Introduction

As you scroll through the page, you can use sample requests to try the API for yourself.

The iAuditor API gives you direct access to your data in the iAuditor platform.

The API supports creating new inspections, sharing them, as well as retrieving inspection data and any attached media. Inspections can be searched by a set of parameters or retrieved individually. The search parameters include the last modification date of an inspection, allowing you to use the API for tasks such as extracting all inspections from the system, as well as retrieving new and updated inspections periodically.

Access to the iAuditor API requires a Premium subscription. You can sign up for an iAuditor account and upgrade to Premium starting with a 30-day trial.

Getting Started

This section aims to get you started with the iAuditor API by showing you how to obtain an authorization token, use the token to authorize a request, and search for inspections.

The examples use the curl application, allowing them to be run as command lines, wherever curl is installed.

Generate an authorization token

Sample request:

curl \
  -X POST \
  --data-urlencode username=example@safetyculture.io \
  --data-urlencode password=your_password \
  -d grant_type=password \
  "https://api.safetyculture.io/auth"

Access to the iAuditor API requires an authorization token. This token can be used to authorize all requests you make so that you don’t need to store your iAuditor username and password in your scripts or applications.

Following the example, POST the username and password fields with your iAuditor email and password, along with the grant_type value of password, to the https://api.safetyculture.io/auth endpoint.

Sample response:

{
    "access_token": "b7f8f791920c1618ace0e24b4d52ce260473dad870e7bd56b869f8d2f26e554d",
    "token_type": "Bearer"
}

The access_token is your secret token for authorizing all requests to the API and has access to all the same data as the iAuditor account.

Authorize a request

Sample request:

curl "https://api.safetyculture.io/audits/search?field=audit_id" \
  -H "Authorization: Bearer b7f8f791920c1618ace0e24b4d52ce260473dad870e7bd56b869f8d2f26e554d"

You can make requests to the API by passing the authorization token in the Authorization HTTP header, following the format Authorization: Bearer b7f8f791...f26e554d. This header needs to be passed on every request.

If a request doesn’t have the Authorization header, the API would return a 401 HTTP error code to indicate an unauthorized request.

Sample requests in this guide present the Authorization header with Bearer {your access token}. If you’re using sample requests to try the API, remember to replace {your access token} with your access token.

Search for inspections

Sample request:

curl "https://api.safetyculture.io/audits/search?field=audit_id&field=modified_at" \
  -H "Authorization: Bearer {your access token}"

Sample response:

{
  "count": 2,
  "total": 2,
  "audits": [
    {
      "audit_id": "audit_01ca38a821504cda885736cccbb9ba40",
      "modified_at": "2015-03-17T03:16:31.072Z"
    },
    {
      "audit_id": "audit_853C17E6040B43DA1DFDDD8E6A4D6D3A",
      "modified_at": "2015-03-24T06:31:47.203Z"
    }
  ]
}

To search for inspections using the API, make a GET request to the https://api.safetyculture.io/audits/search endpoint. By default, the response lists inspections in ascending order, from the oldest to the most recently modified, limited to the first 1,000 inspections.

You can pass the fields you want to see in the response, as well as the parameters to apply and narrow the search. See the search inspections section for more information on search parameters.

Sample request: search inspections within a given period

curl "https://api.safetyculture.io/audits/search?field=audit_id&field=modified_at&modified_after=2015-01-01T00:00:00.000Z&modified_before=2015-04-01T00:00:00.000Z" \
  -H "Authorization: Bearer {your access token}"

Sample request: search inspections conducted from a specific template

curl "https://api.safetyculture.io/audits/search?field=audit_id&template=template_37afc5890aa94e778bbcde4fc4cbe480" \
  -H "Authorization: Bearer {your access token}"

curl "https://api.safetyculture.io/audits/audit_01ca38a821504cda885736cccbb9ba40" \
  -H "Authorization: Bearer {your access token}"

{
  "template_id": "template_BB29F82814B64F559A33BF7CAA519787",
  "audit_id": "audit_01ca38a821504cda885736cccbb9ba40",
  "created_at": "2015-05-01T01:13:20.584Z",
  "modified_at": "2015-06-30T05:03:40.754Z",
  "audit_data": {
  }
}

Once you have the list of inspections, you can retrieve each inspection individually using the https://api.safetyculture.io/audits/<audit_id> endpoint. You can find an inspection’s audit_id either from a previous search or in the iAuditor web app report URL.

Each successful request’s JSON response for this endpoint is a complete representation of the inspection data, including the template that was used. See the inspection format section for more information.

Sample response: Any media attachments are also included

    {
      "media": [
        {
          "date_created": "2015-06-24T22:59:59.000Z",
          "file_ext": "jpg",
          "label": "no label",
          "media_id": "9E3BD015-6275-4668-BAF1-296B2F38444C",
          "href": "https://api.safetyculture.io/audits/audit_01ca38a821504cda885736cccbb9ba40/media/9E3BD015-6275-4668-BAF1-296B2F38444C"
        }
      ]
    }

As you can see in the media attachments sample response, the media references can be used if you want to retrieve the media using the API.

Retrieve a media item from an inspection

Sample request:

curl "https://api.safetyculture.io/audits/audit_01ca38a821504cda885736cccbb9ba40/media/9E3BD015-6275-4668-BAF1-296B2F38444C" \
  -o 9E3BD015-6275-4668-BAF1-296B2F38444C.jpg \
  -H "Authorization: Bearer {your access token}"

For this endpoint, the request returns the actual media file with the relevant Content-Type header instead of JSON.

Once you’ve retrieved an inspection, you may also want to retrieve any media item attached in the inspection, such as photos, annotations, and PDFs. You can retrieve a media item by passing the inspection’s audit_id and the media item’s media_id.

Each request downloads the media item directly, so make sure to save the output with an appropriate name and the correct file extension. You can use the values from the media item in the inspection JSON to construct the filename, such as <media_id>.<file_ext>.

Repeat this request for as many inspection media items as you require.

Next steps

By now, you should have a basic understanding of the inspection retrieval methods using the iAuditor API. You can continue to learn about all the available requests and parameters or take a look at some API use cases that you might like to try yourself.

Use Cases

The following sections describe some common use cases for the API and how to best achieve them.

Automatically start inspections with pre-filled information

Being able to start and share inspections automatically makes it easier for developers to build custom solutions that:

• schedule inspections to be created at particular times,
• pre-fill inspection information from external data sources or from previously completed inspections,
• trigger custom actions like reminders or other notifications from third-party providers to be executed before and/or after inspections get created

and more.

With automation services (like Zapier, IFTTT, MS Flow etc.) work flows similar to the above can be achieved without any development effort.

One common use case example is where a supervisor wants an inspection to start automatically and be assigned to a team member to conduct at a particular time or on a recurring schedule. To save time, reduce human error and increase consistency, any responses that are known at the time the inspection is started should be automatically pre-filled. Such responses could include an equipment serial number, the full name of the person intended to complete the inspection, the inspection site or anything else relevant to the task at hand.

The API can be used to achieve such a scenario in 3 steps:

1. Start Inspection to create an inspection against a specified template
2. Search users (or Search groups) to discover the IDs of the users (or groups) to share the inspection with in order to conduct it
3. Share inspection with the IDs from the previous step

If the user/group IDs to share the inspection with are already known, the second step is not needed and the process can be simplified to two steps:

1. Start Inspection to create an inspection against a specified template
2. Share inspection with the users or groups you want to conduct it.

