Access Control · Gallagher · REST API · Node-RED · KNX · 10 min read

Gallagher Command Centre REST API to KNX: Event Bridge with Node-RED

Gallagher Command Centre 8.x exposes a documented REST API that allows external systems to receive door and access events in near real time. Bridging these events to KNX group addresses via Node-RED enables automatic lighting, HVAC, and security responses to card reader activity — without proprietary integration modules or third-party middleware licences.

Gallagher Command Centre REST API overview

Gallagher Command Centre 8.x includes a built-in REST API server. The API uses OAuth2 client credentials flow for authentication. In the Command Centre server settings, create a REST API client with access to the Events and Doors resources. Note the client ID and client secret — these are only shown once at creation time.

To obtain a bearer token, send a POST request to the token endpoint. The token has a 3600-second (one-hour) expiry. Node-RED handles automatic token refresh by storing the expiry timestamp and re-requesting a token before it expires.

OAuth2 token request

POST /api/access_control/rest/v1/oauth2/token
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials
&client_id=<your_client_id>
&client_secret=<your_client_secret>

Response:
{
  "access_token": "eyJhbGciOi...",
  "token_type": "Bearer",
  "expires_in": 3600
}

Node-RED: store token in flow context variable
  msg.token = msg.payload.access_token
  flow.set('gallagher_token', msg.token)
  flow.set('token_expiry', Date.now() + 3500000)

Polling access events from the REST API

The events endpoint returns access events since a given ISO8601 timestamp. Poll this endpoint every 2-5 seconds for near-real-time event processing. Store the timestamp of the last processed event in Node-RED flow context to use as the next polling start point.

Event polling request

GET /api/access_control/rest/v1/events
  ?after=2024-01-15T09:30:00Z
  &pageSize=50
Authorization: Bearer <access_token>

Response array — each event object contains:
{
  "eventType": "cardReadValid",
  "door": { "name": "Main Entrance", "id": "door-uuid-1" },
  "cardholder": { "name": "John Smith", "id": "ch-uuid-1" },
  "timestamp": "2024-01-15T09:31:45Z"
}

eventType values:
  cardReadValid    — card accepted, door unlocked
  cardReadInvalid  — card rejected (wrong zone, expired)
  doorForced       — door opened without valid access
  doorHeldOpen     — door held open beyond timer threshold
  antiPassbackViol — anti-passback rule violation detected

Install the node-red-contrib-gallagher package via npm in the Node-RED data directory. This package provides pre-built Gallagher input nodes that handle authentication and polling automatically — configure the Command Centre IP address, client ID, and secret in the node configuration panel.

Node-RED flow: door event to KNX group address

The core Node-RED flow processes Gallagher events and writes to KNX group addresses via the KNX write node. Configure the KNX write node with your KNX IP Interface IP address. The switch node filters events by type and door name before triggering KNX actions.

Node-RED flow — card read to KNX actions

Flow: Gallagher event input node
  → switch node
      Rule 1: msg.payload.eventType == "cardReadValid"
              AND msg.payload.door.name == "Main Entrance"
      Rule 2: msg.payload.eventType == "doorForced"
  → Rule 1 output → function node (set KNX payloads)
      msg.knxGA = "3/0/1"   // lobby lights full on
      msg.knxDPT = "1.001"
      msg.knxValue = true
  → KNX write node (IP Interface: 192.168.1.100)

  → function also sends second message:
      msg.knxGA = "4/0/1"   // HVAC occupied mode
      msg.knxValue = true
  → KNX write node

  → Rule 2 output → KNX write node
      GA "8/0/1" DPT 1.001 value true  // alarm siren relay
  → second KNX write node
      GA "3/0/2" DPT 5.001 value 255   // security lights 100%
Gallagher EventKNX Group AddressDPTAction
cardReadValid — Main Entrance3/0/11.001Lobby lights full on
cardReadValid — Main Entrance4/0/11.001HVAC occupied mode
doorForced — any door8/0/11.001Alarm siren relay ON
doorForced — any door3/0/25.001 (255)Security lights 100%
doorHeldOpen — any door8/0/21.001Held-open warning relay

Remote door release from KNX binary input

The reverse direction — triggering a Gallagher door release from a KNX binary input — is equally important. Reception staff with a KNX touchpanel can release the main entrance door remotely without a dedicated access control terminal.

