P-73 Kasba Industrial Estates, Phase-II, Kolkata-700107

+91-7550670 670

How to Integrate Biometric Devices with Your HRMS, ERP, or Business Software

Every method, vendor-neutral, with a step-by-step workflow.

Integrating a biometric device with your software is simpler than it looks: the device captures a punch — face, fingerprint, or card — and your software reads that event through an API and applies its own logic. This guide covers every method, from REST API polling to push-based webhooks to on-device access control, with architecture patterns, a data-format reference, and a step-by-step workflow that works regardless of your language or stack. It’s written by a hardware manufacturer, so it’s honest about the trade-offs.

Integration methods
3
REST API, all devices
1
SDKs required
0
Manufacturer since
1996

Written by Fortuna — a biometric device manufacturer since 1996, with 200,000+ devices deployed across 20,000+ organizations

At a glance

Three ways to connect: REST API polling (pull), push webhooks, and on-device access control

Data per punch: user/employee ID, timestamp, recognition status, device name — JSON over HTTPS

Pick by need: batch attendance → pull · instant door → on-device · live dashboards → push

Offline-safe: devices cache punches locally and sync when the network returns

How Fortuna does it: one pull-based REST API across every device — no SDK, cloud or on-premise, multi-tenant

Fortuna devices deployed across

Who should read this biometric integration guide

HRMS and payroll software developers

You have a working HRMS or payroll system and want to offer clients biometric attendance. You need punch data flowing into your attendance module so shifts, overtime, and leave calculate automatically — a device that exposes its data through an API your software can read.

ERP platform teams

Your ERP covers procurement, inventory, finance, and HR. The HR module needs physical attendance validation from devices at client sites. You need a vendor that supports multi-tenant deployments and keeps each client's data isolated.

Gym and fitness management software

Your platform manages memberships, bookings, and trainer schedules. You need biometric check-in tied to membership validation — instant grant/deny at the entrance, plus visit history for retention analytics. Sub-second response at the gate is non-negotiable.

School and college ERP builders

Your system handles admissions, fees, timetables, and parent communication. You need gate-level or classroom-level biometric attendance that syncs student and staff data back to your platform, plus careful handling of biometric data for minors.

Hospital information system developers

Your HIS manages patient records, staff rosters, and department access. You need time-and-attendance for nurses and doctors across rotating shifts and wards, plus role- and zone-based door access for restricted areas.

Custom developers and system integrators

You build bespoke software for niche clients — logistics, co-working, government, manufacturing. Each project has unique attendance or access rules, and you need a biometric hardware partner whose API is flexible enough to map to any business logic.

Three ways to connect a biometric device to your software

How do you integrate a biometric device with software?

A biometric device captures an identity event (face, fingerprint, card) and exposes it so your software can consume it — by your software pulling events from an API, by the device pushing events to your endpoint, or by the device deciding locally (for access control) and reporting the event afterward. Choose the pattern by your real-time needs, your server setup, and how many devices you’ll manage.

1. REST API polling (pull-based)

Your software periodically calls the device's platform to fetch new punch records — every few seconds for near-real-time, or every few minutes for batch. Simple to build: your server initiates every call, so no inbound firewall rules are needed. Data is as fresh as your polling interval.

This is how Fortuna's platform works — a pull-based REST API, with a punch typically available within about two minutes. Pull is deliberately robust on the intermittent connections common at real sites.

2. Push-based webhooks (event-driven)

The device or its platform POSTs a JSON payload to your callback URL the instant a punch happens. Lower latency, fewer resources than constant polling — but your endpoint must be publicly reachable and always online.

Honest note: Fortuna's cloud API is pull-based, not webhook-push. For the case where webhooks are usually proposed — instant door decisions — Fortuna handles it more directly on the device itself, avoiding a cloud round-trip.

3. On-device access control (local)

For access control, the terminal makes the grant/deny decision locally in under a second and drives the door directly through Wiegand, OSDP, or a relay output — then reports the event to your software via the API for logging. No cloud round-trip sits between the scan and the door.

This is how Fortuna handles real-time access — instant at the door, with the API used for the audit trail rather than the live decision.

Criteria

REST API polling (pull)

Push webhooks

On-device control

Real-time latency

Seconds to minutes

Sub-second

Instant at the door

Server requirement

Scheduler / cron

Public endpoint, always on

None for the decision

Best for

Batch attendance

Live dashboards

Door / turnstile access

Cloud dependency

Yes

Yes

No (local decision)

Fortuna support

Yes — the platform API

Not webhook-push

Yes — Wiegand/OSDP/relay

Step by step: integrating a biometric device with your software

1

Choose a device with open API support

Confirm the device offers a documented REST API and a clear JSON format over HTTPS. Ask for sample responses and test credentials before committing. Fortuna terminals expose the same REST API — no SDK required — with documentation and a Postman collection at onboarding.

2

Get the device online and pointed at your platform

Connect the device to the network (Ethernet, Wi-Fi, or 4G) and set where it reports. Fortuna devices can ship pre-configured to your endpoint, so they register on first connection — power on, connect, done.

3

Authenticate and verify the connection

Obtain your credentials and make a first status call that returns the device identity and online state. If it succeeds, your connection is live; if not, check network, ports, and credentials. (Authentication details are provided to partners on approval.)

4

Sync users and enroll biometrics remotely

Map your software's employee/member IDs to device users and push each user through the API. Send a photo and the platform trains the face model and pushes it to the assigned terminals — no on-device enrollment, and one bulk call can create, update, or deactivate many users.

