NFC Access
NFC (nfc) is one of the access methods supported by Access Pass alongside qrcode and pat. It follows the same template → pass → introspection model as QR code ticketing, but the credential is presented by tapping an NFC-enabled card, wristband, or device instead of scanning a code.
This page mirrors the verified QR code flow with method: "nfc" in place of method: "qrcode". How the issued token is provisioned onto physical NFC hardware (card encoding, wallet pass, wearable) is an integration detail outside accesspass-srv itself — confirm the exact provisioning approach with your NFC hardware/wallet provider before relying on this page for a production rollout.
How it works
Step 1: Register target resources
Before creating an NFC template, register the resource(s) it should grant access to — see Physical access control for the resource and resource group setup. Resources are registered in the Access Control service, not via accesspass-srv.
Step 2: Create a pass layout (optional)
A layout is only needed if the pass is also displayed visually to the user (for example in a mobile wallet alongside the NFC credential). For tap-only tokens with no visual representation, this step can be skipped. See Create a pass layout if you do need one.
Step 3: Create an NFC-enabled pass template
POST /accesspass-srv/templates
{
"name": "venue-nfc-template",
"description": "NFC entry template for venue access",
"methods": ["nfc"],
"maxValidity": { "value": 12, "unit": "hours" },
"systemConstraint": { "scopes": ["entry:scan"] },
"targetResourceRef": {
"resourceIds": ["device-venue-gate-n1"],
"resourceGroupIds": ["group:venue:north-gates"]
}
}
See Create pass template. methods: ["nfc"] restricts this template to issuing NFC tokens, and maxValidity caps how long any pass created from it can remain valid.
Step 4: Issue the pass and provision the token
POST /accesspass-srv/passes
{
"passUserHolder": { "sub": "sub-fan-120045", "givenName": "Aarav", "familyName": "Sharma" },
"passUser": { "sub": "sub-fan-120045", "givenName": "Aarav", "familyName": "Sharma" },
"pass": {
"title": "Venue Entry - North Gate",
"passId": "NFCPASS-0001",
"productId": "venue-entry",
"productName": "Venue Entry",
"productInstanceId": "venue-2026-03-20",
"passTemplateId": "venue-nfc-template",
"method": "nfc",
"validFrom": "2026-03-20T12:00:00Z",
"validTo": "2026-03-20T23:00:00Z",
"targetResourceRef": { "resourceIds": ["device-venue-gate-n1"] }
}
}
The response contains the token to provision onto the NFC medium:
{
"success": true,
"data": {
"passId": "NFCPASS-0001",
"token": "<nfc-token-value>"
}
}
See Create a new pass. Writing the token to a physical NFC tag, wristband, or a mobile wallet's NFC credential is handled by your own provisioning workflow/hardware SDK — accesspass-srv only issues and validates the token, it does not write to NFC hardware directly.
Step 5: Introspect the NFC token at the checkpoint
POST /accesspass-srv/passes/nfc/introspect
{
"token": "<nfc-token-value>",
"access_method": "nfc",
"strictValidation": true,
"targetResourceRef": { "resourceIds": ["device-venue-gate-n1"] }
}
See Introspect (validate) a pass. As with QR code and PAT, always include the targetResourceRef of the actual reader/gate, and treat the introspection result as the authoritative entry decision.
Related APIs
Endpoints used in this guide. For the full API surface, see the Access Pass API reference.
| Operation | Method | Path | Description | Link |
|---|---|---|---|---|
| Create pass layout | POST | /accesspass-srv/layouts | Optional visual layout for wallet display. | View API |
| Create pass template | POST | /accesspass-srv/templates | NFC-enabled template with methods: ["nfc"]. | View API |
| Create pass | POST | /accesspass-srv/passes | Issues the pass and returns the NFC token. | View API |
| Introspect pass | POST | /accesspass-srv/passes/nfc/introspect | Validates the token at the reader. | View API |
Checklist
- Use
method: "nfc"on the template and pass. - A pass layout is optional for NFC — only needed if the credential also needs a visual representation.
- Confirm your NFC hardware/wallet provisioning workflow separately;
accesspass-srvissues and validates the token but does not write to NFC media itself. - Introspect with the actual reader/gate's
targetResourceRef, not just the token.