meta data for this page
API
Use ITFlow's API to work with ITFlow in scripts third-party applications.
The current version of the ITFlow API is v1. It can be accessed at itflow.example.com/api/v1/{module}/{function}.php
Generating an API Key
- Login and navigate to the Admin Settings page
- Select API Keys
- Select Create to open the New Key modal
- On Details tab, input the key name and expiration date. Select whether the key will allow access to all clients or a specific client
- On Keys tab, note down the API key and credential password and select the checkbox to confirm you've made a copy of the keys. You will not see these admin in the admin interface.
- Select Create to add the key into the database
Modules with API support at present
- assets
- certificates
- clients
- contacts
- credentials (logins)
- documents
- domains
- expenses
- invoices
- locations
- networks
- payments
- products
- quotes
- software
- tickets
- vendors
API Functions
- read
- create (partial)
- update (partial)
- delete (partial)
- We may also add archive
Request Methods
- GET - Retrieving (READ) data
- POST - Inserting (CREATE), Updating (UPDATE) or Deleting (DELETE) data
Data Returned
- Success - True/False
- Message - Failure info / Helpful debug info
- Count - Count of rows affected/returned
- Data - The data requested/created/changed
Notes
- For read requests, 50 records are shown by default. This can be adjusted by supplying the
limitandoffsetparameters. - For POST requests, the
client_idparameter is always required if the API key used has scope/access to all clients - Be sure to check your Apache/PHP error logs if you're running into issues
API Docs/Examples
Documentation / an example of how to use a module API endpoint is shown on that module's doc page. Additional examples are available here.
API
Use ITFlow's API to work with ITFlow in scripts and third-party applications.
The current version of the ITFlow API is v1. It can be accessed at itflow.example.com/api/v1/{module}/{function}.php
Generating an API Key
- Login and navigate to the Admin Settings page
- Select API Keys
- Select Create to open the New Key modal
- On Details tab, input the key name and expiration date. Select whether the key will allow access to all clients or a specific client
- On Keys tab, note down the API key and credential password and select the checkbox to confirm you've made a copy of the keys. You will not see these again in the admin interface.
- Select Create to add the key into the database
Modules with API support
- assets
- certificates
- clients
- contacts
- credentials (logins)
- documents
- domains
- expenses
- invoices
- locations
- networks
- payments
- products
- quotes
- software
- tickets
- vendors
API Functions
- read
- create (partial - see module details)
- update (partial - see module details)
- delete (partial - see module details)
- archive (clients and contacts only)
- unarchive (clients and contacts only)
- resolve (tickets only)
Request Methods
- GET - Retrieving (READ) data
- POST - Inserting (CREATE), Updating (UPDATE), Deleting (DELETE), or Archiving data
Data Returned
- Success - True/False
- Message - Failure info / Helpful debug info
- Count - Count of rows affected/returned
- Data - The data requested/created/changed
Notes
- For read requests, 50 records are shown by default. This can be adjusted by supplying the
limitandoffsetparameters. - For POST requests, the
client_idparameter is always required if the API key used has scope/access to all clients - Be sure to check your Apache/PHP error logs if you're running into issues
API Reference Guide
Current API v1 Endpoints, Authentication, Examples, and Integration Guide
Quick Start Guide
Your First API Call in 5 Minutes
- Generate API Key
- Login to ITFlow as admin
- Navigate to Admin > API
- Click New Key
- Choose scope: All Clients (for testing) or Specific Client