5

Read attendance and access events

Request new transactions on your schedule and parse the JSON. A representative payload:

6

Apply your business logic

Raw punches are just timestamped events; your software turns them into meaning — present/absent, late marks, overtime, class-period or shift matching, membership validation. The device provides the input; your platform owns the rules.

6

Handle offline, test, and go live

Devices cache punches locally and sync when the network returns; reconcile gaps in the timeline. Run in parallel with existing records, log every call, add retry with backoff for failed syncs, then switch to production.

Biometric devices you can integrate — face, fingerprint, and access control

Every networked Fortuna terminal connects to the same REST API, so you build one integration and deploy whichever device the environment needs.

Integration notes by software type — HRMS, ERP, gym, school, hospital

HRMS and payroll software

Push the employee master to the device; pull clock-in/out events; suppress marking on approved leave dates. Your payroll engine consumes the processed attendance.

ERP platforms (SAP, Oracle, ERPNext, custom)

Hierarchical user sync (department → team → employee), per-client data isolation via multi-tenant accounts, and event logs for audit. Each client's devices report into their own tenant.

Gym and fitness management software

Enroll a member's face via the API at signup; validate membership on entry. Real-time at the gate is handled on-device — the terminal grants or denies locally and drives the turnstile, then reports the visit for history and retention analytics.

School and college ERP systems

Student/staff master sync with photos for face enrollment; pull attendance and map it to periods or gate windows; trigger parent notifications from your own workflow. Apply your jurisdiction's rules for minors' data.

Hospital information systems

Shift-roster integration for rotating nurse/doctor shifts; zone-based access (ICU, pharmacy, records) handled on-device with the API for the audit trail; visitor check-in validation.

Custom applications and SIs

One flexible REST API maps to any business logic — logistics, co-working, government, manufacturing. Build one connector and reuse it across every Fortuna device a project needs.

Why Fortuna

Why software companies integrate with Fortuna devices

One REST API across every device — no SDK

Face, fingerprint, card, handheld, and IoT access control all share one API, one auth model, and one JSON format. Build the integration once; it works across every Fortuna model. No device SDK, no low-level commands — standard HTTP.

Pull-based and offline-resilient

The platform API is pull-based REST, so your integration stays predictable even on the intermittent connections common at real sites. Devices cache punches locally and sync when the network returns; no data is lost.

Remote enrollment and pre-configured devices

Enroll a user by sending a photo — the platform trains the face model and pushes it to the terminals, with no on-device step. Devices can ship pre-configured to your endpoint, so deployment at a client site is a plug-in step.

Real-time at the door, handled on the device

For access control, the terminal decides locally and drives the door through Wiegand, OSDP, or relay in under a second — no cloud round-trip — while the API delivers the event for logging.

Multi-tenant, cloud or on-premise

One instance manages many isolated customer accounts. Run it in Fortuna's cloud, your cloud, or fully on-premise for clients in banking, government, defence, or healthcare.

Manufacturer-direct, white-label at volume

You integrate directly with the company that designs and builds the hardware — no third-party middleware in the path. At volume, devices can carry your branding.

Build your integration against real hardware

Get API documentation, a Postman collection, and a test device — validate the integration in your own environment, cloud or on-premise, before you commit to volume.

FAQ

Biometric device integration — frequently asked questions

Can I integrate a biometric device with any software?

Yes, provided the device supports API communication. Devices with a REST API can connect to any software — HRMS, ERP, gym, school, hospital, or custom — regardless of your programming language or framework.

Polling means your software periodically requests new data from the device’s platform. Push means the device sends data to your endpoint automatically when an event occurs. Push is lower-latency but needs a public, always-on endpoint; polling is simpler and needs no inbound access. Fortuna’s platform uses polling (pull); for instant door decisions, Fortuna decides on the device itself rather than via a cloud webhook.

A typical record is JSON over HTTPS containing the user or employee ID, the timestamp, the recognition status (for example, authorized or unrecognized), and the device name — enough to route and process events across sites.

No. API-enabled devices communicate from their firmware. You configure where the device reports (or it ships pre-configured), and it handles communication natively — no agent to install.

Quality devices store punches locally (tens of thousands of records) and sync automatically when connectivity returns, preserving original timestamps. Your integration should reconcile gaps by checking the timeline and pulling any missing records.

Any language that can make HTTP requests — Python, Node.js, PHP, Java, C#, Go, Ruby. Fortuna’s API is language-agnostic REST with no SDK required, so you’re not tied to a specific platform.

It depends on scope. A basic attendance integration — pulling punches and syncing users — is quick; adding access-control rules, multi-site routing, or richer event processing takes longer. Building against real test devices with documentation and a Postman collection is the fastest path.

Yes, but each brand has its own API and data format, so you’d build a connector per brand. A manufacturer with one unified API across its models avoids that — Fortuna uses the same API across face, fingerprint, card, and access-control devices.

Use HTTPS/TLS for all calls, authenticate every request, apply least-privilege access, and log transactions. Store only reference IDs in your software — biometric templates are kept as encrypted mathematical representations on the device, not images, and shouldn’t be copied into your database.

Fortuna offers test devices for integration development. You receive API documentation and a Postman collection, and can validate the integration in your own environment — cloud or on-premise — before committing to volume. Request one below, or see the biometric device API page.

Start your integration — request a test device

Get a Fortuna biometric device for your development team with API documentation, a Postman collection, and integration support. Validate the integration in your own environment — cloud or on-premise — before you commit to volume.

One REST API across every device — no SDK

Documentation and a Postman collection included

Validate in your own environment — cloud or on-premise

Biometric hardware made in India since 1996







    Fortuna has manufactured biometric devices in India since 1996 · one REST API, no SDK, no third-party middleware · cloud or on-premise.