How Alert Enterprise's two production credential providers actually differ — topology, authentication, webhook architecture, lifecycle semantics, operational pressure. Hover any row to see the implication for AE.
| Dimension |  WavelynxAE manages issuance directly with the wallet platforms |  HIDHID Origo issues; AE orchestrates via the HID Origo API |
|---|---|---|
| Topology | ||
AE → Apple Wallet path Does AE talk to Apple directly? Implication · When Apple changes a UAP behavior, AE adapts immediately on Wavelynx flows. On HID flows, AE waits for HID Origo to ship the change. | Direct | Via HID Origo Integration Service |
AE → Google Wallet path Implication · Both vendors mediate Google. The mediator differs: NXP for Wavelynx, HID itself for HID. | Via NXP MIFARE2GO | Via HID Origo Integration Service |
Lifecycle authority Who owns credential state-of-truth? Implication · If Guardian goes down, Wavelynx-issued lifecycle is paused but recoverable on AE's schedule. HID lifecycle stays available because HID owns it. | AE NFC Cloud (Guardian) | HID Origo |
Status events from Implication · Wavelynx flows: AE NFC Cloud emits status events directly. HID flows: HID emits to AE NFC Cloud, AE re-emits downstream. | AE NFC Cloud | HID Origo (CloudEvents) |
| Authentication | ||
Partner-side authentication | ECC P-256 signature → bearer JWT | OAuth 2.0 client_credentials + optional PKI cert |
Token lifetime | Not publicly specified | 3,600s · 5-min idle timeout |
Required custom headers Implication · AE has a TPS-certified Application-ID covering its mobile-credential integrations. New partners would need their own HID TPS certification to consume HID Origo directly. | x-api-key (webhooks only) | Application-ID + Application-Version |
| Webhook architecture | ||
Spec | Custom JSON envelope | CloudEvents (CNCF) |
Delivery shape Implication · AE's HID Connector parses CloudEvents arrays; AE's Wavelynx Connector parses single envelopes. Different unmarshalling paths. | One event per POST | Batched — multiple events per POST |
Failure handling Implication · AE's HID Connector needs a poll-recovery loop (resilience tax). AE's Wavelynx Connector can rely on push-with-retry semantics. | Retry on 5xx / timeout | Persist to Event Management API · partner polls |
Subscription model | Static URL + key per partner | Filter-based |
| Lifecycle | ||
API generations Implication · HID integration carries dual-vocabulary tax. Wavelynx integration is a single API generation. | 1 (Wallet API v1.0.x) | 2 — v2.2 SCIM-based · v3.x Pass-based |
Update mechanism | New issuance with new pass-id | PPPU — PATCH /passes/{passId} |
Soft-delete vs hard-revoke | Soft-delete (status DELETED) | CANCELLED (v3) / REVOKED (v2.2) |
| Wallet platforms | ||
Apple Wallet | Supported | Supported |
Google Wallet | Supported (via NXP MIFARE2GO) | Supported |
Samsung Wallet Implication · Most AE customers running Samsung devices use Google Corporate Badge as an installable app instead. | Not supported | Not supported |
| Operational pressure | ||
Rate-limit response code Implication · AE's HID Connector treats 403 ambiguously: auth failure or rate-limit hit. Defensive parsing required. | Not publicly specified | HTTP 403 (not 429) |
Auth endpoint rate limit Implication · AE's HID Connector caches tokens with a request interceptor that refreshes only on expiry — not optional. | Not specified | 50 req / 5 min — per organizationId |
Customer-side onboarding burden Implication · Sales should set expectations: HID deployments add a customer-side prerequisite workstream that Wavelynx deployments don't. | AE manages end-to-end | Customer onboards HID Origo |
Public audit / transaction log API | Not exposed | Not exposed |
The table above covers feature differences. For structural differences — where exactly do the two flows diverge — open a step-by-step diff:
Wavelynx and HID address different procurement realities. Customers already on HID Origo prefer to keep their credential platform; Wavelynx is the better fit for greenfield deployments where AE manages the entire stack. The two paths exist because customer constraints, not technical preference, dictate the integration shape.
LEGIC (third active provider — no primary source yet), Samsung Wallet (referenced but no flow content from any vendor), reader-side ecosystems (HID, Wavelynx, Allegion, Schlage on the door side), and pricing. Pricing is in the Quote Tool; reader-side detail is owned by the AE hardware team.
The diagrams, comparisons, and animated flows aren't built for phones. Open this link on your laptop or desktop browser and you'll see the full reference.
Same Google sign-in as the AE App Hub — you'll be in once you open it on a larger screen.
