Overview

The SPORTident Center REST API provides a minimal, simple and efficient interface to interact with SPORTident Center.

The API is currently in Beta, which means that it could still change in an incompatible way after we receive feedback and opinions from early adaptors. We will inform all current users, should the API change.

Using the API

Authentication

All requests to the API need to be authorised. The user authenticates with his or her API key via the HTTP header "apikey". The API key is available via the Center admin panel user settings.

Http Compression (GZIP)

We support HTTP compression on upload (POST method) and download (all methods, but for content type application/json, text/xml and text/csv only, i.e. for the REST and SOAP API). To upload gzip-compressed data to the server, the client needs to set the header Content-Encoding: gzip. To request a gzip-compressed response, the client needs to set the header Accept-Encoding: gzip. The response may or may not be compressed (very small payloads are not gzipped), which is indicated by whether the Content-Encoding: gzip header is set in the response, or not.

Resources

Events

Retrieve punches for an event

Resource URL

GET /api/rest/v1/public/events/{eventId}/punches

Description

Retrieve punches for an event. The event id is available via the Center admin panel events page. The punches can be retrieved as JSON or CSV formatted data, specified by the Accept header.

Filtering of the punches is possible with the query parameter afterId as listed below.

Typically, to retrieve punches "live" for a running event, you would poll the REST API in a loop (e.g. every ten seconds), starting with afterId=0 (punch ids are always greater than zero) and then increasing afterId to the so far largest returned punch id in each iteration (the returned punches are ordered ascending by punch id).

Simple punch format
Field Description

id

Uniquely identifies this punch

card

SPORTident card number (SIID)

time

Punch time (local time) in milliseconds since the Epoch (1970-01-01 00:00:00)

code

Control code

mode

Punch mode (e.g. Control, Start, Finish, BcControl, etc)

Query parameters
Parameter Description

afterId

(Optional) Get all punches after this id.

limit

(Optional) Return a maximum number of [limit] punches. Default is 50000. Largest possible value is 50000 as well.

projection

(Optional) Return punches in the specified punch format. Currently only "simple" is supported which is the default as well.

Request headers
Name Description

apikey

API key to authenticate the user

Accept

Return punches in the specified format. Acceptable values are "application/json" and "text/csv".

Content-Type

application/json;charset=UTF-8

Response headers
Name Description

X-Count

Returned number of punches, Total number of selected punches

Examples
Curl request to get punches as JSON
$ curl 'https://center.sportident.com/api/rest/v1/public/events/48/punches?afterId=7&projection=simple&limit=5' -i -X GET \
    -H 'Accept: application/json' \
    -H 'apikey: f45e7ebb-38ed-b966-244c-1ed69451de72' \
    -H 'Content-Type: application/json;charset=UTF-8'
Retrieve punches as JSON with parameter afterId

Request:

GET /api/rest/v1/public/events/48/punches?afterId=7&projection=simple&limit=5 HTTP/1.1
Accept: application/json
apikey: f45e7ebb-38ed-b966-244c-1ed69451de72
Content-Type: application/json;charset=UTF-8
Host: center.sportident.com

Response:

HTTP/1.1 200 OK
Vary: accept-encoding,origin,access-control-request-headers,access-control-request-method,accept-encoding
Set-Cookie: SESSION=OWU4NzVhN2MtOTRmZi00MzgzLThiOTItYmJhMjU4OTE0MmVk; Path=/; HttpOnly; SameSite=Lax
X-Frame-Options: DENY
X-Count: 5,95
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
Content-Encoding: gzip
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Date: Fri, 16 Oct 2020 10:02:02 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 510

[ {
  "id" : 8,
  "card" : 8888893,
  "time" : 1602849696785,
  "code" : 49,
  "mode" : "BcControl"
}, {
  "id" : 9,
  "card" : 8888894,
  "time" : 1602849697789,
  "code" : 50,
  "mode" : "BcControl"
}, {
  "id" : 10,
  "card" : 8888895,
  "time" : 1602849698792,
  "code" : 51,
  "mode" : "BcControl"
}, {
  "id" : 11,
  "card" : 8888896,
  "time" : 1602849699796,
  "code" : 52,
  "mode" : "BcControl"
}, {
  "id" : 12,
  "card" : 8888897,
  "time" : 1602849700800,
  "code" : 53,
  "mode" : "BcControl"
} ]
JSON access denied response
HTTP/1.1 403 Forbidden
Vary: accept-encoding,origin,access-control-request-headers,access-control-request-method,accept-encoding
Set-Cookie: SESSION=ZjJjZTY0ODEtZWJjYi00NTgxLWE5YWEtZjk1MjAzYTYyMmU3; Path=/; HttpOnly; SameSite=Lax
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
Content-Encoding: gzip
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Date: Fri, 16 Oct 2020 10:07:25 GMT
Keep-Alive: timeout=60
Connection: keep-alive
Content-Length: 399

{
  "errors" : [ {
    "entity" : "AccessDeniedException",
    "cause" : "AccessDeniedException",
    "message" : "User 'firstNametestuser2 lastNametestuser2' is not authorised to access event '229'",
    "detailMessage" : "User 'firstNametestuser2 lastNametestuser2' is not authorised to access event '229'",
    "url" : "https://center.sportident.com/api/rest/v1/public/events/229/punches"
  } ]
}
Retrieve punches as CSV

Request:

GET /api/rest/v1/public/events/48/punches?projection=simple&limit=5 HTTP/1.1
Accept: text/csv
apikey: f45e7ebb-38ed-b966-244c-1ed69451de72
Host: center.sportident.com

Response:

HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
X-Count: 5,100
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Set-Cookie: SESSION=NGRlYTRhMDUtYWUwYi00NzA2LWI1NGYtNzJiZTJlNzM1ZmRh; Path=/; HttpOnly; SameSite=Lax
Content-Type: text/csv;charset=UTF-8
Content-Length: 208
Date: Fri, 16 Oct 2020 10:02:02 GMT
Keep-Alive: timeout=60
Connection: keep-alive

ID,CODE,CARD,TIME,MODE
3,44,8888888,1602849691765,BcControl
4,45,8888889,1602849692769,BcControl
5,46,8888890,1602849693773,BcControl
6,47,8888891,1602849694777,BcControl
7,48,8888892,1602849695781,BcControl