Remove access rights
The term role assignment in the Kisi API is equivalent with the term access right in the Kisi web UI.
Some use cases (e.g. to delete or update access rights) require that you fetch the role assignment id
first.
- Follow this guide to fetch the user id
- Send a
GET
request to the Fetch role assignments endpoint and filter byuser_id
Example
curl --request GET \
--url 'https://api.kisi.io/role_assignments?user_id=<user_id>' \
--header 'Authorization: KISI-LOGIN <API_KEY>' \
--header 'Content-Type: application/json'
Response
If your request was successful, you should get back a 200 OK
response.
- If the user doesn't have any role assignments, the response will be an empty list.
- Otherwise, you'll receive a list of the role assignments they have in Kisi:
[
{
"id": 0,
"user_id": 0,
"role_id": "string"
},
{
"id": 0,
"user_id": 0,
"role_id": "string"
}
]
Keep this id
safe, since you'll need this role assignment id in the coming steps.
Remove access rights
Depending on a user's status at your organization, you can either:
- Delete access rights - if for any reason, a user no longer needs a specific access right to the organization, place or group, you will want to remove this specific access right
- Temporarily disable physical access - e.g. if a user takes an extended period away from work, you will want to temporarily disable physical access for them in the entire organization. In this case, the user won't be able to unlock any Kisi-enabled doors until their rights are enabled again.
- Delete a user profile - e.g. if a user leaves your organization, you will want to remove their profile entirely.
Delete access rights
- Fetch the role assignment id by following this guide
- Send a
DELETE
request to the Delete role assignment endpoint and replace{id}
with the role assignment id
Example
curl --request DELETE \
--url https://api.kisi.io/role_assignments/<role_assignment_id> \
--header 'Authorization: KISI-LOGIN <API_KEY>' \
--header 'Content-Type: application/json'
Response
If the request was successful, you'll receive a 204 No Content
response.
Temporarily disable physical access
-
Identify the member id by navigating to the URL of the member's profile page in the web UI. For example, the member id is
32413379
forhttps://web.kisi.io/organization/3289/members/32413379
-
Send a
PATCH
request to the Update member endpoint
Depending on the user's authentication type, you have two options: disable physical access for a user that has email and password authentication, or for a user managed by SCIM. Find the required parameters on the tabs below.
- Users with password authentication
- Users managed by SCIM
To disable physical access for a user with password flow enabled, set access_enabled
to false
, as shown below:
curl --request PATCH \
--url https://api.kisi.io/members/<member_id> \
--header 'Authorization: KISI-LOGIN <API_KEY>' \
--header 'Content-Type: application/json' \
--data '{
"member": {
"access_enabled": false
}
}'
To disable physical access for a user managed by SCIM, set both access_enabled
and scim_access_enabled
to false
, as shown below:
curl --request PATCH \
--url https://api.kisi.io/members/<member_id> \
--header 'Authorization: KISI-LOGIN <API_KEY>' \
--header 'Content-Type: application/json' \
--data '{
"member": {
"access_enabled": false,
"scim_access_enabled": false
}
}'
To re-enable physical access, set the above parameters to true
.
Response
In all cases, if the request was successful, you'll receive a 204 No Content
response.
Delete a user profile
If a user leaves your organization, you will want to remove their profile entirely.