WatchCount: 2,
IPhoneCount: 3,
BackgroundColor: "#FFFFFF",
LabelColor: "#000000",
LabelSecondaryColor: "#333333",
SupportURL: "https://help.yourcompany.com",
SupportPhoneNumber: "+1-555-123-4567",
SupportEmail: "[email protected]",
PrivacyPolicyURL: "https://yourcompany.com/privacy",
TermsAndConditionsURL: "https://yourcompany.com/terms",
}
ctx := context.Background()
template, err := client.Console.UpdateTemplate(ctx, params)
if err != nil {
fmt.Printf("Error updating template: %v\n", err)
return
}
fmt.Printf("Template updated successfully: %s\n", template.ID)
}
using AccessGrid;
public async Task UpdateTemplateAsync()
{
var accountId = Environment.GetEnvironmentVariable("ACCOUNT_ID");
var secretKey = Environment.GetEnvironmentVariable("SECRET_KEY");
var client = new AccessGridClient(accountId, secretKey);
var template = await client.Console.UpdateTemplateAsync(
new UpdateTemplateRequest
{
CardTemplateId = "0xd3adb00b5",
Name = "Updated Employee Access Pass",
AllowOnMultipleDevices = true,
WatchCount = 2,
IPhoneCount = 3,
BackgroundColor = "#FFFFFF",
LabelColor = "#000000",
LabelSecondaryColor = "#333333",
SupportUrl = "https://help.yourcompany.com",
SupportPhoneNumber = "+1-555-123-4567",
SupportEmail = "[email protected]",
PrivacyPolicyUrl = "https://yourcompany.com/privacy",
TermsAndConditionsUrl = "https://yourcompany.com/terms"
}
);
Console.WriteLine($"Template updated successfully: {template.Id}");
}
import com.organization.accessgrid.AccessGridClient;
import com.organization.accessgrid.model.UpdateTemplateRequest;
import com.organization.accessgrid.model.Template;
public class ConsoleService {
private final AccessGridClient client;
public ConsoleService() {
String accountId = System.getenv("ACCOUNT_ID");
String secretKey = System.getenv("SECRET_KEY");
this.client = new AccessGridClient(accountId, secretKey);
}
public Template updateTemplate() throws AccessGridException {
UpdateTemplateRequest request = UpdateTemplateRequest.builder()
.cardTemplateId("0xd3adb00b5")
.name("Updated Employee Access Pass")
.allowOnMultipleDevices(true)
.watchCount(2)
.iphoneCount(3)
.backgroundColor("#FFFFFF")
.labelColor("#000000")
.labelSecondaryColor("#333333")
.supportUrl("https://help.yourcompany.com")
.supportPhoneNumber("+1-555-123-4567")
.supportEmail("[email protected]")
.privacyPolicyUrl("https://yourcompany.com/privacy")
.termsAndConditionsUrl("https://yourcompany.com/terms")
.build();
Template template = client.console().updateTemplate(request);
System.out.printf("Template updated successfully: %s%n", template.getId());
return template;
}
}
<?php
require 'vendor/autoload.php';
use AccessGridClient;
$accountId = $_ENV['ACCOUNT_ID'];
$secretKey = $_ENV['SECRET_KEY'];
$client = new Client($accountId, $secretKey);
$template = $client->console->updateTemplate([
'card_template_id' => '0xd3adb00b5',
'name' => 'Updated Employee Access Pass',
'allow_on_multiple_devices' => true,
'watch_count' => 2,
'iphone_count' => 3,
'background_color' => '#FFFFFF',
'label_color' => '#000000',
'label_secondary_color' => '#333333',
'support_url' => 'https://help.yourcompany.com',
'support_phone_number' => '+1-555-123-4567',
'support_email' => '[email protected]',
'privacy_policy_url' => 'https://yourcompany.com/privacy',
'terms_and_conditions_url' => 'https://yourcompany.com/terms',
'metadata' => [
'version' => '2.2',
'last_updated_by' => 'admin'
]
]);
echo "Template updated successfully: {$template->id}\n";
Response
{
"id": "tpl_0xd3adb00b5",
"estimated_publishing_date": "2026-01-05T12:00:00Z",
"metadata": {
"version": "2.1",
"approvalStatus": "approved"
}
}
Read Card Template
Only available for enterprise customers - allows you to read basic info about an existing card template using our console API.
