One REST API across every Fortuna biometric device — built by the manufacturer, no SDK.
Fortuna’s biometric device API lets software companies read attendance and access data — and enroll users — across every Fortuna face, fingerprint, and card terminal through one REST API. Integrate biometric devices with your HRMS, ERP, payroll, or SaaS platform using standard GET and POST calls. No device SDK, no third-party middleware. Run it in our cloud, your cloud, or fully on-premise.
200,000+ devices deployed · trusted by BARC, BrahMos, Tata Steel, and IIT Bombay · no third-party middleware
At a glance
Fortuna devices deployed across
Who it’s for
Your customers want biometric attendance without leaving your platform. Fortuna terminals capture every clock-in and clock-out; your software pulls those events through the API and runs its own shift, overtime, and payroll logic. The device is the data source — your software stays the system of record.
Your platform handles memberships, bookings, and billing. Put a Fortuna face-recognition terminal at the entrance, enroll each member's face through the API when they sign up in your app, and pull check-in events to validate membership and log visits. Members never touch a separate admin screen.
Your ERP manages students, fees, timetables, and parent communication. Install Fortuna terminals at entry points, enroll students through the API, and pull attendance into your existing reporting and parent-notification workflows.
Your platform runs pre-registration, check-in, and host notification. Use Fortuna terminals as the lobby hardware layer — enroll returning visitors via API, pull check-in events into your cloud, and keep the entire experience inside your product.
Your software manages door permissions, zones, and event logging. Fortuna terminals and panels support Wiegand and OSDP output for direct door control, and the REST API delivers access events to your platform for logging and reporting.
Your platform schedules shifts and deploys field teams. Fortuna's 4G and Wi-Fi handheld terminals — including iCON, the world's smallest biometric terminal — capture attendance on site, cache it offline, and sync to your platform through the API when connectivity returns.
How it works
What is a biometric device API?
A biometric device API is a web interface (REST over HTTP) that lets your software read events from — and manage users on — biometric hardware, without a device-specific SDK or low-level commands. Fortuna’s biometric device API exposes every networked terminal through four resources: users, templates, terminals, and transactions, using standard GET and POST calls.
Create, read, update, and delete the people enrolled on your devices. Map each user to your own system's ID so events come back tagged the way your software expects.
Enroll a user's face or fingerprint and push the template to any terminal through the API — no one walks up to the device. Update or remove templates remotely as people join or leave.
Read device status, enrolled-user count, and last-sync time across your whole fleet. Manage terminals from your own admin panel instead of sending a technician to each site.
Pull events on demand or on a schedule. Each record carries the employee ID, the punch time, the recognition status (for example, authorized or unrecognized), and the device name.
Your software requests new transactions through a GET call — every minute, every few minutes, or on demand — and the API returns events since your last sync. A punch typically becomes available to pull within about two minutes. Predictable even on intermittent connections.
Add a person in your software, send a photo through the API, and the platform trains the face model and pushes it to the assigned terminals. A single bulk call creates, updates, or deactivates many users at once — nobody touches the device's admin screen.
The platform runs three ways: hosted on Fortuna's cloud, hosted on your own cloud, or deployed on-premise so attendance and biometric data never leave your network. On-premise is what makes Fortuna viable for banks, government, defence, and hospitals.
A single hosted instance manages multiple customer accounts, each isolated from the others. If your product serves many end customers — or you're a distributor or system integrator — you onboard each as a tenant without standing up separate infrastructure.
Fortuna terminals store every punch locally and keep working when the internet doesn't. When the connection returns, cached events sync in order with their original timestamps. Your software pulls them the same way it pulls live events. No data is lost during an outage.
Any language that sends and receives HTTP requests works — Python, Java, Node.js, PHP, C#, Go, Ruby. No device SDK, no low-level commands. Integration partners receive documentation and a Postman collection to accelerate the build.
Every networked Fortuna terminal connects to the same API — one face recognition device API and fingerprint device API in a single integration. Pick hardware by environment and biometric mode; the integration stays identical across all of them.















Use cases
Install terminals at each client office, enroll employees through the API, and pull clock-in/clock-out events on a schedule. Your HRMS runs its own shift and overtime rules and generates payroll-ready timesheets. Employees never meet Fortuna's software.
Enroll a member's face through the API the moment they sign up, then pull entrance events to validate membership and log visits. When a membership lapses, the platform stops honoring the check-in. De-enrollment is one API call.
