Step-by-step procedures for onboarding, provisioning, credential lifecycle management, and troubleshooting. Each runbook includes prerequisites, numbered steps with verification checks, and notes on known failure modes.
Procedure for suspending a cardholder's mobile credential (e.g. lost phone, employee on leave) and resuming it when the reason clears. Covers platform differences: Apple (user or admin), Google (admin only).
Procedure for permanently revoking a mobile credential — e.g. offboarding, lost device with no recovery expectation, or security incident. Revocation is not reversible; a new credential must be issued if the cardholder returns.
Step-by-step procedure for provisioning the four required HID Origo artifacts before any mobile credentials can be issued: Origo Instance, Service Account, MOB Key, and Application-ID.
One-time project configuration steps required before LEGIC Google Wallet provisioning can begin. Covers card format selection, LEGIC project onboarding call, Mobile SDK integration, and canary validation.
Diagnose and resolve the case where a provisioning API call appears to succeed (2xx response, credential record created) but no credential appears in the cardholder's Apple Wallet or Google Wallet. Covers HID Origo MOB Key gaps, Wavelynx link expiry, LEGIC card format mismatches, and Apple WAP cert issues.
Diagnose the case where a credential has been suspended or revoked through the CP management API (status confirmed in console), but the cardholder can still tap and gain access at a physical reader. Covers offline reader sync delay, HID CloudEvents delivery failure, Wavelynx webhook failure, and LEGIC-specific propagation timing.
HID Origo returns HTTP 403 Forbidden — not 429 Too Many Requests — when the client has exceeded the rate limit. This is a deviation from standard REST conventions. This runbook covers confirming the cause, implementing the correct backoff strategy, and verifying recovery.
Step-by-step setup procedure for a new Wavelynx integration — from provisioning partner credentials through to a validated end-to-end canary test on both Apple and Google Wallet. Covers API keypairs, Apple WAP registration, NXP MIFARE2GO, webhook configuration, and canary validation.
8 of 8 runbooks shown
The diagrams, comparisons, and animated flows aren't built for phones. Open this link on your laptop or desktop browser and you'll see the full reference.
Same Google sign-in as the AE App Hub — you'll be in once you open it on a larger screen.
