API Service Accounts - Requesting and Gaining Access

Getting Started

TrackTik's API is offered as a paid-monthly cloud service, but reciprocal partnership agreements without a separate cost are also available. Once access is gained, usage of the API is not limited except by some technical maximums defined to protect your experience and service availability.

To request access, you should reach out to your TrackTik Customer Success Manager/Executive and they will help make arrangements. This will lead to you to a quick consultation with our Developer Relations team about the level of access you need, and an API Service Account will be created for you so you can begin innovating and integrating.

If you're not already a TrackTik customer through its Guarding Suite, Shifts or Guard Tour applications and would like to become one, you can use our Contact Us page to begin your journey.

 

API Service Account

A TrackTik API Service Account is a set of credentials for authentication and role permissions for access control to the data you intend to fetch or create within the TrackTik ecosystem. These are divided like so (green bolded items are data you will use when authenticating and obtaining an Access Token):

OAuth 2 Credentials and Scope

  • Client ID
  • Client Secret
  • Scope is configured for you in a Client Record (defines which API endpoints and actions are available)
  • A URL for requesting Access Tokens

Employee Record, Role and Role Permissions

  • An Employee record is created with generated username and password
  • The Employee is assigned a Role
  • The Role is assigned permissions

NB: The OAuth 2 scope and Employee Role/Permissions will be matched so that the entities, their actions and all their data contexts you need are made available. This helps to protect the integrity of your production data and prevents permissions escalation in case your API or Employee credentials become compromised.

Authenticating (obtaining a JWT Access Token via OAuth 2 Password Flow)

 

NB: Do no provide any values for "scope" since we will have that already configured internally via an OAuth 2 Client Record.

Authenticating (PHP Example via OAuth 2 Password Flow)

<?php
$portal = 'https://<domain>/rest/oauth2/access_token';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $portal);
curl_setopt($ch, CURLOPT_POST, TRUE);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_POSTFIELDS, array(
'client_id' => "d6543cb8...",
'client_secret' => "bdc6ed2e...",
'username' => "username",
'password' => "smart password that isn't 12345",
'grant_type' => 'password'
));
$data = curl_exec($ch);
$auth_string = json_decode($data, true);
$access_token = $auth_string["access_token"];
$refresh_token = $auth_string["refresh_token"];
curl_close($ch);
?>
Was this article helpful?
0 out of 0 found this helpful

Articles in this section

See more