{
  "title": "ENGAGE Mobile Credential Structure",
  "description": "Operational structure documentation for the ENGAGE Mobile Credential entity, including the integration boundary between an Access Control System (ACS), the Engage Cloud, and the Allegion BLE Mobile Access SDK on the user's device.",
  "entity": "MobileCredential",
  "primaryKey": "credentialId",
  "endpoints": {
    "list": "GET /credentials",
    "get": "GET /credentials/{credentialId}",
    "upload": "POST /credentials",
    "delete": "DELETE /credentials/{credentialId}"
  },
  "fields": [
    { "name": "credentialId", "type": "string", "writable": false, "source": "Allegion-assigned" },
    { "name": "userId", "type": "string", "writable": "on-create", "source": "ACS-supplied" },
    { "name": "userEmail", "type": "string", "writable": "on-create", "source": "ACS-supplied" },
    { "name": "userName", "type": "string", "writable": "on-create", "source": "ACS-supplied" },
    { "name": "accessProfile", "type": "string", "writable": "on-create", "source": "ENGAGE access profile id" },
    { "name": "validFrom", "type": "date-time", "writable": "on-create" },
    { "name": "validTo", "type": "date-time", "writable": "on-create" },
    { "name": "status", "type": "enum", "writable": false, "values": ["Active", "Revoked", "Expired"] },
    { "name": "createdAt", "type": "date-time", "writable": false },
    { "name": "revokedAt", "type": "date-time", "writable": false, "nullable": true }
  ],
  "integrationBoundary": {
    "issuer": "Access Control System / Access Management Platform",
    "broker": "Engage Cloud (api.allegion.com/engage)",
    "consumer": "Allegion BLE Mobile Access SDK on user's iOS or Android device",
    "verifier": "ENGAGE Gen 2 Schlage / Von Duprin hardware over BLE",
    "auth": "alle-subscription-key header + Basic Auth derived from ENGAGE credentials",
    "agreement": "Allegion Security Token Agreement must be signed before API or SDK access is granted"
  }
}