Depending on the permissions you assign at the time of sharing you may restrict some users’ access to view only, edit allowing users to conduct the inspection or delete to also permit users to delete the shared inspection. The person conducting the inspection does not need access to the template which also avoids the possibility of inspections started (e.g. using the iAuditor application) outside the control of the supervisor.

In our example use case above, the supervisor creating the inspection will always be the owner of the created inspection but may not always be the author as well. The author of the created inspection is the last user who made any change to the inspection.

Any “auto-sharing” properties configured in the template that was used to start the inspection are inherited at inspection creation time so the inspection is automatically shared with the users and groups configured within the template. For instance, in our use case above, the supervisor creating the inspection may have configured the template so that inspections created from it are automatically shared with the management group.

Now that an inspection can be started and shared automatically, the supervisor may decide they want an inspection to start at pre-configured regular (or irregular) times e.g. a weekly inspection from the “Weekly Checklist” template every Monday at 11am etc. This can be achieved very easily by setting up a scheduled job (using any third party scheduler software like cron, Windows Scheduled Tasks, Zapier etc.) that triggers calls to the Start Inspection and Share inspection API endpoints as shown above.

Especially in the case of repeatedly conducted inspections, it can be a tedious task to copy information from other systems or from previous inspection responses to pre-fill certain items of the newly created inspection. Pre-filling such information using the API makes this problem go away for many types of inspection responses. In our example use case above, the supervisor could maintain a database of equipment that needs to be inspected when a work order is generated by a field worker against a particular part or equipment. An inspection gets automatically created as a result and shared with the user to conduct the inspection. The inspection title, equipment location, serial number and description of the work order are pre-filled into the inspection so the inspector does not have to find and fill in that information manually, thus saving time and avoiding typing and consistency mistakes.

Step by step implementation

Let’s assume the supervisor of our use case above want to schedule an inspection for equipment with serial number “SC-8799229947729942245”.

The supervisor’s iAuditor account is used to obtain an API access token used to perform all API interaction below.

A particular template is to be used for inspecting that sort of equipment, so the supervisor uses the Search Templates API call to find the ID of the template to use.

Searching for the template ID to use

curl "https://api.safetyculture.io/templates/search?field=template_id&field=name" \
  -H "Authorization: Bearer {your access token}"

The above command returns the template ID corresponding to the template name for each template on the supervisor’s account

{
  "count": 1,
  "total": 1,
  "templates": [
    {
      "template_id": "template_BB29F82814B64F559A33BF7CAA519787",
      "name": "Equipment Inspection Template"
    }
  ]
}

With the template ID and Start Inspection API capability, the supervisor requests from the API to start an inspection and pre-fill the inspection title response with

• the equipment serial number
• the name of the person to conduct the inspection (note: not shared with them yet, will do in the next step)

Create a new inspection from template_BB29F82814B64F559A33BF7CAA519787 with pre-filled information

curl -X POST "https://api.safetyculture.io/audits" \
-d '{
       "template_id": "template_BB29F82814B64F559A33BF7CAA519787",
       "header_items": [
         {
           "item_id": "f3245d40-ea77-11e1-aff1-0800200c9a66",
           "label": "Inspection Title",
           "type": "textsingle",
           "responses": {
             "text": "Equipment Inspection S/N SC-8799229947729942245"
           }
         },
         {
           "item_id": "f3245d43-ea77-11e1-aff1-0800200c9a66",
           "label": "Conducted By",
           "type": "textsingle",
           "responses": {
             "text": "John Citizen"
           }
         }
       ]
     }' \
-H "Content-Type: application/json" \
-H "Authorization: Bearer {your access token}"

The above command returns the JSON content of the created inspection (some fields omitted for brevity)

{
  "template_id": "template_BB29F82814B64F559A33BF7CAA519787",
  "audit_id": "audit_01ca38a821504cda885736cccbb9ba40",
  "created_at": "2017-01-25T01:13:20.584Z",
  "modified_at": "2017-01-25T01:13:20.584Z",
  "audit_data": {...},
  "template_data": {...},
  "header_items": [...],
  "items": [...]
}

The supervisor records the audit_id from the API response to use in a later step.

The owner and author of the created inspection are both the supervisor at this stage. The new inspection is immediately accessible (e.g. in iAuditor or via Search Inspections) to any users configured to have access to it via the template’s “auto-sharing” properties, if any were set.

Now the supervisor wants to “assign” the inspection to team member named John Citizen with email address “john.citizen@safetyculture.io” who do not have access to “Equipment Inspection Template” at all. To share the inspection with John Citizen the supervisor looks up their user ID using the Search Users API capability.

Lookup the user ID of the person to conduct the inspection

curl -X POST "https://api.safetyculture.io/users/search" \
-d "{"email": ["john.citizen@safetyculture.io"]}}" \
-H "Authorization: Bearer {your access token}"

The above command returns the user ID of John Citizen:

{
  "users": [
    {
      "id": "user_c4e2421223b5497186bb8ea4e4159fcc",
      "email": "john.citizen@safetyculture.io",
      "firstname": "John",
      "lastname": "Citizen"
    }
  ]
}

With the audit_id and user_id from the previous steps the supervisor can now share the newly created inspection with John Citizen using the Share Inspection API capability. Sharing with edit permission allows John Citizen to complete the inspection but not delete it for increased security.

Share the created inspection with John Citizen (user_c4e2421223b5497186bb8ea4e4159fcc) with edit permission

curl -X POST "https://api.safetyculture.io/audits/audit_01ca38a821504cda885736cccbb9ba40/share" \
-d '{"shares": [{"id":"user_c4e2421223b5497186bb8ea4e4159fcc", "permission":"edit"}]}' \
-H "Content-Type: application/json" \
-H "Authorization: Bearer {your access token}"

John Citizen can now see and conduct the inspection using iAuditor which makes him the author of the inspection. The supervisor remains the owner and maintains access to the inspection at all times.

Extract all historical inspection data

The API can be used to extract all historical data that your account has access to.

The steps described below can be seen in action in our open source audit data exporting tool.

There are several steps to extracting this inspection data:

1. Retrieve all the available inspection identifiers
2. Retrieve the corresponding inspection data for each identifier
3. Retrieve the media associated with each inspection

Retrieve all available inspection identifiers

curl "https://api.safetyculture.io/audits/search?field=audit_id&field=modified_at" \
  -H "Authorization: Bearer {your access token}"

{
  "count": 1000,
  "total": 2023,
  "audits": [
    {
      "audit_id": "audit_01ca38a821504cda885736cccbb9ba40",
      "modified_at": "2015-03-17T03:16:31.072Z"
    },
    {
      "audit_id": "audit_853C17E6040B43DA1DFDDD8E6A4D6D3A",
      "modified_at": "2015-03-24T06:31:47.203Z"
    }
  ]
}

To retrieve all of the available inspection IDs, you will use the process as described in the Search Inspections section of the documentation. You can then use the IDs from the audit_id field of each record in the inspections array.

curl "https://api.safetyculture.io/audits/search?field=audit_id&field=modified_at&modified_after=2015-03-24T06:31:47.203Z" \
  -H "Authorization: Bearer {your access token}"

If you have more than 1000 inspections, then you’ll see that the amount is limited and the total will be greater than the count retrieved. In this case, you should make another request, setting the modified_after parameter to the date of the last retrieved inspection. Repeat this process until all of the inspections have been retrieved.