card_template_id
nullable string
Unique identifier for the card template to look up
Request
curl -v \
-X GET \
-H 'X-ACCT-ID: 123' \
-H "X-PAYLOAD-SIG: $HASH" \
"https://api.accessgrid.com/v1/console/card-templates/{template_id}"
require 'accessgrid'
acct_id = ENV['ACCOUNT_ID']
secret_key = ENV['SECRET_KEY']
client = AccessGrid.new(acct_id, secret_key)
template = client.console.read_template(
card_template_id: "0xd3adb00b5"
)
puts "Template ID: #{template.id}"
puts "Name: #{template.name}"
puts "Platform: #{template.platform}"
puts "Protocol: #{template.protocol}"
puts "Multi-device: #{template.allow_on_multiple_devices}"
import AccessGrid from 'accessgrid';
const accountId = process.env.ACCOUNT_ID;
const secretKey = process.env.SECRET_KEY;
const client = new AccessGrid(accountId, secretKey);
const readTemplate = async () => {
try {
const template = await client.console.readTemplate({
cardTemplateId: "0xd3adb00b5"
});
console.log(`Template ID: ${template.id}`);
console.log(`Name: ${template.name}`);
console.log(`Platform: ${template.platform}`);
console.log(`Protocol: ${template.protocol}`);
console.log(`Multi-device: ${template.allowOnMultipleDevices}`);
} catch (error) {
console.error('Error reading template:', error);
}
};
readTemplate();
from accessgrid import AccessGrid
import os
account_id = os.getenv('ACCOUNT_ID')
secret_key = os.getenv('SECRET_KEY')
client = AccessGrid(account_id, secret_key)
template = client.console.read_template(
card_template_id="0xd3adb00b5"
)
print(f"Template ID: {template.id}")
print(f"Name: {template.name}")
print(f"Platform: {template.platform}")
print(f"Protocol: {template.protocol}")
print(f"Multi-device: {template.allow_on_multiple_devices}")
package main
import (
"context"
"fmt"
"os"
"github.com/Access-Grid/accessgrid-go"
)
func main() {
accountID := os.Getenv("ACCOUNT_ID")
secretKey := os.Getenv("SECRET_KEY")
client, err := accessgrid.NewClient(accountID, secretKey)
if err != nil {
fmt.Printf("Error creating client: %v\n", err)
return
}
ctx := context.Background()
template, err := client.Console.ReadTemplate(ctx, "0xd3adb00b5")
if err != nil {
fmt.Printf("Error reading template: %v\n", err)
return
}
fmt.Printf("Template ID: %s\n", template.ID)
fmt.Printf("Name: %s\n", template.Name)
fmt.Printf("Platform: %s\n", template.Platform)
fmt.Printf("Protocol: %s\n", template.Protocol)
fmt.Printf("Multi-device: %v\n", template.AllowOnMultipleDevices)
}
using AccessGrid;
public async Task ReadTemplateAsync()
{
var accountId = Environment.GetEnvironmentVariable("ACCOUNT_ID");
var secretKey = Environment.GetEnvironmentVariable("SECRET_KEY");
var client = new AccessGridClient(accountId, secretKey);
var template = await client.Console.ReadTemplateAsync("0xd3adb00b5");
Console.WriteLine($"Template ID: {template.Id}");
Console.WriteLine($"Name: {template.Name}");
Console.WriteLine($"Platform: {template.Platform}");
Console.WriteLine($"Protocol: {template.Protocol}");
Console.WriteLine($"Multi-device: {template.AllowOnMultipleDevices}");
}
import com.organization.accessgrid.AccessGridClient;
import com.organization.accessgrid.model.Template;
public class ConsoleService {
private final AccessGridClient client;
public ConsoleService() {
String accountId = System.getenv("ACCOUNT_ID");
String secretKey = System.getenv("SECRET_KEY");
this.client = new AccessGridClient(accountId, secretKey);
}
public void readTemplate() throws AccessGridException {
Template template = client.console().readTemplate("0xd3adb00b5");
System.out.printf("Template ID: %s%n", template.getId());
System.out.printf("Name: %s%n", template.getName());
System.out.printf("Platform: %s%n", template.getPlatform());
System.out.printf("Protocol: %s%n", template.getProtocol());
System.out.printf("Multi-device: %b%n", template.getAllowOnMultipleDevices());
}
}
<?php
require 'vendor/autoload.php';
