Developers

AlertCore API

Full programmatic access to incidents, check-ins, officer locations, intel, forms, and reports. Build integrations, automate workflows, and connect AlertCore to your existing systems.

REST API reference Authentication Webhooks Code examples SSO & access

Overview

A REST API built for the real world

The AlertCore API gives developers full read and write access to every data point in the platform—incidents, officer check-ins, live GPS locations, intel entries, form submissions, PDF reports, and dispatch alerts.

Whether you're building a custom dashboard, syncing data to a third-party system, or automating workflows based on security events, the AlertCore API has you covered.

JSON over HTTPSOAuth 2.0 & API KeysWebhook eventsPaginated responsesRate limitingSandbox environment

quick-start.js

// Base URL
const BASE = "https://api.alertcore.io/v1";

// Authenticate with your API key
const headers = {
  "Authorization": "Bearer ak_live_xxxxxxxxxxxx",
  "Content-Type": "application/json",
};

// Fetch the latest 10 incidents
const res = await fetch(
  `${BASE}/incidents?limit=10`,
  { headers }
);

const { data, meta } = await res.json();
console.log(`${meta.total} incidents total`);
// → 47 incidents total

data.forEach(incident => {
  console.log(
    incident.type,
    incident.location.name,
    incident.officer.name
  );
});

Authentication

Two ways to authenticate

API Key

Generate an API key from your AlertCore account dashboard. Pass it as a Bearer token in the Authorization header. Best for server-to-server integrations.

Authorization: Bearer ak_live_xxxxxxxxxxxx

OAuth 2.0

Use the standard OAuth 2.0 authorisation code flow to authenticate on behalf of AlertCore users. Supports scoped access—request only the permissions your integration needs.

auth-example.js

// API Key (server-to-server)
const response = await fetch(
  "https://api.alertcore.io/v1/incidents",
  {
    headers: {
      Authorization: "Bearer ak_live_xxxxxxxxxxxx",
    },
  }
);

// OAuth 2.0 (user-delegated)
// 1. Redirect user to:
const authUrl =
  "https://auth.alertcore.io/oauth/authorize" +
  "?client_id=YOUR_CLIENT_ID" +
  "&response_type=code" +
  "&redirect_uri=https://yourapp.com/callback" +
  "&scope=incidents:read checkins:read";

// 2. Exchange code for token:
const token = await fetch(
  "https://auth.alertcore.io/oauth/token",
  {
    method: "POST",
    body: JSON.stringify({
      grant_type: "authorization_code",
      code: callbackCode,
      client_id: "YOUR_CLIENT_ID",
      client_secret: "YOUR_SECRET",
    }),
  }
);

Endpoints

API reference

Base URL: https://api.alertcore.io

GET/v1/incidents

List all incidents for the authenticated organisation

POST/v1/incidents

Create a new incident from an external system

GET/v1/incidents/:id

Retrieve a single incident by ID

GET/v1/checkins

List officer check-ins with location and timestamp

POST/v1/checkins

Submit a check-in programmatically

GET/v1/officers

List all officers in the organisation

GET/v1/officers/:id/location

Get the latest GPS location for an officer

GET/v1/forms

List available form templates

GET/v1/forms/submissions

List submitted forms and their generated PDF URLs

GET/v1/intel

Retrieve intel entries (persons, vehicles, locations)

POST/v1/intel

Submit a new intel entry

PATCH/v1/intel/:id

Update an existing intel entry

GET/v1/reports

List shift reports with PDF download links

GET/v1/alerts

List alerts dispatched across all products

POST/v1/alerts

Push a custom alert to one or more staff members

Webhooks

Real-time event delivery

Register a webhook endpoint and AlertCore will POST a JSON payload to your URL the moment something happens—no polling required. Ideal for triggering workflows, syncing external systems, or building live dashboards.

incident.created

Fired when a new incident is logged by an officer or the system

incident.updated

Fired when an incident status or detail changes

checkin.created

Fired when an officer checks in to a location

form.submitted

Fired when a form is submitted and the PDF report is generated

alert.dispatched

Fired when an alert is sent to a staff member

intel.created

Fired when a new intel entry is submitted

officer.shift_started

Fired when an officer begins a shift

officer.shift_ended

Fired when an officer ends a shift

webhook-handler.js

// Express.js webhook handler example
import express from "express";
import crypto from "crypto";

const app = express();
app.use(express.json());

app.post("/webhooks/alertcore", (req, res) => {
  // Verify signature
  const sig = req.headers["x-alertcore-signature"];
  const expected = crypto
    .createHmac("sha256", process.env.WEBHOOK_SECRET)
    .update(JSON.stringify(req.body))
    .digest("hex");

  if (sig !== `sha256=${expected}`) {
    return res.status(401).send("Invalid signature");
  }

  const { event, data } = req.body;

  switch (event) {
    case "incident.created":
      console.log("New incident:", data.type, data.location.name);
      // → notify Slack, update dashboard, etc.
      break;

    case "form.submitted":
      console.log("PDF ready:", data.report.pdf_url);
      // → forward to client, archive, etc.
      break;

    case "officer.shift_started":
      console.log("Shift started:", data.officer.name);
      break;
  }

  res.sendStatus(200);
});

Single Sign-On

One login across every AlertCore product

AlertCore SSO means your team authenticates once and gets access to every product they're authorised for—ShopAssist, MobilePatrol, HomeAlert, and AlertCore Intel—without logging in again.

Administrators manage access centrally. Grant or revoke access to any product, set role-based permissions per site, and get a full audit log of every login and session.

Centralised user management

Add, edit and remove users from a single admin panel. Changes propagate across all products instantly.

Role-based access control

Assign roles per product and per site. Officers only see what they need. Admins have full visibility.

Session audit trail

Every login, session, and access event is logged with timestamp, device, and IP address.

Enterprise IdP support

Connect your existing identity provider via SAML 2.0 or OIDC. Works with Azure AD, Google Workspace, Okta, and more.

SSO flow

01User visits any AlertCore app

02Redirected to AlertCore Identity

03Authenticates once (or via your IdP)

04Token issued — valid across all apps

05Role-based access applied per product

Supported protocols

SAML 2.0OpenID ConnectOAuth 2.0Azure ADGoogle WorkspaceOkta

Platform details

Good to know

Rate limiting

1,000 requests per minute on production keys. Limits are returned in response headers. Burst limits apply to write endpoints.

Sandbox environment

Use sandbox API keys (prefixed ak_test_) against our test environment. No real data, no side effects—safe for development and testing.

Versioning

The current API version is v1. All endpoints are versioned in the URL. We will not make breaking changes without a major version bump and 90 days' notice.

Pagination

All list endpoints return paginated results. Use the limit and cursor query parameters to navigate. Default page size is 20.

TLS required

All API requests must be made over HTTPS. Requests over HTTP will be refused. TLS 1.2 minimum, TLS 1.3 recommended.

Webhook reliability

Webhooks are retried up to 5 times on failure with exponential backoff. Failed deliveries are logged in your developer dashboard.

Get protected today

Ready to build on AlertCore?

Request API access and sandbox credentials from our team. We're happy to talk through your integration requirements.

Request API access Contact sales

No commitment · 15-minute walkthrough · Cancel any time