Retrieve the corresponding inspection data for each identifier

curl "https://api.safetyculture.io/audits/audit_01ca38a821504cda885736cccbb9ba40" \
  -H "Authorization: Bearer {your access token}"

Given the list of inspections retrieved in the previous step, the inspections may then be retrieved individually, as described in Get Inspection.

The inspection data can then be stored or processed as desired within your own systems, using the Inspection Format as a guide to the data available.

Retrieve the media associated with each inspection

Finally, you may decide that you need to retrieve the media for some or all of the inspections. To do so, for each of the inspections retrieved above, find all of the elements that contain media. This includes:

• All header_items with a media element
• All items with a media element
• All options within an item or header item that contain a media element
• All responses within an item or header item that contain a media or image element

curl "https://api.safetyculture.io/audits/audit_01ca38a821504cda885736cccbb9ba40/media/9E3BD015-6275-4668-BAF1-296B2F38444C" \
  -o 9E3BD015-6275-4668-BAF1-296B2F38444C.jpg \
  -H "Authorization: Bearer {your access token}"

The media element is described in the media reference. It contains an href element, that allows you to directly request the required media, if you have not retrieved it already. You can then retrieve it as described in Get Media.

Get modified inspections

curl "https://api.safetyculture.io/audits/search?field=audit_id&field=modified_at&modified_after=2015-03-24T06:31:47.203Z" \
  -H "Authorization: Bearer {your access token}"

Once you have extracted all of the historical data, the next obvious step is to retrieve the modified inspections so that you can continue populating your own systems with new inspection data. This function is also useful for producing regular updates from your inspection data, such as a live dashboard.

To do this, you will search for inspections that are either after the last inspection that you have, or the last time you attempted to retrieve new inspections, using the modified_after parameter.

{
  "count": 1,
  "total": 1,
  "audits": [
    {
      "audit_id": "audit_853C17E6040B43DA1DFDDD8E6A4D6D3A",
      "modified_at": "2015-03-24T06:31:47.203Z"
    }
  ]
}

This will retrieve only the inspections modified since you last retrieved data, and often may contain no inspections at all depending on the frequency of updates and the frequency data is retrieved. With this information, you may then follow the steps from the previous use case to retrieve the inspection content and media.

Note that the inspections retrieved in this request may return identifiers that you have previously retrieved if the inspection it points to has been modified. You should ensure that this overwrites any inspection data that exists in your own system rather than duplicating them.

Making Requests

curl "https://api.safetyculture.io/" \
  -H "User-Agent: MyIAuditorClient/1.0"

If you write your own client or send requests via command lines, you should always ensure that an appropriate User-Agent header is sent. For example, a client called MyIAuditorClient version 1.0 might require a user agent of MyIAuditorClient/1.0 in the header. In your code, we that recommend you replace MyIAuditorClient with some text unique to your organization or use a case like SalesforceIntegration/1.0.

curl "https://api.safetyculture.io/" \
  -H "Accept: application/json"

You must also send the Accept header to indicate the desired content type. This should be application/json or a wildcard such as */*.

Batch Requests

This endpoint can be used to send multiple API requests in a single call to the API e.g. to save round-trip network time. Up to 15 requests can be combined in a batch.

To make a batch request, you need to construct a JSON array of API requests and POST it to the /batch endpoint. Each request in the array contains a method, a path and an optional JSON payload. Each request in the batch uses the same Authorization, Content-Type and Accept headers as the batch request itself.

Requests in the batch are executed sequentially in the order they are specified in the array of the payload of the batch request.

The result of one request can be used in the immediately following request to create a request pipeline. The syntax used to create such pipelines is that of hoek.reach. The code examples section contains an example request to retrieve an array of iAuditor group data. Each array entry contains the name and ID of all groups the authenticated user is a member of. The ID of the first group in the array is then passed onto the next request, which retrieves all the users in that group. A properly constructed batch request returns a single response containing an array of the JSON responses of all requests is returned in the same order as the original request.

If an error occurs as a result of one the requests to an endpoint it will be included in the response in the same location in the array as the request causing the issue. The error object will include an error property that you can interrogate. The response status code of a properly constructed batch request will be 200 even when a request in the batch returns a different status code.

Be aware of rate limits when using the batch request endpoint.

curl \
-X POST “ https://api.safetyculture.io/batch "\
-H “Authorization: Bearer …” \
-H “Content-Type:application/json” \
-d `{
      "requests":[
       {"method": "get", "path": "/share/connections" },
       {"method": "get", "path": "/groups/role_00061a39d9104e809752f5e08c9677a6/users" },
       {"method": "post", "path": "/users/search", "payload": {"email": ["jsmith@safetyculture.io"]} }
       ]
    }`

The above command returns an array of JSON objects structured like this

[
    {
        "groups": [
            {
                "id": "role_00061a39d9104e809752f5e08c9677a6",
                "name": "SafetyCulture"
            }
        ]
    },
    {
        "total": 2,
        "offset": 0,
        "limit": 2000,
        "users": [
            {
                "email": "jsmith@safetyculture.io",
                "firstname": "John",
                "lastname": "Smith",
                "user_id": "user_000fdeb0738e4d1f8289bd56f999ff5e",
                "status": "active"
            },
            {
                "email": "john.citizen@safetyculture.io",
                "firstname": "John",
                "lastname": "Citizen",
                "user_id": "user_000ad1ca3faf439d9415c98ecf166d67",
                "status": "active"
            }
        ]
    },
    {
        "users": [
            {
                "id": "user_000fdeb0738e4d1f8289bd56f999ff5e",
                "email": "jsmith@safetyculture.io",
                "firstname": "John",
                "lastname": "Smith"
            }
        ]
    }
]

If one or more of the requests had failed with an error, it will be included in the response as shown below:

[
    {
        "groups": [
            {
                "id": "role_00061a39d9104e809752f5e08c9677a6",
                "name": "SafetyCulture"
            }
        ]
    },
    {
        "statusCode": 404,
        "error": "Not Found",
        "message": "Could not list users for: role_28161a39d9104e809752f5e08c9677a6"
    },
    {
        "statusCode": 400,
        "error": "Bad Request",
        "message": "child \"email\" fails because [\"email\" at position 0 fails because [\"0\" must be a string]]",
        "validation": {
            "source": "payload",
            "keys": [
                "email.0"
            ]
        }
    }
]

Example of a batch request pipeline

{
"requests":[
 {"method": "get", "path": "/share/connections" },
 {"method": "get", "path": "/groups/$0.groups.0.id/users" }
 ]
}

HTTP request

POST https://api.safetyculture.io/batch

Request body

The body should use the content type application/json with the following parameters:

Response

Note: In request pipelines using the hoek.reach syntax, if the path on any individual request is malformed a 500 Internal Server Error may be returned. This is a known limitation of the current implementation.

See the Errors section for more details.

Authentication

The API requires an authorization token for each request. A token can be generated by making a request to the https://api.safetyculture.io/auth endpoint with your iAuditor username and password.

Once you’ve obtained a token, it needs to be passed in the Authorization header on requests to the API. For example, Authorization: Bearer b7f8f791...f26e554d.

The iAuditor API uses OAuth 2.0 as the means of authorization for individual requests. The initial authorization uses the Resource Owner Password Credentials Grant method and currently doesn’t support any other flows.

