Welcome to the AutoSync REST API. Build integrations, sync data, automate workflows — everything from work orders to payments.
Sandbox: https://sandbox.api.autosyncshopmanager.com/v1Live: https://api.autosyncshopmanager.com/v1The API is RESTful. All requests and responses use JSON. Every list endpoint supports pagination, sorting, and filtering.
curl -X GET "https://sandbox.api.autosyncshopmanager.com/v1/shops" \ -H "Authorization: Bearer sk_sandbox_abc123..." \ -H "Content-Type: application/json"
const res = await fetch('https://sandbox.api.autosyncshopmanager.com/v1/shops', { headers: { 'Authorization': 'Bearer sk_sandbox_abc123...' } }); const data = await res.json();
$ch = curl_init('https://sandbox.api.autosyncshopmanager.com/v1/shops'); curl_setopt_array($ch, [ CURLOPT_HTTPHEADER => ['Authorization: Bearer sk_sandbox_abc123...'], CURLOPT_RETURNTRANSFER => true ]); $data = json_decode(curl_exec($ch), true);
import requests r = requests.get('https://sandbox.api.autosyncshopmanager.com/v1/shops', headers={'Authorization': 'Bearer sk_sandbox_abc123...'}) data = r.json()
AutoSync provides two fully independent environments. Use sandbox for development and testing, live for production.
| Sandbox | Live | |
|---|---|---|
| Base URL | sandbox.api.autosyncshopmanager.com/v1 | api.autosyncshopmanager.com/v1 |
| Key Prefix | sk_sandbox_ | sk_live_ |
| Data | Test data — safe to experiment | Real production data |
| Rate Limit | 300 req/min | 100 req/min |
| Payments | Stripe test mode (no real charges) | Real charges processed |
| Webhooks | Test events fired | Real events fired |
401 Unauthorized.Include your API key in the Authorization header:
Authorization: Bearer sk_sandbox_a1b2c3d4e5f6...| Key Type | Prefix | Use Case |
|---|---|---|
| Sandbox | sk_sandbox_ | Development & testing |
| Live | sk_live_ | Production integrations |
Generate keys in your AutoSync Admin → Settings → API Keys. You can create multiple keys per store and revoke them independently.
For platform-level integrations that act on behalf of multiple shops, use the OAuth 2.0 client credentials flow.
curl -X POST "https://sandbox.api.autosyncshopmanager.com/v1/oauth/token" \ -H "Content-Type: application/x-www-form-urlencoded" \ -u "CLIENT_ID:CLIENT_SECRET" \ -d "grant_type=client_credentials&scope=shops:read workorders:write"
const res = await fetch('https://sandbox.api.autosyncshopmanager.com/v1/oauth/token', { method: 'POST', headers: { 'Authorization': 'Basic ' + btoa(CLIENT_ID + ':' + CLIENT_SECRET), 'Content-Type': 'application/x-www-form-urlencoded' }, body: 'grant_type=client_credentials&scope=shops:read workorders:write' });
{
"access_token": "eyJhbGciOiJIUzI1NiIs...",
"token_type": "Bearer",
"expires_in": 3600,
"scope": "shops:read workorders:write"
}| Scope | Description |
|---|---|
shops:read | View shop details |
customers:read | View customers |
customers:write | Create/update customers |
vehicles:read | View vehicles |
vehicles:write | Create/update vehicles |
workorders:read | View work orders + jobs |
workorders:write | Create/update work orders |
payments:read | View payments |
payments:charge | Process charges + refunds |
inventory:read | View inventory |
inventory:write | Update stock |
employees:read | View employees |
webhooks:manage | Create/delete webhooks |
{
"success": false,
"error": {
"code": "validation_error",
"message": "The 'email' field must be a valid email address.",
"field": "email",
"status": 422
},
"request_id": "req_7f3a8b2c..."
}| Code | Meaning |
|---|---|
200 | OK |
201 | Created |
204 | No content (successful delete) |
400 | Bad request |
401 | Unauthorized — missing/invalid key |
403 | Forbidden — insufficient scope |
404 | Not found |
409 | Conflict — duplicate resource |
422 | Validation failed |
429 | Rate limited |
500 | Server error |
| Environment | Limit | Window |
|---|---|---|
| Sandbox | 300 requests | Per minute |
| Live | 100 requests | Per minute |
X-RateLimit-Limit: 100 X-RateLimit-Remaining: 87 X-RateLimit-Reset: 1710432060 Retry-After: 12 // only present when rate limited
| Parameter | Type | Default | Description |
|---|---|---|---|
page | integer | 1 | Page number |
per_page | integer | 25 | Results per page (max 100) |
sort | string | created_at | Sort field |
order | string | desc | asc or desc |
{
"success": true,
"data": [...],
"pagination": {
"page": 1,
"per_page": 25,
"total": 142,
"pages": 6,
"has_more": true
}
}Test API endpoints directly from this page. Requests go to your selected environment.
Returns all shops accessible with the current API key.
