Setup guide – RCO (Admin and User API)

Background:
Because there are many components in motion, we've compiled a list outlining requirements, clarifications, and areas of responsibility to ensure the seamless integration between Inlet and the lock system.

Read more about the security principals for Inlet and the connections to locks here.

Also see Choosing the Right License for RCO M5

Practical and Technical Requirements:

1. Locksmith/installer/customer mounts the RCO devices.
2. The IT provider supplies the server where RCO software can be installed and secures the server with a firewall and access control.
3. The installer does the following in advance:
   • Installs the M5 server, SQL, AdminAPI, UserAPI, and IIS Webserver on the server, ensures the correct licenses are installed, and programs all the door environments.
   • Program the following under settings:
     
   • Create an API operator:
     
     
     • Ensure that this operator is a member of the operator group "SystemAdmin", or create a separate group with the desired access rights.
       
       
   • Create an Access Profile:
     
   • Assign the readers that should be controlled.
     
     
     
   • Select all days, always.
     
   • Create a user:
     
     
     
   • Assign a card to the API user.
     
     
     
   • Ensure that doors to be remotely controlled have "Control from integrations" enabled.
     
     
     
4. The IT provider and locksmith together ensure that the following URLs work:
   • https://PUBLICURL/M5UserAPI/api/version
   • https://PUBLICURL/M5AdminAPI/api/version
   • Both these should display the version number.
5. The IT provider ensures whitelisting of IP addresses and sets up port forwarding from the external port to the internal port to the server so that we can access the API. See the bottom of this article for IP addresses and ports.
6. Inlet must be provided the following to email: support@inlet.tech:
   • Customer Name
   • Information on what locks and lock groups Inlet should set up.
   • Username and password for the API operator and API user
   • Server ID
   • System name
   • Admin API username and password
   • Admin API key
   • Public URL, or static IP address to the server with port number
7. Inlet retrieves the IDs of the locks to configure Inlet with the locking system.
8. Inlet will inform the top system/booking system that they can test.
9. Inlet requires at least 2 weeks of testing with the top system/booking system after the installer has completed points 1-6.

IP addresses that need to be whitelisted:
Required: 52.164.185.179 and 79.160.124.141

Ports that need to be mapped:
External TCP port 443 to internal TCP port 443 on the Server.