Remove access rights
The term role assignment in the Kisi API is equivalent with the term access right in the Kisi web UI.
To delete or update access rights, you will need the user_id and the role assignment id.
Identify the user id
Send a GET request to the Fetch users endpoint, while using the query parameter to filter by email. See the example below.
curl --request GET \
--url 'https://api.kisi.io/users?query=user@example.com' \
--header 'Authorization: KISI-LOGIN <API_KEY>' \
--header 'Content-Type: application/json' \
Response
If your request was successful, you'll receive a 200 OK response containing the user object and, within it, the related user id.
{
"id": 0,
"email": "user@example.com"
"name": "string"
}
Copy the id value from within the user object, since you'll need this in the next step.
Identify the role assignment id
Send a GET request to the Fetch role assignments endpoint and filter by user_id.
Example
curl --request GET \
--url 'https://api.kisi.io/role_assignments?user_id=<user_id>' \
--header 'Authorization: KISI-LOGIN <API_KEY>' \
--header 'Content-Type: application/json'
Response
If your request was successful, you should get back a 200 OK response.
- If the user doesn't have any role assignments, the response will be an empty list.
- Otherwise, you'll receive a list of the role assignments they have in Kisi:
[
{
"id": 0,
"user_id": 0,
"role_id": "string"
},
{
"id": 0,
"user_id": 0,
"role_id": "string"
}
]
Keep this id safe, since you'll need this role assignment id in the coming steps.
Remove access rights
Depending on a user's status at your organization, you can either delete access rights, temporarily disable physical access, or delete a user profile.
Delete access rights
If for any reason, a user no longer needs a specific access right to the organization, place or group, you will want to remove this specific access right.
Send a DELETE request to the Delete role assignment endpoint and replace {id} with the role assignment id you obtained before
Example
curl --request DELETE \
--url https://api.kisi.io/role_assignments/<role_assignment_id> \
--header 'Authorization: KISI-LOGIN <API_KEY>' \
--header 'Content-Type: application/json'
Response
If the request was successful, you'll receive a 204 No Content response.
Temporarily disable physical access
If a user takes an extended period away from work, you will want to temporarily disable physical access for them in the entire organization. In this case, the user won't be able to unlock any Kisi-enabled doors until their rights are enabled again.
Send a PATCH request to the Update user endpoint. Depending on the user's authentication type, you have two options: disable physical access for a user that has email and password authentication, or for a user managed by SCIM. Find the required parameters on the tabs below.
- Users with password authentication
- Users managed by SCIM
To disable physical access for a user with password flow enabled, set access_enabled to false, as shown below:
curl --request PATCH \
--url https://api.kisi.io/users/<id> \
--header 'Authorization: KISI-LOGIN <API_KEY>' \
--header 'Content-Type: application/json' \
--data '{
"user": {
"access_enabled": false
}
}'
To disable physical access for a user managed by SCIM, set both access_enabled and scim_access_enabled to false, as shown below:
curl --request PATCH \
--url https://api.kisi.io/users/<id> \
--header 'Authorization: KISI-LOGIN <API_KEY>' \
--header 'Content-Type: application/json' \
--data '{
"user": {
"access_enabled": false,
"scim_access_enabled": false
}
}'
To re-enable physical access, set the above parameters to true.
Response
In all cases, if the request was successful, you'll receive a 204 No Content response.
Delete a user profile
If a user leaves your organization, you will want to remove their profile entirely.