The token used by the API is a Bearer token. It should be considered as a “personal access token” that you control yourself, for your own iAuditor account. A pre-registered client ID and secret are not required to create an authorization token.

Please note that API tokens expire after 30 days of inactivity, at which point you would need to generate a new token to use. If a token is used to make API requests within that period, then it would not expire unless it’s made invalid from new tokens.

Request an authorization token

Sample request:

curl \
  -X POST \
  --data-urlencode username=example@safetyculture.io \
  --data-urlencode password=secret \
  -d grant_type=password \
  "https://api.safetyculture.io/auth"

Sample response:

{
    "access_token": "b7f8f791920c1618ace0e24b4d52ce260473dad870e7bd56b869f8d2f26e554d",
    "token_type": "Bearer"
}

Following the example, POST the username and password fields with your iAuditor email and password, along with the grant_type value of password, to the https://api.safetyculture.io/auth endpoint. This request follows the Resource Owner Password Credentials Grant method of OAuth 2.0.

HTTP request

POST https://api.safetyculture.io/auth

Request body

The body should use the content type application/x-www-form-urlencoded with the following required parameters in the body.

Response

The response for this request has the content type application/json and include the following parameters.

Errors

The errors for this method follow the OAuth specification. If an OAuth error occurs, the returns a 400 Bad Request error code, where the format of the body differs from other API errors.

Other standard errors may occur. For example, you may receive a 403 Forbidden if the iAuditor account doesn’t have access to the iAuditor API.

Inspections

The iAuditor API contains a read-only interface to your inspection data. There are methods to retrieve inspections, their media, and to search for particular inspections.

Search inspections

curl "https://api.safetyculture.io/audits/search?field=audit_id&field=modified_at" \
-H "Authorization: Bearer {your access token}"

The above command returns JSON structured like this:

{
  "count": 2,
  "total": 2,
  "audits": [
    {
      "audit_id": "audit_01ca38a821504cda885736cccbb9ba40",
      "modified_at": "2015-03-17T03:16:31.072Z"
    },
    {
      "audit_id": "audit_853C17E6040B43DA1DFDDD8E6A4D6D3A",
      "modified_at": "2015-03-24T06:31:47.203Z"
    }
  ]
}

The inspection search endpoint allows you to retrieve the inspection ID, modification date, and template ID of inspections that meet a certain criteria. It is possible to request inspections between given dates, based on a particular template, and whether or not to include archived inspections.

This allows you to find particular inspections, to gradually retrieve the inspection IDs of every inspection that you have access to, or to retrieve inspections updated since your last search.

In the request, you must specify the fields that you want to return. The field audit_id is not required, the inspection ID will be always included in every inspection result returned in the response. To include other inspection properties in the response you can optionally add parameters modified_at and template_id. Multiple field elements can be provided.

Searching by modification date:

curl "https://api.safetyculture.io/audits/search"\
"?field=audit_id&field=modified_at"\
"&modified_after=2015-01-01T00:00:00.000Z" \
 -H "Authorization: Bearer {your access token}"

curl "https://api.safetyculture.io/audits/search"\
"?field=audit_id&field=modified_at"\
"&modified_after=2015-01-01T00:00:00.000Z"\
"&modified_before=2015-04-01T00:00:00.000Z" \
 -H "Authorization: Bearer {your access token}"

To modify the order in which inspections are returned, an optional param order can be given. order defaults to asc meaning inspections are given from earliest to latest, but can also be set to desc.

To search between dates, use the modified_before and modified_after parameters. This will find inspections between the dates given.

The dates should be formatted according to ISO 8601 and include the date, time and timezone. For example, 2015-04-01T00:00:00.000Z or 2015-04-01T00:00+1000.

The modification dates used for searching are related to SafetyCulture’s cloud storage and include latest sync times, modifications through the iAuditor website, and other system modifications. This means that the date may not match the last date that the inspection was modified. This will ensure that you may consistently find all of the inspections modified since your last search, even if they are synced some time after they are last changed.

Searching by template:

curl "https://api.safetyculture.io/audits/search?field=audit_id"\
"&template=template_37afc5890aa94e778bbcde4fc4cbe480" \
 -H "Authorization: Bearer {your access token}"

curl "https://api.safetyculture.io/audits/search?field=audit_id"\
"&template=template_37afc5890aa94e778bbcde4fc4cbe480"\
"&template=template_FCB63052F0D445AEB52F25DE6BEB8D40" \
 -H "Authorization: Bearer {your access token}"

Searching by template allows you to find all of the inspections created from a certain template. You may specify one or more template parameters to search for. The template ID can be obtained from an inspection, or by opening it for editing in SafetyCulture, e.g.: https://app.safetyculture.io/#/iauditor/templates/<template_id>

Searching by ownership:

curl "https://api.safetyculture.io/audits/search?field=audit_id&owner=me" \
-H "Authorization: Bearer {your access token}"

curl "https://api.safetyculture.io/audits/search?field=audit_id&owner=other" \
-H "Authorization: Bearer {your access token}"

Including archived inspections:

curl "https://api.safetyculture.io/audits/search?field=audit_id&archived=both" \
-H "Authorization: Bearer {your access token}"

By default, archived inspections are not included in the search. The archived parameter allows you to decide whether to search only archived inspections (true), not search archived inspections (false), or search all inspections including those archived (both).

Including only completed inspections:

curl "https://api.safetyculture.io/audits/search?field=audit_id&completed=true" \
 -H "Authorization: Bearer {your access token}"

Complete and incomplete inspections are included in the search. The completed parameter can be used to change this behaviour. Like the archived flag, you can set it to true to search only completed inspections, false to search only incomplete inspections, or both to search all inspections.

The number of results returned defaults to 1000 at a time, which is the maximum allowed. It is possible to customise the limit parameter to retrieve fewer inspections in each request. The limit is a maximum, and fewer inspections may be returned than the limit, even if there are more available within the search parameters. This can occur if two or more inspections have the same modified_at across the limit boundary, in which case no inspections with that timestamp are returned, allowing you to correctly retrieve the next “page” using the modified_after parameter.

The inspections are returned in ascending order from the earliest first, up to the limit specified. More inspections can be retrieved by repeating the search, using the modified_at of the last inspection as the modified_after parameter to the next request.

HTTP request

GET https://api.safetyculture.io/audits/search

Query parameters

Response

The response will have the content type application/json and include the following parameters:

Get inspection

curl "https://api.safetyculture.io/audits/audit_01ca38a821504cda885736cccbb9ba40" \
  -H "Authorization: Bearer {your access token}"

The above command returns JSON structured like this:

{
  "template_id": "template_BB29F82814B64F559A33BF7CAA519787",
  "audit_id": "audit_01ca38a821504cda885736cccbb9ba40",
  "created_at": "2015-05-01T01:13:20.584Z",
  "modified_at": "2015-06-30T05:03:40.754Z",
  "audit_data": {
  }
}

This endpoint retrieves a specific inspection with the supplied inspection ID. The inspection response contains the information recorded in the inspection, as well as relevant parts of the original template at the time the inspection was created, and links to media.

The full JSON object is much larger than the example here, including information in the audit_data and other fields.

HTTP request

GET https://api.safetyculture.io/audits/<audit ID>

URL parameters

response

A description of the inspection format can be found in the Inspection Format section.

