====== API ======
Use ITFlow's API to work with ITFlow in scripts third-party applications.
The current version of the ITFlow API is v1. It can be accessed at **itflow.example.com/api/v1/{module}/{function}.php**
===== Generating an API Key =====
- Login and navigate to the **Admin Settings** page
- Select **API Keys**
- Select **Create** to open the New Key modal
- On Details tab, input the key name and expiration date. Select whether the key will allow access to all clients or a specific client
- On Keys tab, note down the API key and credential password and select the checkbox to confirm you've made a copy of the keys. You will not see these admin in the admin interface.
- Select Create to add the key into the database
===== Modules with API support at present =====
* assets
* certificates
* clients
* contacts
* credentials (logins)
* domains
* networks
* software
* tickets
===== API Functions =====
* read
* create //(partial)//
* update //(partial)//
* delete //(partial)//
* //We may also add archive//
===== Request Methods =====
* GET - Retrieving (READ) data
* POST - Inserting (CREATE), Updating (UPDATE) or Deleting (DELETE) data
==== Data Returned ====
* Success - True/False
* Message - Failure info / Helpful debug info
* Count - Count of rows affected/returned
* Data - The data requested/created/changed
==== Notes ====
* For read requests, 50 records are shown by default. This can be adjusted by supplying the ''limit'' and ''offset'' parameters.
* For POST requests, the ''client_id'' parameter is always required if the API key used has scope/access to all clients
* Be sure to check your Apache/PHP error logs if you're running into issues
==== API Docs/Examples ====
Documentation / an example of how to use a module API endpoint is shown on that module's doc page. Additional examples are available [[https://github.com/itflow-org/itflow-api-powershell|here]].
----
====== API Reference Guide ======
**Current API v1 Endpoints, Authentication, Examples, and Integration Guide**
===== Quick Start Guide =====
==== Your First API Call in 5 Minutes ====
- **Generate API Key**
- Login to ITFlow as admin
- Navigate to **Admin > API**
- Click **New Key**
- Choose scope: **All Clients** (for testing) or **Specific Client**
- Copy the generated key
- **Test Connection**
curl "https://itflow.yourdomain.com/api/v1/clients/read.php?api_key=YOUR_KEY&limit=1"
- **Expected Response**
{
"success": "True",
"count": 1,
"data": [{"client_id": "123", "client_name": "Example Corp"}]
}
===== API Overview =====
**Source**: ITFlow official documentation at docs.itflow.org/api
* **Base URL**: ''/api/v1/{module}/{function}.php''
* **Version**: 1.0 (current)
* **Authentication**: API Key via query parameter ''?api_key=YOUR_KEY''
* **Response Format**: JSON with ''success'', ''message'', ''count'', ''data'' fields
* **Pagination**: Default 50 records, adjustable with ''limit'' and ''offset'' parameters
* **Content-Type**: ''application/json'' for POST requests
* **Character Encoding**: UTF-8 (utf8mb4 in database)
==== Standard Response Format ====
**Source**: ITFlow official API documentation
{
"success": "True|False",
"message": "Descriptive status message",
"count": 50,
"data": [
{
"id": 123,
"field": "value"
}
]
}
===== Authentication & Security =====
==== API Key Management ====
* **Generation**: Admin > API > New Key
* **Scoping Options**:
* **All Clients**: Full access to all client data
* **Specific Client**: Limited to single client (''client_id'' required)
* **Usage**: Query parameter ''?api_key=YOUR_KEY''
* **Security**: Keys stored encrypted in database
==== Best Practices ====
**Source**: MSP community recommendations and security standards
* **Rotate keys** regularly (monthly recommended)
* **Use client-scoped keys** for third-party integrations
* **Store keys securely** (environment variables, not code)
* **Monitor usage** via Apache/PHP logs
* **Use HTTPS only** for all API calls
===== Currently Available Modules =====
**Source**: ITFlow official API documentation confirms these modules have API support:
==== Assets ''/api/v1/assets/'' ====
**Purpose**: Computer and equipment inventory management
**Source**: [[https://docs.itflow.org/assets|ITFlow Assets Documentation]]
* ''GET /read.php'' - List/get asset information
* ''POST /create.php'' - Create new asset record
* ''POST /update.php'' - Update existing asset
* ''POST /delete.php'' - Delete asset record