use AccessGridClient;
$accountId = $_ENV['ACCOUNT_ID'];
$secretKey = $_ENV['SECRET_KEY'];
$client = new Client($accountId, $secretKey);
$template = $client->console->readTemplate([
'card_template_id' => '0xd3adb00b5'
]);
echo "Template ID: {$template->id}\n";
echo "Name: {$template->name}\n";
echo "Platform: {$template->platform}\n";
echo "Protocol: {$template->protocol}\n";
echo "Multi-device: {$template->allow_on_multiple_devices}\n";
Response
{
"id": "tpl_0xd3adb00b5",
"name": "Employee Access Pass",
"platform": "apple",
"use_case": "corporate_id",
"protocol": "desfire",
"created_at": "2025-12-01T09:15:30Z",
"last_published_at": "2025-12-10T14:42:00Z",
"issued_keys_count": 125,
"active_keys_count": 118,
"allowed_device_counts": {
"allow_on_multiple_devices": true,
"watch": 2,
"iphone": 3
},
"support_settings": {
"url": "https://help.yourcompany.com",
"phone": "+1-555-123-4567",
"email": "[email protected]"
},
"terms_settings": {
"privacy_policy_url": "https://yourcompany.com/privacy",
"terms_and_conditions_url": "https://yourcompany.com/terms"
},
"style_settings": {
"background_color": "#FFFFFF",
"label_color": "#000000",
"label_secondary_color": "#333333"
},
"metadata": {
"version": "2.1",
"approvalStatus": "approved"
}
}
Reveal SmartTap Private Key
Only available for enterprise customers with a Google Wallet SmartTap template. Returns the SmartTap private key encrypted to a caller-supplied P-256 public key using ECDH-ES + AES-256-GCM. Each public key can only be used once per account and the endpoint is rate-limited to 1 request per minute per account. Use this to configure your own reader / collector hardware. Use the response's ephemeral_public_key as a one-time P-256 public key generated server-side for this response. Combine it with your local private key via ECDH to derive the AES-256-GCM key (HKDF-SHA256, info accessgrid-smart-tap-reveal-v1, salt empty, 32 bytes).
card_template_id
string
Unique identifier for the smart_tap card template whose private key should be revealed
client_public_key
string
PEM-encoded SubjectPublicKeyInfo for a fresh P-256 (prime256v1) EC public key. The corresponding private key is used locally to decrypt the response and must never leave the caller. Each public key value is accepted at most once per account.
Request
#!/usr/bin/env bash
# The shell example is illustrative only — in practice, use an SDK.
# You must generate a P-256 keypair locally, submit the public key,
# and decrypt the returned envelope with your private key.
CLIENT_PUB_PEM=$(cat client_p256_pub.pem)
BODY=$(jq -n --arg key "$CLIENT_PUB_PEM" '{client_public_key: $key}')
HASH=$(echo -n "$BODY" | base64 | openssl dgst -sha256 -hmac "$SECRET_KEY" | awk '{print $2}')
curl -v \
-X POST \
-H 'X-ACCT-ID: 123' \
-H "X-PAYLOAD-SIG: $HASH" \
-H 'Content-Type: application/json' \
-d "$BODY" \
"https://api.accessgrid.com/v1/console/card-templates/{template_id}/smart-tap/reveal"
require 'accessgrid'
acct_id = ENV['ACCOUNT_ID']
secret_key = ENV['SECRET_KEY']
client = AccessGrid.new(acct_id, secret_key)
# SDK generates a P-256 keypair locally, submits the public key, and
# decrypts the server's response. The private key never leaves the host.
result = client.console.reveal_template_private_key(
card_template_id: "0xd3adb00b5"
)
puts "Key version: #{result.key_version}"
puts "Collector ID: #{result.collector_id}"
puts "Fingerprint: #{result.fingerprint}"
puts result.private_key # PEM — store in your reader/collector key vault
import AccessGrid from 'accessgrid';
const accountId = process.env.ACCOUNT_ID;
const secretKey = process.env.SECRET_KEY;
const client = new AccessGrid(accountId, secretKey);
const revealKey = async () => {
try {
// SDK generates a P-256 keypair locally, submits the public key, and
// decrypts the server's response. The private key never leaves the host.
