External Card Repository

Overview

An External Card Repository (ECR) refers to a storage or database system that stores and manages a collection of cards or card-like entities. External Card Repository can be accessed by API from SAFEQ Cloud and is used to allow authentication using Card number without assigning the card number manually in SAFEQ Cloud Web UI or using Card enrollment at the MFD.

ECR works as follows:

Technical details

If the ECR is set up in SAFEQ Cloud Web UI and allowed in at least one client provider, SAFEQ Cloud calls the External Card Repository URL as POST request with cardno parameter.

Example of ECR request:

curl -L 'https://external.card.repo:5000/cardinfo' -F 'cardno="1234567890123456"'

The content of the response should be in application/json format and should contain:

• userName: String Username usually in form of an email address. It must be unique for each user. The field is mandatory.
• [optional] fullName: String
• [optional] email: String
• [optional] department: String
• [optional] expiration: Int Time in milliseconds, after which the user must log in again.
• [optional] externalId: When integrating with Auth0, this field is mandatory. For other providers, this field is not used.
• [optional] groups: list[Group] List of groups the user is a member of. The user will have access rights according to these groups.

Group:

• dn: String The distinguished name of the group.

The user in the SAFEQ Cloud database will be updated with all the provided fields. If an optional field is missing, it will not be updated.

Example response:

{
    "userName": "johndoe@domain.com",
    "fullName": "John Doe",
    "email": "johndoe@domain.com",
    "deparment": "Deparment",
    "expiration": "2592000",
    "externalId": "auth0|0123456789ABCDEF0123456"
    "groups": [
        {
            "dn": "CN=Group1"
        },
        {
            "dn": "CN=Group2"
        }
    ]
}