Modify inspection

The endpoint allows you to modify certain properties of an existing inspection. Specifically the following can be updated:

a) The archived property to archive or un-archive the inspection b) The responses of certain items in the header_items and items portion of the inspection

The supported items whose response can be updated with this endpoint are the same as those for pre-filling when the inspection is started and the same limits apply regarding acceptable input values like the length of the text of a text response etc.

This endpoint supports partial updates. Any items not present in the request will not be changed.

Updating any inspection responses will set the author of this inspection to the user account connected to the API and making the change. If the update is only to archive or un-archive the inspection the author of the inspection will not be changed.

Removing permissions from an inspection is on our roadmap.

Caveats:

1. Simultaneous updates to the same inspection may result in concurrency errors. Prefer sequential updates to avoid these.
2. Setting the response to a multiple choice item to an invalid response ID (e.g. one that does not belong in the response set attached to that item on the template) may result in that inspection item to appear as having no response selected in the inspection.

curl -X PUT "https://api.safetyculture.io/audits/audit_01ca38a821504cda885736cccbb9ba40" \
  -d '{
         "archived": true,
         "header_items": [
           {
             "item_id": "f3245d41-ea77-11e1-aff1-0800200c9a66",
             "type": "textsingle",
             "responses": {
               "text": "Updated client site"
             }
           }
         ]
       }' \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer {your access token}"

The above command will modify the inspection and reply 200 OK. The response will contain the full inspection.

{
  "template_id": "template_BB29F82814B64F559A33BF7CAA519787",
  "audit_id": "audit_01ca38a821504cda885736cccbb9ba40",
  "created_at": "2017-05-01T11:23:19.345Z",
  "modified_at": "2017-06-30T35:39:51.398Z",
  "audit_data": {...},
  "archived": true,
  "items": [...],
  "header_items": [
     [...],
     {
       "item_id": "f3245d41-ea77-11e1-aff1-0800200c9a66",
       "type": "textsingle",
       "responses": {
         "text": "Updated client site"
       }
     },
     [...]
   ]
}

Response

The successful response contains the updated inspection. See the Get Inspection endpoint.

See the Errors section for more details.

Get inspection link

curl -X POST "https://api.safetyculture.io/audits/audit_01ca38a821504cda885736cccbb9ba40/deep_link" \
  -H "Authorization: Bearer {your access token}"

The above command returns JSON structured like this:

{
  "url": "http://sfty.io/q1Af/PBByr3nTVA"
}

This endpoint generates a URL to the inspection with the supplied inspection ID. The link will open in the iAuditor mobile application if clicked on a mobile device with the iAuditor app installed. Otherwise it will open the inspection in the iAuditor web application.

HTTP request

POST https://api.safetyculture.io/audits/<audit ID>/deep_link

URL parameters

Response

The generated URL is returned.

Get inspection web report link

curl -X GET "https://api.safetyculture.io/audits/audit_01ca38a821504cda885736cccbb9ba40/web_report_link" \
  -H "Authorization: Bearer {your access token}"

The above command returns JSON structured like this:

{
  "url": "https://reports.safetyculture.io/audit/b205b3422db0a7b97ec3120a9f4a97ba6fd1baa50534bb5710d24e43a94beea0/"
}

This endpoint returns the URL to the web report of the inspection with the supplied inspection ID. The link will be valid until explicitly de-activated.

HTTP request

GET https://api.safetyculture.io/audits/<audit ID>/web_report_link

URL parameters

Response

The response will have the content type application/json with the web report URL or an error.

See the Errors section for more details.

Delete inspection web report link

curl -X DELETE "https://api.safetyculture.io/audits/audit_01ca38a821504cda885736cccbb9ba40/web_report_link" \
  -H "Authorization: Bearer {your access token}"

The above command returns a response with no content on successful completion.

This endpoint de-activates the URL to the web report of the inspection with the supplied inspection ID. After de-activation, users will see a ‘Not Found’ error when visiting the link.

HTTP request

DELETE https://api.safetyculture.io/audits/<audit ID>/web_report_link

URL parameters

Response

The response will have the content type application/json with an empty body on success, otherwise an error.

See the Errors section for more details.

Start inspection

curl -X POST "https://api.safetyculture.io/audits" \
  -d '{"template_id": "template_BB29F82814B64F559A33BF7CAA519787"}' \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer {your access token}"

The above command returns JSON structured like this (some fields omitted for brevity)

{
  "template_id": "template_BB29F82814B64F559A33BF7CAA519787",
  "audit_id": "audit_01ca38a821504cda885736cccbb9ba40",
  "created_at": "2016-12-09T01:13:20.584Z",
  "modified_at": "2015-12-09T01:13:20.584Z",
  "audit_data": {...},
  "template_data": {...},
  "header_items": [...],
  "items": [...]
}

Example request to start an inspection with a pre-filled Conducted on header item

curl -X POST "https://api.safetyculture.io/audits" \
  -d '{
        "template_id": "template_b043f583f34642f4b446f46eeb5405dd",
        "header_items": [
          {
            "item_id": "f3245d42-ea77-11e1-aff1-0800200c9a66",
            "label": "Conducted on",
            "type": "datetime",
            "responses": {
              "datetime": "2016-12-10T09:08:55+00:00"
            }
          }
        ]
      }' \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer {your access token}"

Example request to start an inspection with a pre-filled Client Site header item

curl -X POST "https://api.safetyculture.io/audits" \
  -d '{
         "template_id": "template_BB29F82814B64F559A33BF7CAA519787",
         "header_items": [
           {
             "item_id": "f3245d41-ea77-11e1-aff1-0800200c9a66",
             "label": "Client Site",
             "type": "textsingle",
             "responses": {
               "text": "<Enter custom client site name here>"
             }
           }
         ]
       }' \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer {your access token}"

Example request to start an inspection with a question item with a pre-filled response-set response

 curl -X POST "https://api.safetyculture.io/audits" \
   -d '{
          "template_id": "template_BB29F82814B64F559A33BF7CAA519787",
          "items": [
            {
              "item_id": "bd6c6ffd-a45a-4d57-b3ba-c2cb8766269a",
              "label": "What was the device type?",
              "type": "question",
              "responses": {
                "selected": [
                  {
                    "id": "8bcfbf01-e11b-11e1-9b23-0800200c9a66"
                  }
                ]
              }
            }
          ]
        }' \
   -H "Content-Type: application/json" \
   -H "Authorization: Bearer {your access token}"

This endpoint creates a new inspection from a specified template ID. Each successful request returns the full inspection body.

HTTP request

POST https://api.safetyculture.io/audits

Start an inspection from template

To simply create an inspection without pre-filling any responses send only the template_id in the request body as shown in the examples of this section.

Start an inspection with pre-filled responses

The type of inspection items that can be pre-filled at inspection creation time at present are: text, textsingle, address, datetime, question, list, checkbox, slider and switch.

Pre-fill responses by copying an existing inspection

The easiest way to construct pre-filled item responses is by retrieving the information of an existing inspection which has populated responses for the items to be pre-filled, copying the item(s) of interest and modifying their responses as desired before executing the start inspection request. See Get Inspection for how to retrieve inspection information. Tip: It is often enough to copy the entire inspection information returned this way into the start inspection request body as any unsupported JSON properties will be ignored. In some cases, however, you may need to remove the responses property from datetime items where the responses.datetime property is null.

Pre-fill by adding item responses one by one

To pre-fill inspection responses one by one, add one or more items to the header_items and/or items array. The JSON content of the pre-filled items should be as described in Inspection Format but only the item_id, type, label and responses fields are required to be present for pre-fill to work. Any additional properties of the items present in the request will be ignored.

