Alert EnterpriseWiki

API reference

Key endpoints, auth patterns, rate limits, and known limitations for each credential provider API. Derived from HID Origo API docs, Wavelynx v1.0.12, and LEGIC Connect documentation. Click endpoints marked ▼ for integration notes.

HID Origo v3.xWavelynx v1.0.12LEGIC Connect

HID Origo

v3.x (Pass) · v2.2 (SCIM legacy)

https://origo.hidglobal.com
Developer portal ↗
Authentication — OAuth 2.0 Client Credentials

Bearer tokens obtained via client_credentials grant. Rate-limited to 50 requests / 5 minutes per organizationId. Tokens are cached within TTL — never request a new token per API call. HID returns HTTP 403 (not 429) on rate-limit exceeded.

Rate limit: 50 requests / 5 minutesper organizationId (auth endpoint)

Returns HTTP 403 on limit exceeded — not 429. Parse error body to distinguish from auth 403.

Authentication (v3.x)
Mobile Identities (v3.x Pass)
User Management (v2.2 SCIM — legacy)
Events & Callbacks

Webhooks

CloudEvents v1.0 via HTTPS POST. Delivers lifecycle events (issued, suspended, revoked). No retry on failure — events are lost if endpoint is unreachable.

Known limitations

  • HTTP 403 returned on rate-limit, not 429 — standard retry logic misidentifies as auth failure.
  • CloudEvents have no retry or replay — polling fallback required.
  • v2.2 SCIM and v3.x Pass use separate identity spaces — do not mix in the same flow.
  • All four onboarding artifacts (Instance, Service Account, MOB Key, App-ID) must be active before issuance.
Verifying access
Desktop only

The AE Mobile Wiki needs a bigger screen.

The diagrams, comparisons, and animated flows aren't built for phones. Open this link on your laptop or desktop browser and you'll see the full reference.

wiki.alertenterprise.app

Same Google sign-in as the AE App Hub — you'll be in once you open it on a larger screen.