The CalAmp K-12 JSON API (JavaScript object notation application programming interface), at https://jsonapi.synovia.com, enables you to pull data from our servers about your fleet, add entities such as devices and vehicles to your account, and make any necessary updates.
You can go to https://jsonapi.synovia.com/swagger/index.html to find a list of all the available methods.
To use our JSON API, you'll need to have authorized users with the proper credentials.
You can find details on login authentication, response structure, and error codes in the sections below.
Authentication
The API uses OAuth 2 and JSON web tokens (JWT) for authentication. The initial call to the API will be to validate the user. If this is successful, the server will return back a JWT that will be valid for 12 hours. This token will need to be included in the authorization header for every subsequent call.
Note: The value of the authorization header for all subsequent calls should be "Bearer XXX ," where XXX is the JWT.
Authorization Sliding Expiration
Each authorized request returns the set-authorization header. This header holds the new JWT with the updated expiration time. To keep a user signed in, this value should be set in the authorization header.
API Key Validation
Each request must have an x-api-key header. The value is the API key that is used for the CalAmp K-12 SOAP (simple object access protocol) API authentication. These are the required headers:
Key | Value |
Content-Type | application/json |
x-api-key | YOUR_API_KEY (which will be your customer GUID [globally unique identifier]) |
Logging in to the API
As mentioned earlier, the initial call to the API will be to validate the user. If this is successful, the server will return back a JWT that will be valid for 12 hours. A JWT consists of three parts: a header, a payload, and a signature. The payload returned from the server will contain the following data:
- un: The username of the person who logged in.
- an: The account number.
- cid: The customer ID that corresponds to the account number.
- zid: The internal ID of the user.
- exp: The expiration time of the token.
- nbf (not before): The time the token becomes valid. This field does not need to be examined as the token will always be immediately valid.
- iat (issued at): The time the token was issued.
Request
- URL: /auth/signin
- Verb: POST
- Parameters (as JSON):
- userName: The case-insensitive email address of the user that is trying to log in
- accountNumber: The customer account number
- password: The user's password, which is case sensitive
- userName: The case-insensitive email address of the user that is trying to log in
Here is an example of a request:
1 {
2 "userName":"user@email.com",
3 "password": "myP@ssw0rD",
4 "accountNumber": "12345"
5 }
Response
- Token: The JWT generated by the server after a successful login. Store this value and include it in every subsequent call in the authorization header.
Here is an example of a response:
1 {
2 "success": true,
3 "result": {
4 "token": "eyJhbGciOiJ6IkpXVCJ9.eyJ6aWQiOiIzIiwidW4iOi"
5 },
6 "error": null
7 }
Note: Your actual token will be much longer than what is in line 4.
Response Object
Each response has a common basic structure:
- success: The request was successfully executed, with a value of true or false.
- result: The requested result object, which will be the asked-for data if the request was successful; if it failed, the value will be null or an empty object.
- error: The requested error details object, which will be the error code and its friendly message if the request failed; if it was successful, the value will be null.
- message: The error message
- code: The error code
- message: The error message
Here is an example of a successful response:
1 {
2 "success": true,
3 "result": {
4 "data1": "some data",
5 "data2": {
6 "something": 1
7 }
8 },
9 "error": null
10 }
Here is an example of a failed response:
1 {
2 "success": false,
3 "result": {
4 "data1": null
5 },
6 "error": {
7 "message": "Missing 'x-api-key' header",
8 "code": "B-2"
9 }
10 }
Error Codes
The following tables explain what the authentication, base, and validation errors mean.
Authentication Errors
Error Code | Message |
A-0 | Invalid account number. |
A-1 | The username is required. |
A-2 | The password is required. |
A-3 | Incorrect username or password. |
Base Errors
Error Code | Message |
B-0 | An unhandled error occurred. |
B-1 | Invalid account number. |
B-2 | Missing x-api-key header. |
B-3 | The customer is not licensed to use the API. |
B-4 | The user does not have permissions to access the API. |
B-5 | Invalid x-api-key header. |
B-6 | The provided API key is invalid (does not belong to a customer licensed to use the API). |
B-7 | The API key doesn't match any available customer API keys. |
B-8 | Your login does not have access to the requested entity. |
B-9 | You don't have access to the following vehicles: XXX (where XXX is the list of the vehicle IDs). |
B-10 | The work order license is disabled for this customer. |
B-11 | The method is not available for this customer. Contact CalAmp support. |
B-12 | The TAA license is disabled for this customer. |
B-13 | You don't have access to the specified employees. |
B-14 | The Rider Photo license is disabled for this customer. |
B-15 | The HCTB license is disabled for this customer. |
B-16 | The Engine Diagnostics license is disabled for this customer. |
Validation Errors
Error Code | Message |
V-1 | The start date cannot be greater than the end date. |
V-2 | A required parameter is missing. |
V-3 | The email address is invalid. |
V-4 | The password must be at least 8 characters long and include 1 number and 1 symbol. |
V-5 | The mobile carrier is required. |
V-6 | The user already exists. |
V-7 | The name is required. |
V-8 | Invalid mobile carrier name. |
V-9 | The client is not authorized to create a new user. |
V-10 | The following roles are not available: XXX (where XXX is the list of the unavailable roles). |
V-11 | The following groups are not available: XXX (where XXX is the list of the unavailable groups). |
V-12 | The email is required. |
V-13 | The vehicle groups array should not be empty. |
V-14 | The user roles array should not be empty. |
V-15 | The user does not exist (or the user with ID XXX does not exist). |
V-16 | The following property keys are invalid: XXX (where XXX is the list of the invalid keys). |
V-17 | The system users cannot be deleted. |
V-18 | The Inspections license is required. |
V-19 | Your login does not have access to any vehicle group. |
V-20 | Invalid odometer units specified. |
V-21 | Invalid odometer value. |
V-22 | The vehicle does not exist. |
V-23 | The vehicle has no ESN. |
V-24 | Your login does not have the Edit Vehicle privilege enabled. |
V-25 | A student with the same district ID already exists. |
V-26 | Student not created. |
V-27 | The student is missing a parameter. |
V-28 | Missing customer setting key. |
V-29 | No settings found. |
V-30 | The following customer setting keys are invalid: XXX (where XXX is the list of the invalid keys). |
V-31 | Invalid data type for validation. |
V-32 | The value does not match the data type. |
V-33 | No devices for any customer found. |
V-34 | Could not find any active devices for a customer with the account number: XXX (where XXX is the provided account number). |
V-35 | Missing student district ID. |
V-36 | No rider photos found. |
V-37 | Missing parent email. |
V-38 | The provided customer events are not supported. |
V-39 | The provided date range cannot be more than 3 days. |
V-40 | The provided date is invalid. |
V-41 | The provided date range cannot be more than 1 month (31 days). |
V-42 | The provided date range cannot be more than 1 week. |
V-43 | The parameter 'PARAMETER_NAME' used value is incorrect. |