For example, to start an inspection with a pre-filled Conducted on header item only, add the item to the header_items array, set its responses property to the desired value (an ISO8601 timestamp) and ensure its item_id matches the corresponding item on the template. An example request body for this is included in the examples of this section.

More items can be added the same way to the header_items and/or items array property of the start inspection request.

The format of the pre-filled response of each item must be valid for the type of the particular item e.g. a single line of text should be provided for items of textsingle type (otherwise newlines will be converted to spaces), a valid ISO8601 timestamp should be given for items of datetime type etc.

Tips

• The item_id of standard header items are always the same across all templates.
• Providing a different label will not override the label value set in the template.

Pre-fill multiple-choice item responses

Multi-choice (question or list) item responses can be of different types. Only text and response-set responses are supported at this stage. See Template Data for more on response-set responses.

To add a text-type response simply populate the responses.text property of the item with the desired response text.

To add one or more response-set responses you will need to provide the ID of each response-set response. An example of this is included in the request examples of this section. You can discover the ID of available responses-set responses by retrieving an existing inspection created against the same template and copying the id of the desired response-set response from the available response sets in the Template Data. The safest way to ensure the right response IDs are added to the request, prefer to pre-fill responses by copying an existing inspection that you know has the desired responses filled in as appropriate.

Notes on inspection creation

The created_at, modified_at, audit_data.date_started, and audit_data.date_modified properties of each new inspection are set and managed by SafetyCulture. The Conducted on header item can be pre-filled by providing a UTC ISO8601 timestamp for it in the start inspection request body as shown in the examples of this section or changed later via editing the inspection. Please note that it’s up to the caller of the API to convert timestamp responses to UTC before making the request.

The owner and author of the created inspection will be the user who is making the API request. Note: the author will change automatically the next time the inspection is edited and saved by another user.

Limits apply to the size of pre-fill responses provided with the request. For instance, text responses cannot be more than 3000 characters long.

Malformed responses will typically cause the request to fail with a relevant error message. In some cases, however, malformed responses such as when the type property of the item is missing from the request body may simply cause the pre-fill responses to be ignored. Check the information of the created inspection in the response to ensure all responses have been successfully pre-filled.

Response

The response will have the content type application/json and include the information of the newly created inspection or an error.

See the Errors section for more details.

Share inspection

curl -X POST "https://api.safetyculture.io/audits/audit_01ca38a821504cda885736cccbb9ba40/share" \
-d '{"shares": [{"id":"user_c4e2421223b5497186bb8ea4e4159fcc", "permission":"edit"}]}' \
-H "Content-Type: application/json" \
-H "Authorization: Bearer {your access token}"

The above command returns JSON structured like this (some fields omitted for brevity)

{
  "template_id": "template_BB29F82814B64F559A33BF7CAA519787",
  "audit_id": "audit_01ca38a821504cda885736cccbb9ba40",
  "created_at": "2016-12-09T01:13:20.584Z",
  "modified_at": "2015-12-09T01:13:20.584Z",
  "audit_data": {...},
  "template_data": {...},
  "header_items": [...],
  "items": [...]
}

Example request to share an inspection with multiple users and groups

 curl -X POST "https://api.safetyculture.io/audits/audit_01ca38a821504cda885736cccbb9ba40/share" \
 -d '{
        "shares": [
          {
            "id": "user_c4e2421223b5497186bb8ea4e4159fcc",
            "permission": "view"
          },
          {
            "id": "role_e0d6f18b80e24c739c7b1bf77246e8dd",
            "permission": "edit"
          },
          {
            "id": "user_d5e2421223b5497186bb8ea4e4159faa",
            "permission": "delete"
          }\
        ]
     }' \
 -H "Content-Type: application/json" \
 -H "Authorization: Bearer {your access token}"

This endpoint allows you to share an inspection with one or more users and/or groups. To find the IDs of users and groups that the authenticated user can share inspections with see Search Users and Get Groups.

You can only share inspections for which you have edit or delete permission.

You can only share with users and groups that are:

• already registered with SafetyCulture (not external users)
• members of at least one of the groups you are a member of

If the inspection is already shared with a particular user or group ID no change to the permissions of that ID will be made using this endpoint. The same applies for the owner of the inspection i.e. they cannot modify their permissions using this endpoint.

The capability to modify or remove existing shares via the API is on our roadmap.

HTTP request

POST https://api.safetyculture.io/audits/<audit ID>/share

URL parameters

The maximum number of user and/or role IDs that can be provided with a single request to this endpoint is 100.

Response

The response contains the information of the inspection that was modified. The sharing details are not included for security reasons.

Other Errors may also be returned.

Get media

curl "https://api.safetyculture.io/audits/audit_01ca38a821504cda885736cccbb9ba40/media/9E3BD015-6275-4668-BAF1-296B2F38444C" \
  -o 9E3BD015-6275-4668-BAF1-296B2F38444C.jpg \
  -H "Authorization: Bearer {your access token}"

The media endpoint allows you retrieve the media items associated with a particular inspection. These can be identified by the href elements in the media items of the inspection data.

The media is downloaded directly, so you should save the output to a file with an appropriate name. For example, you can use the values from the media item in the inspection JSON to construct the filename <media_id>.<file_ext>.

HTTP request

GET https://api.safetyculture.io/audits/<audit ID>/media/<media ID>

URL parameters

Response

The Content-Type will be the MIME type associated with the media, and the body of the response is the media itself.

(New) Initiate inspection report export

The report endpoints allow you to retrieve an inspection report formatted as a PDF or Word (docx) document. This is a multi-request process involving initiation, polling, and retrieving.

curl -X POST "https://api.safetyculture.io/audits/audit_01ca38a821504cda885736cccbb9ba40/report" \
  -d '{
        "format": "PDF",
        "preference_id": "f76030c4-4859-41e4-b7f6-a47b20c5dae3"
      }' \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer {your access token}"

The above command returns JSON structured like this:

{
  "messageId": "b70f5357-4ba7-45a6-a801-706a0f57f2af"
}

The inspection export endpoint begins the process of generating the requested document.

HTTP request

POST https://api.safetyculture.io/audits/<audit_ID>/report

URL parameters

Request body

The body should use the content type application/json with the following parameters:

Response

The response will have the content type application/json and include the following parameters:

(New) Poll for completion of inspection report export

curl "https://api.safetyculture.io/audits/audit_afdbf0b725b64b71905345bbdc9bfd78/report/f1b9e1b0-8652-454a-96c7-a4c714f8e4f1" \
  -H "Authorization: Bearer {your access token}"

The above command returns JSON structured like this:

{
  "status": "IN_PROGRESS"
}

{
    "url": "https://app.safetyculture.io/report-exports/f1b9e1b0-8652-454a-96c7-a4c714f8e4f1/20-Oct-2019-Inspection-Example.pdf?Expires=1571616427&Signature=l8To7ELdDikbEnzYHFSL8WNgo--XpTb6rzgMD~goLe3573NqLDXQXlNF8fG5cR4~yEOtJm-X1OS6YBOgyuuMzATyWoDjyS9NKGpUJWNCRO7Hn8LJ5o-KoQeqrsS2cShv2FgPHrft0DfLTAqY7D9fvx5l8ECfqV5RwTpN~CLR8ztFtfu4kILx9e4XCfPtFIJXAZJ0tGPIQTwq8i1BhdZbW4OUrpv-K~5so~jBjl3dwpNr5h4D3xJvFUtTqtZ2K1-SLCEwwkzZYExosvRHTQ9XaBF0zjABUuY9u2QVVl3-Vr27u-z0zxGEugc~e76QaAbtgULNmGFakFi2y5UszTWyyA__&Key-Pair-Id=APKAJCCN5EO55J74U7PQ",
    "status": "SUCCESS"
}

Check the status of an report request.