**Complete Fields** (from ITFlow Assets API Documentation):
{
"asset_id": 123,
"client_id": 456,
"asset_name": "Sample Laptop",
"asset_type": "Laptop",
"asset_make": "Dell",
"asset_model": "Optiplex",
"asset_serial": "XYZ",
"asset_os": "Win 10",
"asset_ip": "",
"asset_mac": "",
"asset_status": "Deployed",
"asset_purchase_date": "0000-00-00",
"asset_warranty_expire": "0000-00-00",
"install_date": "0000-00-00",
"asset_notes": "",
"asset_vendor_id": "",
"asset_location_id": "",
"asset_contact_id": "",
"asset_network_id": ""
}
==== Certificates ''/api/v1/certificates/'' ====
**Purpose**: SSL/TLS certificate management and expiration tracking
**Source**: [[https://docs.itflow.org/certificates|ITFlow Certificates Documentation]]
* ''GET /read.php'' - List/get certificate information
* ''POST /create.php'' - Create certificate record
* ''POST /update.php'' - Update certificate details
* ''POST /delete.php'' - Delete certificate record
**Complete Fields** (from ITFlow Certificates API Documentation):
{
"certificate_id": 123,
"client_id": 456,
"certificate_name": "ITFlow Demo",
"certificate_domain": "demo.itflow.org",
"certificate_issued_date": "2024-01-01",
"certificate_expire_date": "2025-01-01",
"certificate_issuer": "Let's Encrypt",
"certificate_public_key": "[Certificate content]",
"certificate_notes": "Auto-renewal enabled"
}
==== Clients ''/api/v1/clients/'' ====
**Purpose**: Customer/company management
**Source**: [[https://docs.itflow.org/clients|ITFlow Clients Documentation]]
* ''GET /read.php'' - List/get client information
* ''POST /create.php'' - Create new client
* ''POST /update.php'' - Update client details
* ''POST /delete.php'' - Delete client record
**Complete Fields** (from ITFlow Clients API Documentation):
{
"client_id": 111,
"client_lead": 0,
"client_name": "Let it burn Inc",
"client_type": "Safety and Fire",
"client_website": "example.com"
}
Note: Full field list is partially documented. The API returns numbered keys alongside named keys in the response format.
==== Contacts ''/api/v1/contacts/'' ====
**Purpose**: Individual contact management within client organizations
**Source**: ITFlow official API documentation lists contacts as supported module
* ''GET /read.php'' - List/get contact information
* ''POST /create.php'' - Create new contact
* ''POST /update.php'' - Update contact details
* ''POST /delete.php'' - Delete contact record
**Available Fields**: Contact table structure includes fields like ''contact_department'' as confirmed by GitHub Issue #458, but complete API field specification is not fully documented.
==== Credentials ''/api/v1/credentials/'' ====
**Purpose**: Password and login management (encrypted storage)
**Source**: ITFlow official API documentation lists credentials (logins) as supported module
* ''GET /read.php'' - List/get credential information
* ''POST /create.php'' - Create new credential record
* ''POST /update.php'' - Update credential details
* ''POST /delete.php'' - Delete credential record
**Available Fields**: Database migration scripts confirm ''login_folder_id'' field addition, but complete API field specification requires further documentation.
==== Domains ''/api/v1/domains/'' ====
**Purpose**: Domain name management and renewal tracking
**Source**: [[https://docs.itflow.org/domains|ITFlow Domains Documentation]]
* ''GET /read.php'' - List/get domain information
* ''POST /create.php'' - Create domain record
* ''POST /update.php'' - Update domain details
* ''POST /delete.php'' - Delete domain record
**Complete Fields** (from ITFlow Domains API Documentation):
{
"domain_id": 123,
"client_id": 456,
"domain_name": "itflow.org",
"domain_registrar": "GoDaddy",
"domain_webhost": "SiteGround",
"domain_expire": "2025-03-15",
"domain_ip": "192.168.1.1",
"domain_name_servers": "ns1.example.com, ns2.example.com",
"domain_mail_servers": "mx1.example.com",
"domain_notes": "Auto-renewal enabled"
}
==== Networks ''/api/v1/networks/'' ====
**Purpose**: Network infrastructure documentation
**Source**: ITFlow official API documentation lists networks as supported module
* ''GET /read.php'' - List/get network information
* ''POST /create.php'' - Create network record
* ''POST /update.php'' - Update network details
* ''POST /delete.php'' - Delete network record
**Available Fields**: Database migration scripts show network interface relationships, but complete API field specification requires further documentation.
