TrackRecordPro API Documentation TrackRecordPro

Authentication Methods

The TrackRecordPro API has two modes of operation. These are:

Basic Mode

In Basic mode, you must authenticate via an SSL client certificate. The SSL client certificate must be self-signed with no certificate chain, and you must upload the public key of this certificate into TrackRecordPro which will then allow API access only to clients which present this certificate to the server. Each connection has full access to all resources accessible to the entire company (and child companies), with no further authentication needed. This is the most common use case, and should be used for example to integrate with your internal systems.

By default this is the access method used by the API, and if you require Impersonation Mode as listed below, you must raise a support ticket and request this access, with justifications as to why it is needed, and we will review your request.

Impersonation Mode

Impersonation mode is a superset of Basic Mode documented above. As well as the requirements of Basic Mode, where you must authenticate with an SSL client certificate, each request must be paired with a valid user and password which exists in the system. This user can exist under any company in the system, and after authenticating this user, any access given will operate under the permissions and access level of that user.

When using impersonation mode, each API call must include an Authorization header which contains a session token, given to you by the login endpoint. This session token is valid for 24 hours if not used, and then expires. The username and password pair must be base64 encoded (as with all "Authorization: basic" requests) and the username portion must be the fixed string "session": For example:

base64_encode("session:4ff0752d38655212e9a4c0546d54022c955f28c34b7b7718e1ad3aadedbedbab") = "c2Vzc2lvbjo0ZmYwNzUyZDM4NjU1MjEyZTlhNGMwNTQ2ZDU0MDIyYzk1NWYyOGMzNGI3Yjc3MThlMWFkM2FhZGVkYmVkYmFi"

GET /3.0/users/id=1
Host: api.trackrecordpro.co.uk
Authorization: Basic c2Vzc2lvbjo0ZmYwNzUyZDM4NjU1MjEyZTlhNGMwNTQ2ZDU0MDIyYzk1NWYyOGMzNGI3Yjc3MThlMWFkM2FhZGVkYmVkYmFi

In Impersonation Mode you may create as many concurrent sessions as you wish each with their own access to the data. This is used to create full front-end systems such as the TrackRecordPro website itself, or a mobile app. You should perform housekeeping by logging out of sessions you are no longer using whenever possible, using the logout endpoint.