const result = await client.console.revealTemplatePrivateKey({
cardTemplateId: "0xd3adb00b5"
});
console.log(`Key version: ${result.keyVersion}`);
console.log(`Collector ID: ${result.collectorId}`);
console.log(`Fingerprint: ${result.fingerprint}`);
console.log(result.privateKey); // PEM — store in your reader/collector key vault
} catch (error) {
console.error('Error revealing template private key:', error);
}
};
revealKey();
from accessgrid import AccessGrid
import os
account_id = os.getenv('ACCOUNT_ID')
secret_key = os.getenv('SECRET_KEY')
client = AccessGrid(account_id, secret_key)
# SDK generates a P-256 keypair locally, submits the public key, and
# decrypts the server's response. The private key never leaves the host.
result = client.console.reveal_template_private_key(
card_template_id="0xd3adb00b5"
)
print(f"Key version: {result.key_version}")
print(f"Collector ID: {result.collector_id}")
print(f"Fingerprint: {result.fingerprint}")
print(result.private_key) # PEM — store in your reader/collector key vault
package main
import (
"context"
"fmt"
"os"
"github.com/Access-Grid/accessgrid-go"
)
func main() {
accountID := os.Getenv("ACCOUNT_ID")
secretKey := os.Getenv("SECRET_KEY")
client, err := accessgrid.NewClient(accountID, secretKey)
if err != nil {
fmt.Printf("Error creating client: %v\n", err)
return
}
// SDK generates a P-256 keypair locally, submits the public key, and
// decrypts the server's response. The private key never leaves the host.
ctx := context.Background()
result, err := client.Console.RevealTemplatePrivateKey(ctx, "0xd3adb00b5")
if err != nil {
fmt.Printf("Error revealing template private key: %v\n", err)
return
}
fmt.Printf("Key version: %d\n", result.KeyVersion)
fmt.Printf("Collector ID: %d\n", result.CollectorID)
fmt.Printf("Fingerprint: %s\n", result.Fingerprint)
fmt.Println(result.PrivateKey) // PEM — store in your reader/collector key vault
}
using AccessGrid;
public async Task RevealTemplatePrivateKeyAsync()
{
var accountId = Environment.GetEnvironmentVariable("ACCOUNT_ID");
var secretKey = Environment.GetEnvironmentVariable("SECRET_KEY");
var client = new AccessGridClient(accountId, secretKey);
// SDK generates a P-256 keypair locally, submits the public key, and
// decrypts the server's response. The private key never leaves the host.
var result = await client.Console.RevealTemplatePrivateKeyAsync("0xd3adb00b5");
Console.WriteLine($"Key version: {result.KeyVersion}");
Console.WriteLine($"Collector ID: {result.CollectorId}");
Console.WriteLine($"Fingerprint: {result.Fingerprint}");
Console.WriteLine(result.PrivateKey); // PEM — store in your reader/collector key vault
}
import com.organization.accessgrid.AccessGridClient;
import com.organization.accessgrid.model.RevealTemplatePrivateKeyResult;
public class ConsoleService {
private final AccessGridClient client;
public ConsoleService() {
String accountId = System.getenv("ACCOUNT_ID");
String secretKey = System.getenv("SECRET_KEY");
this.client = new AccessGridClient(accountId, secretKey);
}
public RevealTemplatePrivateKeyResult revealKey() throws AccessGridException {
// SDK generates a P-256 keypair locally, submits the public key, and
// decrypts the server's response. The private key never leaves the host.
RevealTemplatePrivateKeyResult result =
client.console().revealTemplatePrivateKey("0xd3adb00b5");
System.out.printf("Key version: %d%n", result.getKeyVersion());
System.out.printf("Collector ID: %d%n", result.getCollectorId());
System.out.printf("Fingerprint: %s%n", result.getFingerprint());
System.out.println(result.getPrivateKey()); // PEM — store in your reader/collector key vault
return result;
}
}
<?php
require 'vendor/autoload.php';
use AccessGridClient;
$accountId = $_ENV['ACCOUNT_ID'];
$secretKey = $_ENV['SECRET_KEY'];
$client = new Client($accountId, $secretKey);
// SDK generates a P-256 keypair locally, submits the public key, and
// decrypts the server's response. The private key never leaves the host.
$result = $client->console->revealTemplatePrivateKey('0xd3adb00b5');
echo "Key version: {$result->keyVersion}\n";
echo "Collector ID: {$result->collectorId}\n";
echo "Fingerprint: {$result->fingerprint}\n";
echo $result->privateKey; // PEM — store in your reader/collector key vault
Response
{
"key_version": 42,
"collector_id": 12345678,
"fingerprint": "a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8e9f0a1b2",
"encrypted_private_key": {
"alg": "ECDH-ES+A256GCM",
"ephemeral_public_key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE...\n-----END PUBLIC KEY-----\n",
"iv": "gK7B5Jh1dQwHn2Qp",
"ciphertext": "xS9hQ0aV0...base64...0r2k=",
"tag": "4K7x3p9VYpAqY1Zc9C2nLw=="
}
}