Use ITFlow's API to work with ITFlow in scripts third-party applications.

The current version of the ITFlow API is v1. It can be accessed at itflow.example.com/api/v1/{module}/{function}.php

1. Login and navigate to the Admin Settings page
2. Select API Keys
3. Select Create to open the New Key modal
4. On Details tab, input the key name and expiration date. Select whether the key will allow access to all clients or a specific client
5. On Keys tab, note down the API key and credential password and select the checkbox to confirm you've made a copy of the keys. You will not see these admin in the admin interface.
6. Select Create to add the key into the database

• assets
• certificates
• clients
• contacts
• credentials (logins)
• domains
• networks
• software
• tickets

• read
• create (partial)
• update (partial)
• delete (partial)

• We may also add archive

• GET - Retrieving (READ) data
• POST - Inserting (CREATE), Updating (UPDATE) or Deleting (DELETE) data

• Success - True/False
• Message - Failure info / Helpful debug info
• Count - Count of rows affected/returned
• Data - The data requested/created/changed

• For read requests, 50 records are shown by default. This can be adjusted by supplying the limit and offset parameters.
• For POST requests, the client_id parameter is always required if the API key used has scope/access to all clients
• Be sure to check your Apache/PHP error logs if you're running into issues

Documentation / an example of how to use a module API endpoint is shown on that module's doc page. Additional examples are available here.

Current API v1 Endpoints, Authentication, Examples, and Integration Guide

1. Generate API Key
   1. Login to ITFlow as admin
   2. Navigate to Admin > API
   3. Click New Key
   4. Choose scope: All Clients (for testing) or Specific Client
   5. Copy the generated key

1. Test Connection

curl "https://itflow.yourdomain.com/api/v1/clients/read.php?api_key=YOUR_KEY&limit=1"

1. Expected Response

{
  "success": "True",
  "count": 1,
  "data": [{"client_id": "123", "client_name": "Example Corp"}]
}

Source: ITFlow official documentation at docs.itflow.org/api

• Base URL: /api/v1/{module}/{function}.php
• Version: 1.0 (current)
• Authentication: API Key via query parameter ?api_key=YOUR_KEY
• Response Format: JSON with success, message, count, data fields
• Pagination: Default 50 records, adjustable with limit and offset parameters
• Content-Type: application/json for POST requests
• Character Encoding: UTF-8 (utf8mb4 in database)

Source: ITFlow official API documentation

{
  "success": "True|False",
  "message": "Descriptive status message",
  "count": 50,
  "data": [
    {
      "id": 123,
      "field": "value"
    }
  ]
}

• Generation: Admin > API > New Key
• Scoping Options:
  • All Clients: Full access to all client data
  • Specific Client: Limited to single client (client_id required)
• Usage: Query parameter ?api_key=YOUR_KEY
• Security: Keys stored encrypted in database

Source: MSP community recommendations and security standards

• Rotate keys regularly (monthly recommended)
• Use client-scoped keys for third-party integrations
• Store keys securely (environment variables, not code)
• Monitor usage via Apache/PHP logs
• Use HTTPS only for all API calls

Source: ITFlow official API documentation confirms these modules have API support:

Purpose: Computer and equipment inventory management

Source: ITFlow Assets Documentation

• GET /read.php - List/get asset information
• POST /create.php - Create new asset record
• POST /update.php - Update existing asset
• POST /delete.php - Delete asset record

Complete Fields (from ITFlow Assets API Documentation):

{
  "asset_id": 123,
  "client_id": 456,
  "asset_name": "Sample Laptop",
  "asset_type": "Laptop",
  "asset_make": "Dell",
  "asset_model": "Optiplex",
  "asset_serial": "XYZ",
  "asset_os": "Win 10",
  "asset_ip": "",
  "asset_mac": "",
  "asset_status": "Deployed",
  "asset_purchase_date": "0000-00-00",
  "asset_warranty_expire": "0000-00-00",
  "install_date": "0000-00-00",
  "asset_notes": "",
  "asset_vendor_id": "",
  "asset_location_id": "",
  "asset_contact_id": "",
  "asset_network_id": ""
}

Purpose: SSL/TLS certificate management and expiration tracking

Source: ITFlow Certificates Documentation

• GET /read.php - List/get certificate information
• POST /create.php - Create certificate record
• POST /update.php - Update certificate details
• POST /delete.php - Delete certificate record

Complete Fields (from ITFlow Certificates API Documentation):