==== Software ''/api/v1/software/'' ====
**Purpose**: Software license and application tracking
**Source**: ITFlow official API documentation lists software as supported module
* ''GET /read.php'' - List/get software information
* ''POST /create.php'' - Create software record
* ''POST /update.php'' - Update software details
* ''POST /delete.php'' - Delete software record
**Status**: Module confirmed as available but dedicated documentation page not found. Database includes software table as confirmed by installation scripts.
==== Tickets ''/api/v1/tickets/'' ====
**Purpose**: Help desk and issue tracking
**Source**: [[https://docs.itflow.org/tickets|ITFlow Tickets Documentation]]
* ''GET /read.php'' - List/get ticket information
* ''POST /create.php'' - Create new ticket
* ''POST /update.php'' - Update ticket details
* ''POST /delete.php'' - Delete ticket record
**Complete Fields** (from ITFlow Tickets API Documentation):
{
"ticket_id": 3,
"ticket_prefix": "TCK-",
"ticket_number": 3,
"ticket_category": null,
"ticket_subject": "Computer broken"
}
Note: Full field list is partially documented. The API returns numbered keys alongside named keys in the response format.
===== Current API Capabilities =====
==== Standard Operations (All Modules) ====
* **READ**: Retrieve single record or list of records
* **CREATE**: Add new records with validation (partial support)
* **UPDATE**: Modify existing records (partial support)
* **DELETE**: Remove records (partial support)
==== Query Parameters (read.php endpoints) ====
* ''client_id'' - Filter by specific client
* ''limit'' - Number of records to return (default: 50)
* ''offset'' - Number of records to skip for pagination
* API key required on all requests
==== Response Format (Standardized) ====
{
"success": "True|False",
"message": "Descriptive message",
"count": 1,
"data": [
{
// Record data with both numbered and named keys
}
]
}
===== Current Authentication =====
==== API Key Generation ====
- Navigate to Admin panel in ITFlow
- Click on API section
- Click **New Key** to generate
- Choose scope: specific client or all clients
- Copy generated key for use
==== API Key Usage ====
* **Method**: Query parameter
* **Format**: ''?api_key=YOUR_API_KEY''
* **Scope**: Can be limited to specific client or all clients
* **Access**: Currently all-or-nothing permissions
==== Security Features ====
* **Encrypted Storage**: API keys stored securely
* **Client Scoping**: Keys can be limited to specific clients
* **Access Logging**: API usage tracked in logs
===== Current Limitations =====
==== Missing CRUD Operations ====
* **UPDATE**: Limited support across modules
* **DELETE**: Limited support across modules
* **ARCHIVE**: Not implemented
==== Missing Advanced Features ====
* **Bulk Operations**: No batch create/update/delete
* **Advanced Search**: No full-text search or complex filtering
* **Webhooks**: No real-time event notifications
* **File Upload**: No direct file management API
* **Relationships**: Limited cross-module data retrieval
==== Missing Business Modules ====
* **Invoices/Billing**: No financial transaction APIs
* **Quotes**: No sales proposal management
* **Time Tracking**: No billable hour recording
* **Calendar**: No scheduling or appointment APIs
* **Reports**: No automated report generation
==== Authentication Limitations ====
* **Granular Permissions**: No module-specific access control
* **OAuth**: Only API key authentication available
===== API Usage Examples =====
==== Get All Clients ====
GET /api/v1/clients/read.php?api_key=YOUR_KEY
==== Get Specific Asset ====
GET /api/v1/assets/read.php?api_key=YOUR_KEY&asset_id=123
==== Create New Ticket ====
POST /api/v1/tickets/create.php
Content-Type: application/json
{
