Home / Products / APIs / Biometric Gateway Web API
API

Biometric Gateway Web API

The Biometric Gateway Web API (also known as the Universal Biometric Web API 3.0) turns any supported fingerprint, face, palm, vein, iris, retina, card, or password device into a cloud-connected endpoint your application can talk to from anywhere in the world. Receive real-time punches the instant they happen and manage users on the device remotely, all over a simple REST plus Callback contract.

Get started Developer docs

Overview

Connect any internet-enabled biometric attendance or access-control device directly to your web application over HTTP — no local software, PC, or database required.

Cams' flagship Web API enables machine-to-server communication between remotely installed biometric devices and your server application. A device connects to the internet, attendance is pushed to your Callback (webhook) URL in real time, and your server drives device operations such as add or delete user, push templates, push photos, and load punch logs through RESTful calls. There is no need to install desktop software, run a local database, or keep a PC on the LAN. The API is database-agnostic and works with any backend language.

APIRESTCallback/Webhook (HTTP POST)MQTT (EMQX persistent-connection path)PHPPythonJavaNode.js
Callback (webhook) — real-time punch
# Your Callback URL receives every punch in real time
POST https://yourapp.com/cams/callback
{
  "DeviceSN": "SN7A2300583",
  "EmployeeCode": "1042",
  "AttendanceLog": "2026-06-21 09:02:14",
  "Type": "face",
  "Direction": "CheckIn"
}

Capabilities

What it does

Real-Time Attendance

Punches are pushed to your Callback URL the moment they are recorded on the device.

Remote User Management

Add, delete, block, and move users and push templates or photos to devices from your server via RESTful calls.

Multi-Modal Capture

One contract handles fingerprint, face, palm, vein, iris, retina, card, and password inputs.

Offline Resilience

Offline punches are buffered on the device and replayed in order once connectivity is restored.

Encrypted Transport

AES-256 raw-data encryption can be enabled per device for secure data exchange.

Features

Everything included

  • Callback (webhook) API delivers real-time attendance punches from device to your server with no polling latency
  • RESTful API for server-to-device operations: Add User, Add User with Templates, Add User Photo, Delete User, Delete All Users, Load Punchlog and more (38 operations)
  • Captures multiple input types per punch: Fingerprint, Face, Card, Palm, Finger Vein, Iris, Retina, Password, plus Body Temperature and Face Mask flags where hardware supports it
  • Punch types include CheckIn, CheckOut, BreakIn, BreakOut, OverTimeIn, OverTimeOut, MealIn, MealOut
  • Handles offline punches: queued data is transmitted in sequence when the device reconnects
  • Optional AES-256 encryption of all raw data exchanged, keyed by a security key set in the API Monitor
  • LoadLog API lets non-server and LAN-only applications pull up to 30 days of attendance history on demand
  • Documented status codes for robust error handling, with per-device AuthToken and OperationID tracing for support and reconciliation

Build with Biometric Gateway Web API

Grab a key, read the docs, and ship. Our team helps with your first integration.

Talk to an engineer WhatsApp

FAQ

Common questions

Do I need to install any software on my local network to use the Web API?

No. Communication happens over HTTP between the device and your server. As long as the device is connected to the internet, you can receive attendance and manage users without any local software, database, or PC.

Which biometric inputs does the Web API support?

Fingerprint, Face, Card, Palm, Finger Vein, Iris, Retina, and Password, plus Body Temperature and Face Mask data where the hardware provides it.

What is the difference between the Callback API and the RESTful API?

The Callback API is real-time device-to-server communication via a URL you expose on your server (no latency). The RESTful API is server-to-device communication you call on Cams' endpoint to manage the device, with latency up to about 15 seconds.

Can I use the API if my server has no public IP?

Yes. Use the LoadLog API to pull attendance logs for a given timeframe on demand, as long as the device is connected to the internet.

Related

Explore more of the platform

SERVICE

Hybrid Push

The universal integration layer that delivers real-time attendance from ANY biometric device — verified or not — to any application or ERP in under 500 ms.

ExploreAPI

JavaScript Fingerprint Scanner API

Read and capture fingerprints from a USB scanner directly inside any website using a few lines of JavaScript — across all major browsers and Windows versions.

ExploreAPI

REST Management API

A versioned REST API (V1/V2/V3) for managing the full device and user lifecycle — provisioning, commands, templates, photos, access times, and attendance logs.

Explore
Browse all products