- Copy the generated key
- Test Connection
curl "https://itflow.yourdomain.com/api/v1/clients/read.php?api_key=YOUR_KEY&limit=1"
- Expected Response
{
"success": "True",
"count": 1,
"data": [{"client_id": "123", "client_name": "Example Corp"}]
}
API Overview
- Base URL:
/api/v1/{module}/{function}.php - Version: 1.0 (current)
- Authentication: API Key via query parameter
?api_key=YOUR_KEY - Response Format: JSON with
success,message,count,datafields - Pagination: Default 50 records, adjustable with
limitandoffsetparameters - Content-Type:
application/jsonfor POST requests - Character Encoding: UTF-8 (utf8mb4 in database)
Standard Response Format
{
"success": "True|False",
"message": "Descriptive status message",
"count": 50,
"data": [
{
"id": 123,
"field": "value"
}
]
}
Create Response Format
{
"success": "True",
"count": "1",
"data": [
{
"insert_id": 123
}
]
}
Authentication & Security
API Key Management
- Generation: Admin > API > New Key
- Scoping Options:
- All Clients (client_id = 0): Full access to all client data
- Specific Client: Limited to single client data only
- Usage: Query parameter
?api_key=YOUR_KEYfor GET, or in JSON body for POST - Security: Keys stored encrypted in database with expiration dates
Best Practices
- Rotate keys regularly (monthly recommended)
- Use client-scoped keys for third-party integrations
- Store keys securely (environment variables, not code)
- Monitor usage via Apache/PHP logs
- Use HTTPS only for all API calls
Module Reference
Assets ''/api/v1/assets/''
Purpose: Computer and equipment inventory management
Available Endpoints:
GET /read.php- List/get asset informationPOST /create.php- Create new asset recordPOST /update.php- Update existing assetPOST /delete.php- Delete asset record
Read Parameters (GET):
| Parameter | Type | Description |
|---|---|---|
| asset_id | integer | Get specific asset by ID |
| asset_type | string | Filter by asset type (auto-capitalized) |
| asset_name | string | Filter by exact asset name |
| asset_serial | string | Filter by serial number |
| asset_mac | string | Filter by MAC address (searches primary interface) |
| asset_uri | string | Filter by URI |
Create/Update Parameters (POST):
| Parameter | Type | Required (Create) | Description |
|---|---|---|---|
| api_key | string | Yes | API authentication key |
| client_id | integer | Yes* | Required if API key has all-client access |
| asset_name | string | Yes | Asset name/hostname |
| asset_description | string | No | Asset description |
| asset_type | string | No | Type (Laptop, Desktop, Server, etc.) |
| asset_make | string | No | Manufacturer |
| asset_model | string | No | Model name/number |
| asset_serial | string | No | Serial number |
| asset_os | string | No | Operating system |
| asset_ip | string | No | IP address (stored in primary interface) |
| asset_mac | string | No | MAC address (stored in primary interface) |
| asset_uri | string | No | Management URL |
| asset_status | string | No | Status (Deployed, Spare, etc.) |
| asset_purchase_date | date | No | Purchase date (YYYY-MM-DD) |
| asset_warranty_expire | date | No | Warranty expiration date |
| asset_install_date | date | No | Installation date |
| asset_notes | string | No | Notes |
| asset_vendor_id | integer | No | Associated vendor ID |
| asset_location_id | integer | No | Associated location ID |
| asset_contact_id | integer | No | Associated contact ID |
| asset_network_id | integer | No | Network ID for primary interface |
Update Additional Parameters:
| Parameter | Type | Required | Description |
|---|---|---|---|
| asset_id | integer | Yes | ID of asset to update |
Delete Parameters:
| Parameter | Type | Required | Description |
|---|---|---|---|
| asset_id | integer | Yes | ID of asset to delete |
<wrap em>Note: Deleting an asset also removes all associated network interfaces.</wrap>
Example - Create Asset:
curl -X POST "https://itflow.example.com/api/v1/assets/create.php" \ -H "Content-Type: application/json" \ -d '{ "api_key": "YOUR_API_KEY", "client_id": 1, "asset_name": "DESKTOP-001", "asset_type": "Desktop", "asset_make": "Dell", "asset_model": "OptiPlex 7090", "asset_serial": "ABC123XYZ", "asset_os": "Windows 11 Pro", "asset_ip": "192.168.1.100", "asset_mac": "00:11:22:33:44:55", "asset_status": "Deployed" }'
Certificates ''/api/v1/certificates/''
Purpose: SSL/TLS certificate management and expiration tracking
Available Endpoints:
GET /read.php- List/get certificate informationPOST /create.php- Create certificate record
<wrap em>Note: Update and delete endpoints are not implemented.</wrap>
Read Parameters (GET):
| Parameter | Type | Description |
|---|---|---|
| certificate_id | integer | Get specific certificate by ID |
| certificate_name | string | Filter by certificate name |
Create Parameters (POST):
| Parameter | Type | Required | Description |
|---|---|---|---|
| api_key | string | Yes | API authentication key |
| client_id | integer | Yes* | Required if API key has all-client access |
| certificate_name | string | Yes | Certificate friendly name |
| certificate_domain | string | Yes | Domain the certificate covers |
| certificate_description | string | No | Description |
| certificate_issued_by | string | No | Issuing authority (e.g., Let's Encrypt) |
| certificate_expire | date | No | Expiration date (YYYY-MM-DD) |
| certificate_public_key | string | No | Certificate content/public key |
| certificate_notes | string | No | Additional notes |
| certificate_domain_id | integer | No | Link to domains table |
Clients ''/api/v1/clients/''
Purpose: Customer/company management
Available Endpoints:
GET /read.php- List/get client informationPOST /create.php- Create new clientPOST /update.php- Update client detailsPOST /archive.php- Archive clientPOST /unarchive.php- Unarchive client
<wrap em>Note: Delete endpoint is not implemented. Use archive instead.</wrap>
Read Parameters (GET):
| Parameter | Type | Description |
|---|---|---|
| client_name | string | Get specific client by exact name |
Create Parameters (POST):
<wrap em>Important: Creating clients requires an API key with “All Clients” scope (client_id = 0).</wrap>
| Parameter | Type | Required | Description |
|---|---|---|---|
| api_key | string | Yes | API authentication key (must be all-client scope) |
| client_name | string | Yes | Client/company name |
| client_type | string | No | Business type/category |
| client_website | string | No |
$url = $base_url . 'clients/read.php?api_key=' . $api_key; $response = file_get_contents($url); $data = json_decode($response, true);
print_r($data); ?> </code>
cURL
# Get all assets for a client curl "https://itflow.example.com/api/v1/assets/read.php?api_key=YOUR_KEY&limit=10" # Create a contact curl -X POST "https://itflow.example.com/api/v1/contacts/create.php" \ -H "Content-Type: application/json" \ -d '{ "api_key": "YOUR_KEY", "client_id": 1, "contact_name": "John Smith", "contact_email": "john@example.com", "contact_phone": "5551234567", "contact_primary": 1 }'
API Module Summary
| Module | Read | Create | Update | Delete | Archive | Other |
|---|---|---|---|---|---|---|
| Assets | ✓ | ✓ | ✓ | ✓ | - | - |
| Certificates | ✓ | ✓ | - | - | - | - |
| Clients | ✓ | ✓ | ✓ | - | ✓ | unarchive |
| Contacts | ✓ | ✓ | ✓ | ✓ | ✓ | unarchive |
| Credentials | ✓ | ✓ | ✓ | - | - | - |
| Documents | ✓ | ✓ | ✓ | - | - | - |
| Domains | ✓ | - | - | - | - | - |
| Expenses | ✓ | - | - | - | - | - |
| Invoices | ✓ | - | - | - | - | - |
| Locations | ✓ | ✓ | - | - | - | - |
| Networks | ✓ | - | - | - | - | - |
| Payments | ✓ | - | - | - | - | - |
| Products | ✓ | - | - | - | - | - |
| Quotes | ✓ | - | - | - | - | - |
| Software | ✓ | - | - | - | - | - |
| Tickets | ✓ | ✓ | - | - | - | resolve |
| Vendors | ✓ | - | - | - | - | - |