On Demand Keys - Dynamic Access with NFC Stickers
On Demand Keys is a solution to allow a third party to decide if a user should have access to a door or not.
When a logged-in user scans a NFC sticker outside a door, the Unloc app will query a remote API to determine whether the user should have access to the lock at that moment. This enables real-time, dynamic access control without the need for pre-assigned keys.
Why On Demand Keys?
Organizations often plan daily tasks or visits, but assignments can change rapidly due to unforeseen events. In a static system, this would leave personnel with outdated access permissions, requiring manual intervention. A dynamic approach solves this by:
- Allowing real-time access authorization based on up-to-date task assignments.
- Reducing administrative overhead related to key management.
- Ensuring compatibility with AI-driven dynamic route planning.
- Adapting to shared phone usage, where personnel log in via a central authentication system at the start of their shift.
It also makes it simpler to get an integration with Unloc up and running. All you need to do is implement a simple API endpoint.
How It Works
- User scans NFC sticker → Redirected to the Unloc app.
- App checks for an existing key
- If found, the user proceeds as usual. Done.
- If no key exists, the app requests dynamic access
- Unloc platform queries the external system's API:
- The request is sent to a pre-configured URL (with authentication as needed).
- The request contains lockId and phone number.
- The external system evaluates access rights:
- Checks if the user has an active task linked to a location containing the lock ID.
- If valid, responds with true.
- Unloc platform grants temporary access:
- A temporary key (e.g., 30 minutes) is created.
- Key is downloaded to the phone → The user can now unlock the door.
How to implement?
In order to use On Demand Keys you need to build an API endpoint in your system, and enable the configuration in your Unloc Project.
API definition
The API endpoint should be a GET request that accepts the following query parameters:
| Params | Explanation |
|---|---|
| lockId | The id of the lock in Unloc |
| appUserId | The phone number of the user, in E.164 format |
The response should be a JSON object with the follow properties:
| Property | Type | Explanation |
|---|---|---|
| lockId | string | The id of the lock the user want to get a key for. |
| appUserId | string | The id of user that requested a key. |
| hasAccess | boolean | Determines if the user should be allowed in or not. |
| keyData | object (optional) | Properties of the key, explained in detail in the text table. |
This is the accepted key data:
| Propert | Type | Explanation |
|---|---|---|
| start | date-time (optional) | When the key should start. Usually left empty. ISO 8601 formatted date (as defined by RFC 3339, section 5.6), example: 2025-02-01T00:00:00.000Z |
| end | date-time (optional) | When the key should end. ISO 8601 formatted date (as defined by RFC 3339, section 5.6), example: 2025-02-01T00:00:00.000Z |
| duration | number (optional) | How long the key should be valid, in seconds. This is an alternative to using start/end and it's what we recommend using. |
Example request
GET /check-access
GET /check-access?lockId=abc123&appUserId=+4712345678 HTTP/1.1
Host: api.example.com
Accept: application/json
Example Response (User has access)
{
"lockId": "abc123",
"appUserId": "+4712345678",
"hasAccess": true,
"keyData": {
"duration": 1800
}
}
Example Response (User does not have access)
{
"lockId": "abc123",
"appUserId": "+4712345678",
"hasAccess": false
}
Authorization
We currently support authorization through API headers. You can specific a API Header and key, that the Unloc Platform will send on each request.
In the future we will support OAuth2 authorization with client credentials as well. Ask us about it.
How to get started?
If you want to build a product with On Demand Keys, you need to contact us directly.
Contact sales at https://unloc.app/contact
Updated 22 days ago