Skip to content

Test Agent

The test agent offers a REST-style API for many of the functionalities that can be executed against a Tapkey locking device. It can be used for different kinds of tasks during development, testing and production, e.g. for automating certain functionalities or executing functions, that are not available via the regular Tapkey app.


The test agent is a mobile application that runs on an Android device and offers a web interface around its REST API which can be accessed from any device on the same network. The web interface provides a way to execute commands on Tapkey locks using the Android device's Bluetooth connection. While the web interface is convenient to use and sufficient for many use cases, the REST API can be used directly to automate different scenarios. The test agent comes with a set of ready-to-use scripts.


The connection to the test agent's web interface is not secure. Do not use the test agent in sensitive scenarios and take proper measures to secure your network.


The test agent is available for Android and iOS and can be installed via Google PlayStore and Apple AppStore but are not publicly listed and therefore not findable through the stores directly.

To install the app open the following links on the smartphone:



Starting App

Once the application is installed, start the test agent using the start button in the app's main view. It will also show the address where the web interface is served. The web interface can now be accessed from any device on the same network and provides a convenient way to execute commands on Tapkey locks.

A screenshot of the test agent's main view

A screenshot of the test agent's main view


In order to use the web interface, the device running the user-agent needs to be able to access internet resources.


In order to allow the test agent to retrieve mobile keys or download firmware from the Tapkey Trust Service, the test agent must be authenticated first.

The following steps outline the authentication process for the test agent:

  1. Open the web interface from another device.
  2. Scroll to the authentication section (auth), which is the first section in the list of operations.
  3. Use the /login operation to authenticate using OAuth. Note that, due to the nature of the OAuth Authorization Code flow, this operation cannot be executed from the web interface directly, but instead must be accessed directly in a separate tab or window of the user agent.
  4. Once redirected to the Tapkey login page, log in to the desired Tapkey account and grant all requested permissions to the test agent.
  5. At this point, the user agent is redirected to localhost:8080, which is not accessible. Replace localhost with the address of the device running the test agent. Make sure to leave the rest of the URL untouched.[^1]
  6. The test agent is now authenticated and ready to use.


The test agent will have access to all mobile keys and data that the user, who authenticated the agent, has access to.


In order to use the OAuth flow as outlined in this section, the device running the user-agent needs to be able to access the Internet.


The API is described in a Swagger document. For usage details please refer to it.