HTTP request

GET https://api.safetyculture.io/audits/<audit_ID>/report/<export_ID>

URL parameters

Response

The response will have the content type application/json and include some/one of the following parameters:

In the case of request failure due to incorrect parameters the response may contain the following parameters:

(New) Get inspection export

curl "https://app.safetyculture.io/report-exports/f1b9e1b0-8652-454a-96c7-a4c714f8e4f1/20-Oct-2019-Inspection-Example.pdf?Expires=1571616427&Signature=l8To7ELdDikbEnzYHFSL8WNgo--XpTb6rzgMD~goLe3573NqLDXQXlNF8fG5cR4~yEOtJm-X1OS6YBOgyuuMzATyWoDjyS9NKGpUJWNCRO7Hn8LJ5o-KoQeqrsS2cShv2FgPHrft0DfLTAqY7D9fvx5l8ECfqV5RwTpN~CLR8ztFtfu4kILx9e4XCfPtFIJXAZJ0tGPIQTwq8i1BhdZbW4OUrpv-K~5so~jBjl3dwpNr5h4D3xJvFUtTqtZ2K1-SLCEwwkzZYExosvRHTQ9XaBF0zjABUuY9u2QVVl3-Vr27u-z0zxGEugc~e76QaAbtgULNmGFakFi2y5UszTWyyA__&Key-Pair-Id=APKAJCCN5EO55J74U7PQ" --output 0-Oct-2019-Inspection-Example.pdf

Once an export check returns a url parameter the completed document can be retrieved.

HTTP request

GET https://app.safetyculture.io/report-exports/<export_ID>/<filename>

URL parameters

Response

The body of the response is the document itself.

(Deprecated) Initiate inspection export

The export endpoints allow you to retrieve an inspection formatted as a PDF or DocX document. This is a multi-request process involving initiation, polling, and retrieving.

curl -X POST "https://api.safetyculture.io/audits/audit_01ca38a821504cda885736cccbb9ba40/export?format=pdf&timezone=Australia/Brisbane" \
  -H "Authorization: Bearer {your access token}"

The above command returns JSON structured like this:

{
  "id": "94a427d1-1bd1-4f76-b3a5-4c5de1c75a3f"
}

The inspection export endpoint begins the process of generating the requested document.

HTTP request

POST https://api.safetyculture.io/audits/<audit ID>/export

URL parameters

Query parameters

Response

The response will have the content type application/json and include the following parameters:

(Deprecated) Poll for completion of inspection export

curl "https://api.safetyculture.io/audits/audit_01ca38a821504cda885736cccbb9ba40/exports/94a427d1-1bd1-4f76-b3a5-4c5de1c75a3f" \
  -H "Authorization: Bearer {your access token}"

The above command returns JSON structured like this:

{
  "status": "IN PROGRESS"
}

{
  "status": "SUCCESS",
  "href": "https://api.safetyculture.io/audits/audit_01ca38a821504cda885736cccbb9ba40/exports/94a427d1-1bd1-4f76-b3a5-4c5de1c75a3f/Daily%20Inspection%20-%20000012%20-%202016.02.04-20.31.47%2B0000.pdf",
  "filename": "Daily Inspection - 000012 - 2016.02.04-20.31.47+0000.pdf"
}

Check the status of an export request.

HTTP request

GET https://api.safetyculture.io/audits/<audit ID>/exports/<export ID>

URL parameters

Response

The response will have the content type application/json and include some/one of the following parameters:

In the case of request failure due to incorrect parameters the response may contain the following parameters:

(Deprecated) Get inspection export

curl -O -J "https://api.safetyculture.io/audits/audit_01ca38a821504cda885736cccbb9ba40/exports/94a427d1-1bd1-4f76-b3a5-4c5de1c75a3f/Daily%20Inspection%20-%20000012%20-%202016.02.04-20.31.47%2B0000.pdf" \
  -H "Authorization: Bearer {your access token}"

Once an export check returns an href parameter the completed document can be retrieved.

HTTP request

GET https://api.safetyculture.io/audits/<audit ID>/exports/<export ID>/<filename>

URL parameters

Response

The body of the response is the document itself.

Inspection Format

This section describes the complete inspection response format.

Top level

{
  "audit_id": "audit_50ba581235704a368d025056a583aa8b",
  "template_id": "template_4183bcc822f146d3be542118d3f15971",
  "archived": false,

  "created_at": "2015-06-04T02:34:25.000Z",
  "modified_at": "2015-06-04T02:39:21.000Z",

  "audit_data": {},
  "template_data": {},

  "header_items": [{}],
  "items": [{}]
}

Inspection data

.audit_data

Inspection data root

{
  "name": "title",
  "score": 10,
  "total_score": 21,
  "score_percentage": 25,
  "date_completed": "2015-06-04T02:38:02.000Z",
  "date_modified": "2015-06-04T02:38:11.000Z",
  "duration": 224,
  "authorship": {},
  "date_started": "2015-06-04T02:34:25.000Z",
  "location": {},
  "site": {}
}

GPS location

.audit_data.location

{
  "location": {
    "started": {
      "accuracy": 21,
      "geometry": {
        "type": "Point",
        "coordinates": [151.2103808, -33.8846905]
      }
    },
    "completed": {
      "accuracy": 21.189,
      "geometry": {
        "type": "Point",
        "coordinates": [151.2103808, -33.8846905]
      }
    }
  }
}

Authorship

.audit_data.authorship

{
  "authorship": {
    "owner": "Edward Stark",
    "owner_id": "user_82465b736bb94071a9a47998cf5d7777",
    "device_id": "81A34706-7417-4D6F-8C61-50AC2C814755",
    "author": "Jon Snow",
    "author_id": "user_82465b736bb94071a9a47998cf5d7777"
  }
}

Site

.audit_data.site contains information about the site that was selected when starting or editing an inspection. Sites belong to an area, which in turn belongs to a region.

{
  "site": {
    "name": "Sydney",
    "area": {
      "name": "NSW"
    },
    "region": {
      "name": "AU"
    }
  }
}

.audit_data.site.area

.audit_data.site.region

Template data

.template_data

Template data root

{
  "metadata": {},
  "authorship": {},
  "response_sets": {}
}

Template metadata

.template_data.metadata

{
  "name": "name",
  "description": "description",
  "image": "52ED0287-93F1-4F53-B2C2-29EA3A2423E7"
}

Response sets

.template_data.response_sets - The keys used in the object are the IDs of the stored responses. The values of the object are the sets themselves.

{
  "8a0161b0-a97d-11e4-800b-8f525e51b36e": { "id": "8a0161b0-a97d-11e4-800b-8f525e51b36e", "responses": [] },
  "ec410dd0-a97d-11e4-800b-8f525e51b36e": { "id": "ec410dd0-a97d-11e4-800b-8f525e51b36e", "responses": [] }
}

Response set

.template_data.response_sets.*

{
  "id": "8a0161b0-a97d-11e4-800b-8f525e51b36e",
  "responses": [{}]
}

Response sets response

.template_data.response_sets.*.responses most of the fields can be absent.

