Built API-First, Not Bolted On
The API isn't an afterthought — it's the foundation. The same endpoints that power TrackDrive's own grids and forms are the ones you call, so the API is always complete and always current.
Manage calls, leads, buyers, offers, schedules, numbers, recordings, suppression lists, and more over a clean, RESTful interface with JSON responses.
Two Ways to Authenticate
- Company Access Tokens — basic authentication with a public/private key pair, scoped to a single company. Each key pair carries its own granular permissions, so you can issue a token that, say, only reads calls or only manages leads.
- Developer Access Tokens — token authentication tied to a user. The token inherits that user's existing permissions, including every company they're allowed to access — ideal for internal tools that span accounts.
Granular, Per-Key Permissions
Don't hand out all-or-nothing keys. Each Company Access Token can be limited to exactly the resources it needs — or granted full access. Tokens can also be scoped to a single agent (collaborator), and paused instantly without being deleted.
Locked Down & Logged
API access is protected and fully auditable:
- IP whitelisting — restrict any token to approved IP addresses (see API IP Whitelist).
- Encrypted at rest — private keys and developer tokens are encrypted, never stored in plain text.
- Authorization on lead creation — optionally require a valid token even on lead-post endpoints, so no one can inject leads without credentials.
- Detailed security logs — every API session is tracked with its IP address, country, ISP, and network (ASN), and blocked-IP attempts are recorded — so you can see exactly who is using each key and from where.