Enroll students through the API and pull attendance from classroom terminals into your own reporting and parent-notification flow.
Use Fortuna terminals as lobby hardware — enroll returning visitors via API and pull check-in events into your cloud for host notification and audit.
Deploy iCON or other 4G handhelds to field teams. Devices capture attendance on site, cache it offline, and sync to your platform through the API when back online — feeding your own scheduling and timesheet logic.
Run Fortuna readers at doors and turnstiles using Wiegand or OSDP for direct control, and pull access-granted and access-denied events through the API for logging, compliance reporting, and alerts.
Why Fortuna
Face, fingerprint, card, handheld, IoT access control — one REST API covers the whole range. Write the integration once and deploy any Fortuna terminal a client needs, from an entry-level reader to an IP65 industrial unit. No per-device protocol, no separate SDK per model.
Fortuna designs and builds its own hardware, firmware, and the integration platform in-house. No separate gateway company sits between your software and the devices — and no device SDK or low-level commands to wrestle with. Support comes from the team that built the hardware.
Fortuna devices don't require you to run Fortuna's attendance software. The API is the product. Use the terminals purely as biometric capture hardware feeding your platform. You own the user experience, the data, and the workflow.
Run the platform in Fortuna's cloud, or inside your own network when a client won't let identity data leave their walls. That single option opens banks, government, defence, and hospitals — the buyers most middleware services can't serve.
Fortuna has manufactured biometric hardware in India for nearly three decades — 200,000+ devices deployed, trusted by BARC, BrahMos, Tata Steel, and IIT Bombay. Field-tested for dust, humidity, and 24/7 operation.
Get API documentation, a Postman collection, and a test device — validate the integration in your own environment, cloud or on-premise, before you commit to volume.
FAQ
No. The devices work as standalone biometric capture terminals with an open REST API. You connect them to your own software. Fortuna’s own attendance products (including timely.bio) are separate and are not required for API integration.
Each transaction record includes the employee ID, the punch time, the recognition status (for example, authorized or unrecognized), and the device name — enough to route and process events across any number of sites. Data is returned as JSON over HTTPS.
You pull. Your software requests new transactions through a GET call on whatever schedule you choose — on demand or at a fixed interval — and the API returns events since your last sync. A punch typically becomes available to pull within about two minutes. This keeps the integration predictable even on intermittent connections.
Yes. Add a person and send a photo through the API; the platform trains the face model and pushes it to the assigned terminals — no on-device enrollment. A single bulk call can create, update, or deactivate many users at once. Your software controls the full user lifecycle without touching the device’s admin interface.
The terminal stores every punch locally and keeps working offline. When connectivity returns, cached events sync in order with their original timestamps, and your software pulls them like any other event. No data is lost.
The REST API is language-agnostic — any language that sends and receives HTTP requests works, including Python, Java, Node.js, PHP, C#, Go, and Ruby. Integration partners receive documentation to accelerate the build.
Yes. The platform deploys in Fortuna’s cloud or inside your own network, so biometric and attendance data can stay on your infrastructure. On-premise deployment is available for banks, government, defence, healthcare, and other environments with strict data-residency requirements.
Every networked Fortuna terminal — face, fingerprint, card, handheld, and IoT access control — uses the same API. You write one integration and deploy whichever device a client’s environment calls for. See the device table above.
Fortuna terminals support Wiegand output, and Checkmate NxT and NxT+ panels add OSDP and multi-door control for direct door, turnstile, and gate operation. The REST API delivers the corresponding access events to your software for logging and reporting.
No. Replacing SDK and device-level integration with standard REST is the point of the platform. If your software can make HTTP calls, it can run Fortuna devices — typically through a handful of endpoints from registering a device to pulling its first punch.
Yes. A single hosted instance is multi-tenant — it manages many customer accounts in isolation from one another. This suits SaaS products with many end customers, as well as distributors and system integrators rolling out across multiple clients.
Fill in the form below with your product and use case. Fortuna’s integration team will share API documentation and credentials and can ship a test device so you can validate the integration in your own environment before committing to volume
Get started
Tell us what you’re building. We’ll send API documentation and credentials, and we can ship a test device so you can validate the integration in your own environment — cloud or on-premise — before you commit to volume.
fortuna.yellowwood.in
Typically replies within minutes
Any questions related to Biometric Device API Integration?
WhatsApp Us
Online | Privacy policy
WhatsApp us