V2 API Docs
Introduction
You will have been given an "AccessToken" that works for your IPv4 address.
We have various SDKs available depending to aid implementation in your environment.
Quich Start Guide
1) Check that your AccessToken is valid using a basic HTTP call. If You have been given: 321accesstokenhere123
Option A) Command Line
curl -X GET -H "Authorisation: Bearer 321accesstokenhere123" "https://apiv2.cashlessschool.co.uk:31162/Access/AccessTokenDetails"
Option B) Javascript Console
await fetch("https://apiv2.cashlessschool.co.uk:31162/Access/AccessTokenDetails",{method:'GET',headers:{Authorisation:"Bearer 321accesstokenhere123"},keepalive: false});
In either case the response will be in one of two forms:
{"err":"FO4"}
- your AccessToken is invalid (possibly expired)
{"expet":1697975954,"cltm":118}
- your AccessToken is valid
Each of these demos show basic implementation of our SDKs. For details of all API endpoints see the full reference guide.
Javascript: https://innovate2020.cashlessschool.co.uk/api/v2/demo-js.html
Javascript Chit SDK
Load the JS SDK, once loaded an instance of a class will exist: ChitAPI
eg. chit_cls_cc~321accesstokenhere123
Set your AccessToken
ChitAPI.InitAPI(,{});
Make calls
Chit.API.Call(,);
if is set then is passed to your CBF instead of
ChitAPI.Call( {"endpoint":"Access/MyIP" ,"action":"GET" ,"data":{}} ,true ).then(t=>{
ChitAPI.Call( {"endpoint":"Access/AuthorisedAPIIP" ,"action":"POST" ,"data":{"ips":[t]},"mid":12}, false );
ChitAPI.Call( {"endpoint":"Access/AuthorisedAPIIP" ,"action":"POST" ,"data":{"ips":[t]}} ,false );
});
If you want the results of Calls passed to a function of yours
ChitAPI.SetAsyncCallBackFunc(ChitAPIAsyncResult);
If you want debug information, create a div and pass the id into
ChitAPI.SetDebugContainer();
Low Level Guide (direct access to CashlessSchool API)
If your AccessToken is "321accesstokenhere123", then now run the following:
TO BE RE-WRITTEN FROM HERE DOWN to give examples in prefered format...
curl -X GET -H "Authorisation: Bearer 321accesstokenhere123" "https://apiv2.cashlessschool.co.uk:31162/Access/AccessTokenDetails"
OR
await fetch("https://apiv2.cashlessschool.co.uk:31162/Access/AccessTokenDetails", {
method: 'GET',
headers: {Authorisation:"Bearer 321accesstokenhere123"},keepalive: false
});
await fetch("https://apiv2.cashlessschool.co.uk:31162/Access/AuthorisedAPIIP", {
method: 'POST',body: '{"ip":"1.1.1.1,2.2.2.2"}',
headers: {Authorisation:"Bearer 321accesstokenhere123"}
});
await fetch("https://apiv2.cashlessschool.co.uk:31162/Access/AuthorisedAPIIP", {
method: 'DELETE',body: '{"ip":"2.2.2.2,1.1.1.1"}',
headers: {Authorisation:"Bearer 321accesstokenhere123"}
});
"exp" will contain the epoch time (in seconds) that this AccessToken will now expire.
Calling this EndPoint will set the AccessToken to expire 7 days later.
So that your token does not expire, you are advised to have you system call this once per day, seperate to any required usage of the API.
Each AccessToken allows up to 90 calls per minute to this API. Bulk operations per call are expected. Returned data is always in JSON format.
---
Most end points support GET, POST and DELETE. Lets have a play. Run each of the following and examine the returned JSON
curl -X GET -H "Authorisation: Bearer 321accesstokenhere123" "https://apiv2.cashlessschool.co.uk:31162/AuthorisedAPIIP"
curl -X POST -H "Authorisation: Bearer 321accesstokenhere123" "https://apiv2.cashlessschool.co.uk:31162/AuthorisedAPIIP?ip=192.168.0.4,192.168.0.7,192.168.0.14"
curl -X GET -H "Authorisation: Bearer 321accesstokenhere123" "https://apiv2.cashlessschool.co.uk:31162/AuthorisedAPIIP"
curl -X DELETE -H "Authorisation: Bearer 321accesstokenhere123" "https://apiv2.cashlessschool.co.uk:31162/AuthorisedAPIIP?ip=192.168.0.7"
curl -X GET -H "Authorisation: Bearer 321accesstokenhere123" "https://apiv2.cashlessschool.co.uk:31162/AuthorisedAPIIP"
curl -X DELETE -H "Authorisation: Bearer 321accesstokenhere123" "https://apiv2.cashlessschool.co.uk:31162/AuthorisedAPIIP?ip=192.168.0.14,192.168.0.4"
curl -X GET -H "Authorisation: Bearer 321accesstokenhere123" "https://apiv2.cashlessschool.co.uk:31162/AuthorisedAPIIP"
To perform any action on behalf of a system user you need to gain access to their account.
Every account has a Username and MD5 hash of the users password.
When the user types their password only an md5 hash of it sent from the browser to the server.
We do not know any passwords chosen by a user; only the MD5 hash of them.
curl -X GET -d '{"u":"parent","p":"31F83B4B453DB071F374FA73365B8283"}' -H "Content-Type: application/json" -H "Authorisation: Bearer 321accesstokenhere123" "https://apiv2.cashlessschool.co.uk:31162/AgentAccount"
If credentials are correct you will be given a "aat" (AgentAccessToken)
To create an empty unverified account, take the users password as an md5 hash, mobile phone number, email, first name, last name, and chosen username
curl -X POST -d '{"u":"parent","p":"31F83B4B453DB071F374FA73365B8283","ut","Agent","t":"+447703184699","e":"sales@forbrains.com","fn":"Peter","ln":"Smith"}' -H "Content-Type: application/json" -H "Authorisation: Bearer 321accesstokenhere123" "https://apiv2.cashlessschool.co.uk:31162/AgentAccountCreate"
curl -X POST -d '{"aat":"TheAgentsAccessToken","t":"+447703184699","e":"sales@forbrains.com","fn":"Peter","ln":"Smith"}' -H "Content-Type: application/json" -H "Authorisation: Bearer 321accesstokenhere123" "https://apiv2.cashlessschool.co.uk:31162/AgentAccount"
GET /Access/TokenDetails calling this extends expiry date by 7 days
GET /Access/AuthorisedAPIIP list IPv4 addresses
POST /Access/AuthorisedAPIIP?ip= add IPv4 addresses
DELETE /Access/AuthorisedAPIIP?ip= remove IPv4 addresses
POST /Agent/AccountCreate to create an Agents account
GET /Agent/AccessToken gain access to an Agents account
POST /Agent/Account to update personal Agents account details. et is mandatory, the other fields are optional to update
List all Serving Premises
await fetch("https://apiv2.cashlessschool.co.uk:31162/Caterer/ServingPremises", {
method: 'GET', headers: {Authorisation:"Bearer 321accesstokenhere123",keepalive: false}
});