Skip to main content
Version: Latest (4.0.0)

NFC Access

NFC (nfc) is one of the access methods supported by Access Pass alongside qrcode and pat. It follows the same template → pass → introspection model as QR code ticketing, but the credential is presented by tapping an NFC-enabled card, wristband, or device instead of scanning a code.

info

This page mirrors the verified QR code flow with method: "nfc" in place of method: "qrcode". How the issued token is provisioned onto physical NFC hardware (card encoding, wallet pass, wearable) is an integration detail outside accesspass-srv itself — confirm the exact provisioning approach with your NFC hardware/wallet provider before relying on this page for a production rollout.

How it works

Step 1: Register target resources

Before creating an NFC template, register the resource(s) it should grant access to — see Physical access control for the resource and resource group setup. Resources are registered in the Access Control service, not via accesspass-srv.

Step 2: Create a pass layout (optional)

A layout is only needed if the pass is also displayed visually to the user (for example in a mobile wallet alongside the NFC credential). For tap-only tokens with no visual representation, this step can be skipped. See Create a pass layout if you do need one.

Step 3: Create an NFC-enabled pass template

POST /accesspass-srv/templates
{
"name": "venue-nfc-template",
"description": "NFC entry template for venue access",
"methods": ["nfc"],
"maxValidity": { "value": 12, "unit": "hours" },
"systemConstraint": { "scopes": ["entry:scan"] },
"targetResourceRef": {
"resourceIds": ["device-venue-gate-n1"],
"resourceGroupIds": ["group:venue:north-gates"]
}
}

See Create pass template. methods: ["nfc"] restricts this template to issuing NFC tokens, and maxValidity caps how long any pass created from it can remain valid.

Step 4: Issue the pass and provision the token

POST /accesspass-srv/passes
{
"passUserHolder": { "sub": "sub-fan-120045", "givenName": "Aarav", "familyName": "Sharma" },
"passUser": { "sub": "sub-fan-120045", "givenName": "Aarav", "familyName": "Sharma" },
"pass": {
"title": "Venue Entry - North Gate",
"passId": "NFCPASS-0001",
"productId": "venue-entry",
"productName": "Venue Entry",
"productInstanceId": "venue-2026-03-20",
"passTemplateId": "venue-nfc-template",
"method": "nfc",
"validFrom": "2026-03-20T12:00:00Z",
"validTo": "2026-03-20T23:00:00Z",
"targetResourceRef": { "resourceIds": ["device-venue-gate-n1"] }
}
}

The response contains the token to provision onto the NFC medium:

{
"success": true,
"data": {
"passId": "NFCPASS-0001",
"token": "<nfc-token-value>"
}
}

See Create a new pass. Writing the token to a physical NFC tag, wristband, or a mobile wallet's NFC credential is handled by your own provisioning workflow/hardware SDK — accesspass-srv only issues and validates the token, it does not write to NFC hardware directly.

Step 5: Introspect the NFC token at the checkpoint

POST /accesspass-srv/passes/nfc/introspect
{
"token": "<nfc-token-value>",
"access_method": "nfc",
"strictValidation": true,
"targetResourceRef": { "resourceIds": ["device-venue-gate-n1"] }
}

See Introspect (validate) a pass. As with QR code and PAT, always include the targetResourceRef of the actual reader/gate, and treat the introspection result as the authoritative entry decision.

Endpoints used in this guide. For the full API surface, see the Access Pass API reference.

OperationMethodPathDescriptionLink
Create pass layoutPOST/accesspass-srv/layoutsOptional visual layout for wallet display.View API
Create pass templatePOST/accesspass-srv/templatesNFC-enabled template with methods: ["nfc"].View API
Create passPOST/accesspass-srv/passesIssues the pass and returns the NFC token.View API
Introspect passPOST/accesspass-srv/passes/nfc/introspectValidates the token at the reader.View API

Checklist

  • Use method: "nfc" on the template and pass.
  • A pass layout is optional for NFC — only needed if the credential also needs a visual representation.
  • Confirm your NFC hardware/wallet provisioning workflow separately; accesspass-srv issues and validates the token but does not write to NFC media itself.
  • Introspect with the actual reader/gate's targetResourceRef, not just the token.