{
"data": [{
"id": 1, "name": "Johnson's Auto Care",
"slug": "johnsons-auto-care", "status": "active",
"phone": "(555) 123-4567", "email": "info@johnsonsauto.com",
"address": { "street": "123 Main St", "city": "North Canton", "state": "OH", "zip": "44720" },
"settings": { "tax_rate": 7.25, "labor_rate": 125.00 },
"created_at": "2024-01-15T10:30:00Z"
}]
}| Param | Type | Description | |
|---|---|---|---|
search | string | optional | Search name, email, phone |
is_business | boolean | optional | Filter business accounts |
created_after | datetime | optional | ISO 8601 |
updated_after | datetime | optional | ISO 8601 — delta sync |
| Field | Type | Description | |
|---|---|---|---|
first_name | string | required | First name |
last_name | string | required | Last name |
email | string | optional | |
phone | string | optional | Phone |
is_business | boolean | optional | Business flag |
address | object | optional | {street, city, state, zip} |
notes | string | optional | Internal notes |
curl -X POST "https://sandbox.api.autosyncshopmanager.com/v1/shops/1/customers" \ -H "Authorization: Bearer sk_sandbox_..." \ -H "Content-Type: application/json" \ -d '{"first_name":"Mike","last_name":"Rodriguez","email":"mike@example.com","phone":"(555) 123-4567"}'
const res = await fetch('.../v1/shops/1/customers', { method: 'POST', headers: { 'Authorization': 'Bearer sk_sandbox_...', 'Content-Type': 'application/json' }, body: JSON.stringify({ first_name: 'Mike', last_name: 'Rodriguez' }) });
Same body as Create. Only include fields to update.
Returns 204 No Content on success. Deletion is permanent.
| Param | Type | Description | |
|---|---|---|---|
customer_id | integer | optional | Filter by owner |
vin | string | optional | Search by VIN |
make | string | optional | Filter by make |
| Field | Type | ||
|---|---|---|---|
customer_id | integer | required | Owner |
year | integer | required | |
make | string | required | |
model | string | required | |
vin | string | optional | 17 characters |
mileage | integer | optional |
Decodes a VIN using NHTSA data. Returns year, make, model, engine, trim, drive type.
{
"vin": "1HGCM82633A123456",
"year": 2003, "make": "Honda", "model": "Accord",
"trim": "EX", "engine": "2.4L 4-Cyl",
"drive_type": "FWD", "body_style": "Sedan"
}| Param | Type | ||
|---|---|---|---|
status | string | opt | draft in_progress waiting_parts completed invoiced |
customer_id | integer | opt | Filter |
vehicle_id | integer | opt | Filter |
technician_id | integer | opt | Filter |
created_after | datetime | opt | Delta sync |
updated_after | datetime | opt | Delta sync |
Returns the full work order with embedded jobs, line items, and payment history.
| Field | Type | ||
|---|---|---|---|
customer_id | integer | required | |
vehicle_id | integer | required | |
technician_id | integer | optional | |
notes | string | optional | |
jobs | array | optional | Array of job objects to create inline |
{ "status": "completed" }| Field | Type | ||
|---|---|---|---|
name | string | required | Job name |
line_items | array | optional | Parts + labor items |
| Field | Type | ||
|---|---|---|---|
work_order_id | integer | required | |
amount | float | required | Amount in dollars |
method | string | required | card cash check text_to_pay |
4242424242424242 for testing.Returns full DVI with condition items (green/yellow/red), photos, notes, and customer approval status.
AutoSync fires webhooks in real-time when events occur. Configure endpoints in Admin → Settings → Webhooks.
| Event | Fired When |
|---|---|
workorder.created | New WO created |
workorder.updated | WO modified |
workorder.completed | Status → completed |
workorder.invoiced | Invoice generated |
payment.received | Payment processed |
payment.refunded | Refund issued |
customer.created | New customer |
customer.updated | Customer modified |
appointment.created | New appointment |
inspection.completed | DVI sent to customer |
inspection.approved | Customer approved repairs |
inventory.low_stock | Part below reorder point |
{
"url": "https://yourapp.com/webhooks/autosync",
"events": ["workorder.completed", "payment.received"],
"secret": "whsec_your_secret_key"
}Every webhook includes an X-AutoSync-Signature header. Verify it using HMAC-SHA256.
const crypto = require('crypto'); const sig = req.headers['x-autosync-signature']; const expected = crypto.createHmac('sha256', WEBHOOK_SECRET) .update(req.rawBody).digest('hex'); if (sig !== expected) throw new Error('Invalid signature');
$sig = $_SERVER['HTTP_X_AUTOSYNC_SIGNATURE']; $expected = hash_hmac('sha256', file_get_contents('php://input'), WEBHOOK_SECRET); if (!hash_equals($expected, $sig)) abort(403);
import hmac, hashlib sig = request.headers.get('X-AutoSync-Signature') expected = hmac.new(WEBHOOK_SECRET.encode(), request.data, hashlib.sha256).hexdigest() assert hmac.compare_digest(sig, expected)
Official and community client libraries.
| Language | Package | Install |
|---|---|---|
| PHP | autosync/api-client | composer require autosync/api-client |
| Node.js | @autosync/api | npm install @autosync/api |
| Python | autosync-api | pip install autosync-api |
| Postman | Download Collection → | |