KNX binary input to Gallagher door release

Hardware: MDT SCN-BTL1 binary input at reception touchpanel
KNX telegram on button press → GA 3/1/0 DPT 1.001 value 1

Node-RED KNX input node listens on GA 3/1/0:
  → filter: value == true (rising edge only)
  → HTTP request node:
      Method: POST
      URL: http://<cc-server>/api/access_control/rest/v1/doors/<door_id>/access
      Headers: Authorization: Bearer {flow.gallagher_token}
      Body: { "type": "release" }

Gallagher releases the door for 5 seconds (configured in CC)
Response 200: door release confirmed

door_id: obtain from GET /api/access_control/rest/v1/doors
  Returns array of door objects with id and name fields
  Store Main Entrance door_id in Node-RED environment variable

Gallagher webhooks for real-time event push (CC 8.10+)

Command Centre 8.10 and later supports webhooks — Gallagher pushes events to a configured HTTP endpoint as they occur, eliminating the 2-5 second polling delay. For security-critical applications such as alarm siren activation, webhooks are strongly preferred over polling.

Webhook configuration in Command Centre

In CC server settings → REST API → Webhooks:
  Add webhook URL: http://<node-red-ip>:1880/gallagher-events
  Events to push: AccessGranted, DoorForced, DoorHeldOpen
  Authentication: HMAC-SHA256 shared secret (recommended)

Node-RED: HTTP input node on /gallagher-events
  → verify HMAC signature (function node)
  → identical switch/KNX write flow as polling approach
  → no inject timer needed — events arrive within 200ms

Webhook payload format matches polling event object:
  { "eventType": "...", "door": {...}, "timestamp": "..." }

Advantage: sub-second latency vs 2-5s polling
Use case: door forced alarm must trigger siren immediately
  — polling delay is unacceptable for security events

Multi-tenant office floor occupancy automation

In multi-tenant office buildings, Gallagher zones map to physical floors. Each floor has its own card reader zone, and Gallagher tracks which cardholders are currently on each floor. This zone presence data bridges directly to KNX HVAC zone occupancy for per-floor heating and ventilation control.

Floor-level occupancy to KNX HVAC zones

Gallagher zone configuration:
  Zone A: Floor 1 readers (doors A01, A02, A03)
  Zone B: Floor 2 readers (doors B01, B02, B03)

Node-RED logic:
  On cardReadValid to Floor 1 door:
    → write GA 4/1/1 = true (HVAC zone 1 occupied)
  On cardReadValid to Floor 2 door:
    → write GA 4/2/1 = true (HVAC zone 2 occupied)

Last-person-out event (Gallagher CC 8.x):
  When last cardholder exits zone (zone count = 0):
    Event: "lastPersonOut" for zone A
    → write GA 4/1/1 = false (HVAC zone 1 setback)
    → write GA 3/1/0 = false (floor 1 lights off)
    → wait 300s delay in Node-RED (residual occupancy buffer)
    → write GA 5/1/1 = true (HVAC night setback active)

End-of-day sequence fires automatically when last
cardholder badges out of each floor — no time-based
schedule needed, responds to actual occupancy

Anti-passback integration with KNX alarm

Anti-passback (APB) prevents a cardholder from using their card to enter a zone twice without first exiting — a key tailgating deterrent. When Gallagher detects an APB violation, the event can trigger a KNX alarm state for visual and audible alert at the security desk, combined with CCTV cross-reference.

Anti-passback to KNX alarm sequence

Gallagher event: antiPassbackViol
  → door name, cardholder name, timestamp in event payload

Node-RED:
  → write GA 8/1/0 = true (APB alarm flag KNX)
  → write GA 8/1/1 = cardholder ID (DPT 5.010 mapped ID)
  → security desk touchpanel (MDT or Gira) shows APB alert

CCTV cross-reference (Bosch BVMS plugin):
  Bosch BVMS has optional Gallagher plugin:
    CC alarm event → BVMS pops up camera view for that door
  For KNX-only installations without BVMS:
    APB KNX alarm GA → triggers ONVIF camera snapshot
    via Node-RED http-request to camera snapshot URL
    snapshot stored locally for security review

Reset APB alarm:
  Security desk KNX button → GA 8/1/0 = false
  Node-RED: POST /api/access_control/rest/v1/cardholders/
    {cardholder_id}/antipassback/reset
  CC resets cardholder APB zone status

Commissioning note: test the full event-to-KNX chain by using a test cardholder card and intentionally triggering each event type in sequence — cardReadValid, doorForced, and antiPassbackViol. Verify the correct KNX GAs update in ETS6 Group Monitor within the expected latency (under 1s for webhooks, under 5s for polling).

Need a KNX panel with Gallagher access control integration built to spec?

We design and build low-voltage panels with Node-RED Gallagher REST API bridges, KNX IP Interface configuration, floor-level occupancy logic, and full commissioning documentation delivered tested to your site.

Request a quote →
Loading...
Back to top