{
  "certificate_id": 123,
  "client_id": 456,
  "certificate_name": "ITFlow Demo",
  "certificate_domain": "demo.itflow.org",
  "certificate_issued_date": "2024-01-01",
  "certificate_expire_date": "2025-01-01",
  "certificate_issuer": "Let's Encrypt",
  "certificate_public_key": "[Certificate content]",
  "certificate_notes": "Auto-renewal enabled"
}

Purpose: Customer/company management

Source: ITFlow Clients Documentation

• GET /read.php - List/get client information
• POST /create.php - Create new client
• POST /update.php - Update client details
• POST /delete.php - Delete client record

Complete Fields (from ITFlow Clients API Documentation):

{
  "client_id": 111,
  "client_lead": 0,
  "client_name": "Let it burn Inc",
  "client_type": "Safety and Fire",
  "client_website": "example.com"
}

<wrap em>Note: Full field list is partially documented. The API returns numbered keys alongside named keys in the response format.</wrap>

Purpose: Individual contact management within client organizations

Source: ITFlow official API documentation lists contacts as supported module

• GET /read.php - List/get contact information
• POST /create.php - Create new contact
• POST /update.php - Update contact details
• POST /delete.php - Delete contact record

Available Fields: Contact table structure includes fields like contact_department as confirmed by GitHub Issue #458, but complete API field specification is not fully documented.

Purpose: Password and login management (encrypted storage)

Source: ITFlow official API documentation lists credentials (logins) as supported module

• GET /read.php - List/get credential information
• POST /create.php - Create new credential record
• POST /update.php - Update credential details
• POST /delete.php - Delete credential record

Available Fields: Database migration scripts confirm login_folder_id field addition, but complete API field specification requires further documentation.

Purpose: Domain name management and renewal tracking

Source: ITFlow Domains Documentation

• GET /read.php - List/get domain information
• POST /create.php - Create domain record
• POST /update.php - Update domain details
• POST /delete.php - Delete domain record

Complete Fields (from ITFlow Domains API Documentation):

{
  "domain_id": 123,
  "client_id": 456,
  "domain_name": "itflow.org",
  "domain_registrar": "GoDaddy",
  "domain_webhost": "SiteGround",
  "domain_expire": "2025-03-15",
  "domain_ip": "192.168.1.1",
  "domain_name_servers": "ns1.example.com, ns2.example.com",
  "domain_mail_servers": "mx1.example.com",
  "domain_notes": "Auto-renewal enabled"
}

Purpose: Network infrastructure documentation

Source: ITFlow official API documentation lists networks as supported module

• GET /read.php - List/get network information
• POST /create.php - Create network record
• POST /update.php - Update network details
• POST /delete.php - Delete network record

Available Fields: Database migration scripts show network interface relationships, but complete API field specification requires further documentation.

Purpose: Software license and application tracking

Source: ITFlow official API documentation lists software as supported module

• GET /read.php - List/get software information
• POST /create.php - Create software record
• POST /update.php - Update software details
• POST /delete.php - Delete software record

Status: Module confirmed as available but dedicated documentation page not found. Database includes software table as confirmed by installation scripts.

Purpose: Help desk and issue tracking

Source: ITFlow Tickets Documentation

• GET /read.php - List/get ticket information
• POST /create.php - Create new ticket
• POST /update.php - Update ticket details
• POST /delete.php - Delete ticket record

Complete Fields (from ITFlow Tickets API Documentation):

{
  "ticket_id": 3,
  "ticket_prefix": "TCK-",
  "ticket_number": 3,
  "ticket_category": null,
  "ticket_subject": "Computer broken"
}

<wrap em>Note: Full field list is partially documented. The API returns numbered keys alongside named keys in the response format.</wrap>

• READ: Retrieve single record or list of records
• CREATE: Add new records with validation (partial support)
• UPDATE: Modify existing records (partial support)
• DELETE: Remove records (partial support)

• client_id - Filter by specific client
• limit - Number of records to return (default: 50)
• offset - Number of records to skip for pagination
• API key required on all requests

{
  "success": "True|False",
  "message": "Descriptive message",
  "count": 1,
  "data": [
    {
      // Record data with both numbered and named keys
    }
  ]
}

1. Navigate to Admin panel in ITFlow
2. Click on API section
3. Click New Key to generate
4. Choose scope: specific client or all clients
5. Copy generated key for use

• Method: Query parameter
• Format: ?api_key=YOUR_API_KEY
• Scope: Can be limited to specific client or all clients
• Access: Currently all-or-nothing permissions

• Encrypted Storage: API keys stored securely
• Client Scoping: Keys can be limited to specific clients
• Access Logging: API usage tracked in logs