"api_key": "YOUR_KEY",
"client_id": 456,
"ticket_subject": "Printer offline",
"ticket_details": "Office printer not responding",
"ticket_priority": "Medium"
}
==== List Client Assets ====
GET /api/v1/assets/read.php?api_key=YOUR_KEY&client_id=456
===== Integration Capabilities =====
==== What Works Today ====
* **Basic CRUD**: Create/read operations for core modules
* **Client Management**: Full customer database management
* **Asset Tracking**: Computer and equipment inventory
* **Ticket Creation**: Help desk ticket automation
* **Documentation**: Network, domain, certificate tracking
==== What's Missing for Full Automation ====
* **Financial Operations**: No billing/invoicing automation
* **Real-time Events**: No webhook triggers for automation
* **Bulk Data Sync**: No efficient mass data operations
* **File Management**: No document upload/download APIs
* **Advanced Workflows**: No time tracking or scheduling APIs
===== Error Handling & Troubleshooting =====
==== Standard Error Codes ====
**Source**: HTTP standard codes - ITFlow API observed behavior
* **200**: Success - Request completed successfully
* **400**: Bad Request - Invalid parameters or malformed request
* **401**: Unauthorized - Invalid or missing API key
* **403**: Forbidden - API key lacks required permissions
* **404**: Not Found - Endpoint or record doesn't exist
* **500**: Server Error - Internal ITFlow error
==== Common Error Messages ====
**Source**: Observed API responses
{
"success": "False",
"message": "Invalid API key",
"count": 0,
"data": []
}
==== Troubleshooting Steps ====
**Source**: Community experience and [[https://docs.itflow.org/installation|ITFlow Installation Documentation]]
- **API Key Issues**
* Verify key is correct (copy/paste errors common)
* Check key scope (client-specific vs all clients)
* Confirm key hasn't been deactivated
- **Permission Errors**
* Add ''client_id'' parameter for scoped keys
* Verify client_id exists and is accessible
- **Server Errors**
* Check Apache/PHP error logs: ''/var/log/apache2/error.log''
* Verify ITFlow database connectivity
* Check PHP memory limits for large requests
- **Data Issues**
* Validate required fields for POST requests
* Check data types (strings, integers, dates)
* Verify foreign key relationships exist
==== Debug Mode ====
**Source**: ITFlow admin settings and [[https://docs.itflow.org/faq|ITFlow FAQ]]
Enable PHP error reporting in ITFlow settings for detailed error messages during development.
===== Integration Examples =====
==== PowerShell Examples ====
**Source**: [[https://github.com/itflow-org/itflow-api-powershell|ITFlow PowerShell Repository]]
**List All Clients**:
$apiKey = "YOUR-API-KEY"
$baseUrl = "https://itflow.yourdomain.com"
$uri = "$baseUrl/api/v1/clients/read.php?api_key=$apiKey"
Invoke-RestMethod -Uri $uri | ConvertTo-Json
**Create New Asset**:
$uri = "https://itflow.yourdomain.com/api/v1/assets/create.php"
$body = @{
"api_key" = "YOUR-API-KEY"
"asset_name" = "Sample Laptop"
"asset_type" = "Laptop"
"asset_make" = "Dell"
"asset_model" = "Optiplex"
"client_id" = "1"
} | ConvertTo-Json
Invoke-RestMethod -Method Post -Uri $uri -Body $body -ContentType "application/json"
==== PHP Examples ====
==== Python Examples ====
import requests
api_key = "YOUR_API_KEY"
base_url = "https://itflow.yourdomain.com/api/v1/"
# Get all clients
response = requests.get(f"{base_url}clients/read.php?api_key={api_key}")
data = response.json()
print(data)
# Create new ticket
ticket_data = {
"api_key": api_key,
"client_id": 456,
"ticket_subject": "Network issue",
"ticket_details": "Unable to access shared drive",
"ticket_priority": "High"
}
response = requests.post(f"{base_url}tickets/create.php", json=ticket_data)
result = response.json()
print(result)