This SDK is for all Kisi partners and customers who want to integrate seamless access control into their mobile app. Using the SDK, they can provide Kisi-powered mobile credentials for their end users, such as:
Make sure you regularly update the SDK. Versions earlier than 0.6 don’t support offline cache and BLE beacon scanners. This means, you won't be able to use these features unless you update the SDK.
For the list of changes, please see the release change log. Get further help under the following links:
If you don’t have one yet, create a Kisi account and sign in. Make sure you have organization administrator rights, since this will be needed in the following steps.
Next, create an admin login to obtain an API key. This will allow you to make requests to the Kisi API without having to enter your user credentials each time.
Tap to unlock allows users to unlock doors by tapping their iOS mobile device against the Kisi Reader, without having to actively use your app. The communication is based on NFC technology, transmitting the information to the controller and the cloud. Communication with the controller can also be through a local network. If the local network is offline, the phone will request offline credentials from the cloud. In this case, the reader will talk to the controller without any intermediaries. (Note: We only support offline cache on versions later than 0.6).
Since your users won’t be able to log in to Kisi themselves, your app will need to do this automatically, on their behalf. To achieve this, you need to add a Kisi API call to your sign-in flow, as shown in our API guide.
You need to store this login object in your app's local cache and provide it to our SDK as a part of its initialization code. This login can then be used subsequently to make requests to the Kisi API on behalf of the user.
Note: If you intend to support multiple organization accounts for the same user, you will need to create a separate login for each of these accounts. It is not possible to fetch all organization accounts associated with a specific email address due to security reasons. Therefore, you must store the list of their organization IDs yourself.
Depending on which feature set you want to support, you need to request the appropriate permissions from the user. Please refer to the table below to determine the required permission for each feature.
| Bluetooth | Location | |
|---|---|---|
| Tap To Access | yes | yes* |
| Reader Restriction | no | yes |
*not strictly necessary but will improve the performance of tap to unlock (i.e. allowing for faster unlocks).
Info.plist:<key>NSBluetoothAlwaysUsageDescription</key>
<string>Some string explaining to your users why you need bluetooth permission.</string>
<key>UIBackgroundModes</key>
<array>
<string>bluetooth-peripheral</string>
</array>
CBCentralManager instance:CBCentralManager(delegate: self, queue: .main, options: nil)
We don't use the device's GPS coordinates. But we are using iBeacon which Apple has put under the Core Location framework despite being BLE.
Info.plist:<key>NSLocationAlwaysAndWhenInUseUsageDescription</key>
<string>Unlocking by tapping your phone against a Kisi reader will work better with always permission. Kisi doesn't store or share your location data.</string>
let locationManager = CLLocationManager()
locationManager.delegate = self
locationManager.requestAlwaysAuthorization()
SecureAccess packageimport SecureAccess
In didFinishLaunchingWithOptions start the secure unlock manager and set the delegate
TapToAccessManager.shared.start()
TapToAccessManager.shared.delegate = self
If you have opted for Location permission: Always, you can also monitor for Kisi readers to ensure that the app is running and ready to unlock when holding it up to a reader. When the app launches (didFinishLaunchingWithOptions) start monitoring:
ReaderManager.shared.startMonitoring()
Implement the SecureUnlockDelegate protocol
extension MyClass: TapToAccessDelegate {
func tapToAccessSuccess(online: Bool, duration: TimeInterval) {
// Callback when unlock succeeds.
// Online parameter indicates if it was an online or offline unlock.
// Duration parameter tells how long the unlock took
}
func tapToAccessFailure(error: TapToAccessError, duration: TimeInterval) {
// Unlock failed
// Note that if needsDeviceOwnerVerification you should prompt the user to unlock the phone or set up a passcode.
// Duration parameter tells how long the unlock took
}
func tapToAccessClientID() -> Int {
// Request your client id on [email protected] and return it here
}
func tapToAccessLoginForOrganization(_ organization: Int?) -> Login? {
// Return a Login object for the given organization.
// See https://api.kisi.io/docs#/operations/createLogin on how to create logins
}
}
The Kisi Reader restriction feature ensures that users may only unlock when standing in front of a door. This SDK will allow you to fetch the necessary reader proof used to verify that you are standing at the door. Read more on our documentation page
Note: If you have implemented the Tap to Unlock scenario discussed above, you can skip the bullets below and jump directly to 9.1. If not, please follow the steps below.
didFinishLaunchingWithOptions) start monitoringReaderManager.shared.startMonitoring()
applicationWillEnterForeground.ReaderManager.shared.startRanging()
applicationDidEnterBackground.ReaderManager.shared.stopRanging()
let readerProof = BeaconManager.shared.proximityProofForLock(lock.id)
The ReaderManager will post notifications when entering/leaving a nearby reader that you can listen for.
NotificationCenter.default.addObserver(self, selector: #selector(didEnterNotification), name: .ReaderManagerDidEnterNotification, object: nil)
NotificationCenter.default.addObserver(self, selector: #selector(didExitNotification), name: .ReaderManagerDidExitNotification, object: nil)
You can enable logging from the SDK.
Note: this will return access tokens/keys/certificates in clear text. So while useful during development/debugging, it should be used with care in a production app.
SecureAccessLogger.info = { message, file, function in
// Pass the info on to whichever logging backend you prefer. NSLog, print, etc
}
SecureAccessLogger.error = { message, file, function in
// Pass the info on to whichever logging backend you prefer. NSLog, print, etc
}
If Apple Pay is enabled on the device, it will be triggered when you hold it up against the Kisi Reader. Currently, you can only suppress it when the app is in the foreground but not when it is in the background.
Locating the procedure for requesting these entitlements in the documentation may be challenging. Therefore, we are including the information here; however, it is essential to acknowledge that Apple's process for requesting these entitlements may have changed since the composition of this document.
To request the special entitlement email [email protected]. Be sure to include information about your company and describe the use case requiring suppression of the Apple Pay dialog
When the app enters the foreground, call requestAutomaticPassPresentationSuppression
If you have implemented the Tap To Unlock SDK in your application, make sure to remove the Kisi app. Otherwise, the determination of which application will be prompted to manage BLE requests remains unspecified.
Within this repository, you'll find a sample application that demonstrates the process of signing in and unlocking using both the tap-to-unlock feature and in-app functionality with reader proof.
| link |
| Stars: 4 |
| Last commit: 6 weeks ago |
Swiftpack is being maintained by Petr Pavlik | @ptrpavlik | @swiftpackco | API | Analytics