• UPDATE: Limited support across modules
• DELETE: Limited support across modules
• ARCHIVE: Not implemented

• Bulk Operations: No batch create/update/delete
• Advanced Search: No full-text search or complex filtering
• Webhooks: No real-time event notifications
• File Upload: No direct file management API
• Relationships: Limited cross-module data retrieval

• Invoices/Billing: No financial transaction APIs
• Quotes: No sales proposal management
• Time Tracking: No billable hour recording
• Calendar: No scheduling or appointment APIs
• Reports: No automated report generation

• Granular Permissions: No module-specific access control
• OAuth: Only API key authentication available

GET /api/v1/clients/read.php?api_key=YOUR_KEY

GET /api/v1/assets/read.php?api_key=YOUR_KEY&asset_id=123

POST /api/v1/tickets/create.php
Content-Type: application/json
 
{
  "api_key": "YOUR_KEY",
  "client_id": 456,
  "ticket_subject": "Printer offline",
  "ticket_details": "Office printer not responding",
  "ticket_priority": "Medium"
}

GET /api/v1/assets/read.php?api_key=YOUR_KEY&client_id=456

• Basic CRUD: Create/read operations for core modules
• Client Management: Full customer database management
• Asset Tracking: Computer and equipment inventory
• Ticket Creation: Help desk ticket automation
• Documentation: Network, domain, certificate tracking

• Financial Operations: No billing/invoicing automation
• Real-time Events: No webhook triggers for automation
• Bulk Data Sync: No efficient mass data operations
• File Management: No document upload/download APIs
• Advanced Workflows: No time tracking or scheduling APIs

Source: HTTP standard codes - ITFlow API observed behavior

• 200: Success - Request completed successfully
• 400: Bad Request - Invalid parameters or malformed request
• 401: Unauthorized - Invalid or missing API key
• 403: Forbidden - API key lacks required permissions
• 404: Not Found - Endpoint or record doesn't exist
• 500: Server Error - Internal ITFlow error

Source: Observed API responses

{
  "success": "False",
  "message": "Invalid API key",
  "count": 0,
  "data": []
}

Source: Community experience and ITFlow Installation Documentation

1. API Key Issues
   • Verify key is correct (copy/paste errors common)
   • Check key scope (client-specific vs all clients)
   • Confirm key hasn't been deactivated

1. Permission Errors
   • Add client_id parameter for scoped keys
   • Verify client_id exists and is accessible

1. Server Errors
   • Check Apache/PHP error logs: /var/log/apache2/error.log
   • Verify ITFlow database connectivity
   • Check PHP memory limits for large requests

1. Data Issues
   • Validate required fields for POST requests
   • Check data types (strings, integers, dates)
   • Verify foreign key relationships exist

Source: ITFlow admin settings and ITFlow FAQ

Enable PHP error reporting in ITFlow settings for detailed error messages during development.

Source: ITFlow PowerShell Repository

List All Clients:

$apiKey = "YOUR-API-KEY"
$baseUrl = "https://itflow.yourdomain.com"
$uri = "$baseUrl/api/v1/clients/read.php?api_key=$apiKey"
 
Invoke-RestMethod -Uri $uri | ConvertTo-Json

Create New Asset:

$uri = "https://itflow.yourdomain.com/api/v1/assets/create.php"
$body = @{
    "api_key" = "YOUR-API-KEY"
    "asset_name" = "Sample Laptop"
    "asset_type" = "Laptop"
    "asset_make" = "Dell"
    "asset_model" = "Optiplex"
    "client_id" = "1"
} | ConvertTo-Json
 
Invoke-RestMethod -Method Post -Uri $uri -Body $body -ContentType "application/json"

<?php
$api_key = 'YOUR_API_KEY';
$base_url = 'https://itflow.yourdomain.com/api/v1/';
 
// Get clients
$url = $base_url . 'clients/read.php?api_key=' . $api_key;
$response = file_get_contents($url);
$data = json_decode($response, true);
 
print_r($data);
?>

import requests
 
api_key = "YOUR_API_KEY"
base_url = "https://itflow.yourdomain.com/api/v1/"
 
# Get all clients
response = requests.get(f"{base_url}clients/read.php?api_key={api_key}")
data = response.json()
print(data)
 
# Create new ticket
ticket_data = {
    "api_key": api_key,
    "client_id": 456,
    "ticket_subject": "Network issue",
    "ticket_details": "Unable to access shared drive",
    "ticket_priority": "High"
}
 
response = requests.post(f"{base_url}tickets/create.php", json=ticket_data)
result = response.json()
print(result)