Skip to main content


The share is what allows access to Kisi. The action of sharing access means adding the user to a group. To share access, admins must add users as members of a group. The share will follow the access permissions set up for the group.

When the admin creates a share and the member doesn't exist, it is created automatically, only with the email, name, and the rest of the default settings. To update these members, a patch request has to be sent additionally.

Users can be created without adding them to any group, but they won't have access to anything in the system.

Multiple shares#

Any user is allowed to have multiple shares assigned. The user will have the combined access rights from the different shares as well as not being restricted by any restrictions such as geofence, reader, or primary device as long as this restriction is not set in all groups. See below for an example.

The user John has three shares on his account.

1. Office door and Back door
2. Main door with a Primary Device Restriction
3. Storage B Door

In this case, this user will have access to all the doors within these shares and not be restricted by the Primary Device Restriction as this one is only set on one of the shares.

Adding and deleting shares#

Shares can be added or deleted at any time by an admin. It is also possible to update the settings of a share to change the settings such as whether to enable or disable App Access, Card Access, and Link Access as well as what kind of permissions the share should have. Another feature is to make a share time-limited which could be beneficial for cleaners, consultants, or other types of users who would only need to have access during a limited time frame.

You can create shares through the Kisi API. First, you need to create a group, and then with the obtained group_id you can create the share:

curl '' \
-H 'Accept: application/json' \
-H 'Authorization: KISI-LOGIN {authentication_token}' \
-H 'Content-Type: application/json' \
--data-raw '{"email":"","card_enabled":true,"login_enabled":true,"link_enabled":false,"group_id":25305}'

The share can be temporary, you can set up a period of time within the share will be valid, adding start and end of validity dates. You can do it through the API when creating the share, adding the attributes valid_from and valid_until:

curl '' \
-H 'Accept: application/json' \
-H 'Authorization: KISI-LOGIN authentication_token' \
-H 'Content-Type: application/json' \
--data-raw '{"email":"","valid_from": "2021-08-24T14:15:22Z","valid_until": "2021-08-24T14:15:22Z", "card_enabled":true,"login_enabled":true,"link_enabled":false,"group_id":25305}'

When sharing access this way, an email will be sent to the user. If you want to avoid it, you need to use our white labeling solution. Check out our white labeling guide on how to use it.

Check the remove access quick guide for more about deleting shares.

If you need more Share endpoints, check out the Shares API reference.