mobile/backend

Passive Attendance With iBeacons — and Why the Backend Is the Hard Part

“Attendance from your pocket” sounds like a mobile feature. Most of the difficulty lives on the server: turning a stream of proximity events into a defensible in/out record that reconciles against real hardware and can’t be spoofed from the couch.

Ranging is the easy part

The client side is a beacon-ranging service that starts and stops with user context — active when the user is somewhere presence is plausible, off otherwise, to protect the battery. A test toggle in the app made it possible to exercise the feature in the field without faking data.

That gets you events: “this user was near this beacon at this time.” Trustworthy attendance needs a lot more than that.

The schema is where trust lives

To reconcile a proximity event into an attendance record, the backend needed to know which physical device produced it. That meant adding an attendanceDeviceId to the attendance log and integration device schemas, and introducing an iBeacon assignment schema plus migrations so beacons map to the places and devices they represent.

Once a log entry is tied to a specific device, an event stops being “someone was nearby” and becomes “this user checked in at this door via this hardware” — which is the difference between a metric and a guess.

// Attendance log gains a hard link to the device that produced it.
type AttendanceLog = {
  userId: string;
  timestamp: string;
  attendanceDeviceId: string; // ties the event to real hardware
  direction: "in" | "out";    // sourced from the device, not inferred
};

Direction from the hardware, not a guess

A pair of near/leave events isn’t enough to know whether someone entered or left. Rather than infer direction from timing heuristics, the access direction is read from the door hardware itself, so “in” and “out” are authoritative. That removes a whole class of “the app thinks I left but I didn’t” disputes.

IP restriction for the spoof-from-home case

Some deployments needed a second gate: check-in only counts from an allowed network. Adding an IP-restriction option to attendance settings closed the obvious hole where a beacon simulator or a shared credential could register presence from anywhere.

Stacked together — device-linked logs, hardware-sourced direction, optional network restriction — the proximity signal becomes an attendance record you can actually stand behind.

← All postsNext: Dark Mode Across Eight Apps, From One Source of Truth