{
  "id": "22a409a8-c02a-44d5-8b61-e66b6996927e",
  "colour": "5,255,84",
  "enable_score": true,
  "label": "At risk",
  "score": 1,
  "short_label": "R",
  "type": "list"
}

Inspection header items

.header_items

Same structure as Inspection Items. See below.

Inspection items

.items are the responses or selections made by the person conducting the inspection.

Item root

{
  "label": "Inspection",
  "item_id": "379d3910-d2e2-11e4-9038-695120da729f",
  "action_item_profile_id": [],
  "type": "checkbox",
  "parent_id": "a78337ce-2cf2-419b-85b5-c81cd2d68090",
  "options": {},
  "responses": {},
  "media": {},
  "children": ["C5404AC4-2844-4D5A-A02C-9921B9B384C6"],
  "scoring": {}
}

Deprecated properties that may appear in older inspections but are no longer used

action_item_profile_id | Array | The IDs of any follow up tasks added to this item

Item options

.items[].options most of the fields are absent usually.

{
  "condition": "3d346f01-e501-11e1-aff1-0800200c9a66",
  "drawing_base_image": {},
  "element": "Truck 1",
  "enable_date": true,
  "enable_signature_timestamp": true,
  "enable_time": true,
  "increment": 1,
  "is_mandatory": false,
  "label": "",
  "link": "",
  "locked": true,
  "max": 4,
  "media": {},
  "min": 2,
  "multiple_selection": false,
  "required": true,
  "response_set": "7bb1cb10-7020-11e2-bcfd-0800200c9a66",
  "failed_responses": ["8bcfbf01-e11b-11e1-9b23-0800200c9a66"],
  "secure": "",
  "type": "media",
  "url": "",
  "values": ["6565F809-B2F9-40AF-909E-2D76BC7683FF"],
  "visible_in_audit": true,
  "visible_in_report": true,
  "weighting": 8,
  "require_note": true,
  "require_media": false,
  "require_action": false
}

Deprecated items that may appear in older inspections but are no longer used

Item responses

.items[].responses most of the fields will be absent usually.

{
  "text": "Flinders St",
  "value": "8",
  "name": "Jon Snow",
  "timestamp": "2015-06-24T02:20:22.000Z",
  "datetime": "2015-06-24T02:01:30.000Z",
  "location_text": "Alligator Creek QLD 4816\nAustralia\n(-19.405835, 146.899124)",
  "location": {},
  "selected": [{}],
  "failed": false,
  "weather": {},
  "media": [{}],
  "image": {}
}

Item scoring

.items[].scoring

{
  "score": 5,
  "max_score": 10,
  "score_percentage": 50,
  "combined_score": 3,
  "combined_max_score": 12,
  "combined_score_percentage": 25
}

Location

{
  "administrative_area": "QLD",
  "country": "Australia",
  "formatted_address": [
    "Alligator Creek QLD 4816",
    "Australia"
  ],
  "geometry": {
    "coordinates": [
      146.8991244532996,
      -19.40583490239377
    ],
    "type": "Point"
  },
  "iso_country_code": "AU",
  "locality": "Alligator Creek",
  "name": "",
  "postal_code": "4816",
  "sub_administrative_area": "",
  "sub_locality": "Woodstock-Cleveland-Ross",
  "sub_thoroughfare": "",
  "thoroughfare": ""
}

Media

This object is used across the entire inspection JSON.

{
  "date_created": "2015-03-23T23:57:52.000Z",
  "file_ext": "jpg",
  "media_id": "5f32d80c-3531-457f-b853-5f087927f5b1",
  "label": "can be a file name or any random text",
  "href": "https://api.safetyculture.io/audits/audit_50ba581235704a368d025056a583aa8b/media/5f32d80c-3531-457f-b853-5f087927f5b8"
}

Report Preferences

The iAuditor API provides access to your report preferences to allow identification of your preference IDs. You can search either for all global preferences or for all preferences associated with an individual template.

Search report preferences

curl "https://api.safetyculture.io/preferences/search" \
  -H "Authorization: Bearer {your access token}"

The above command returns JSON structured like this:

{
  "preferences": [
    {
      "id": "da5dceac-188a-4738-9550-a82b8801cef3",
      "label": "Example Preference 01",
      "is_global": true,
      "is_default": false
    },
    {
      "id": "93b6194c-c6b9-464b-a8dc-79fb6b48615c",
      "label": "Example Prefernce 02",
      "is_global": true,
      "is_default": false
    }
  ]
}

Searching for a specific templates preferences

curl "https://api.safetyculture.io/preferences/search?template_id=<template_id>" \
  -H "Authorization: Bearer {your access token}"

HTTP reqeust

GET https://api.safetyculture.io/preferences/search

GET https://api.safetyculture.io/preferences/search?template_id=<template_id>

Query parameters

Response

The response will have the content type application/json and include the following parameters:

(Deprecated) Export Profiles

(Deprecated) Search export profiles

curl "https://api.safetyculture.io/export_profiles/search?template=template_3E631E46F466411B9C09AD804886A8B4" \
  -H "Authorization: Bearer {your access token}"

The above command returns JSON structured like this:

{
  "export_profiles": [
    {
      "id": "template_3E631E46F466411B9C09AD804886A8B4:E15A6525-EFA5-4835-92F0-D11CA9F364F3",
      "name": "My Export Profile",
      "templates": [
        {
          "id": "template_3E631E46F466411B9C09AD804886A8B4",
          "name": "My Test Template"
        }
      ]
    },
    {
      "id": "template_3E631E46F466411B9C09AD804886A8B4:E50645A1-2851-4E92-B4EA-60C5CE7981BE",
      "name": "Your Export Profile",
      "templates": [
        {
          "id": "template_3E631E46F466411B9C09AD804886A8B4",
          "name": "My Test Template"
        }
      ]
    }
  ]
}

The export profiles search endpoint allows you to retrieve the ID, name, and associated templates of your export profiles. Currently only export profiles which have been added to templates are available. It is possible to filter the results to profiles associated with specific templates.

The ID returned in these results can be used to apply an export profile to PDF exports from the inspection export endpoint.

HTTP request

GET https://api.safetyculture.io/export_profiles/search

Query parameters

Response

The response will have the content type application/json and include the following parameters:

Each profile metadata object will include the following parameters:

Each template metadata object will include the following parameters:

(Deprecated) Get an export profile

curl "https://api.safetyculture.io/export_profiles/template_3E631E46F466411B9C09AD804886A8B4:E15A6525-EFA5-4835-92F0-D11CA9F364F3" \
  -H "Authorization: Bearer {your access token}"

The above command returns JSON structured like this:

{
  "identifier": "F5F52D58-39D8-4F1A-B73E-56332716C366",
  "profile_name": "test",
  "revision_id": "82F5E0F8-7D1A-4027-81B5-BF8739259C9A",
  "timestamp": "2016-03-03T06:14:38.752Z",
...
  "appendix_text": "Appendix",
  "audit_page_address_show_coords": true,
  "audit_page_category_background_colour": "255.0,255.0,255.0",
  "audit_page_category_colour": "0.0,0.0,0.0"
}

Export profiles are currently managed and attached to templates using the iAuditor mobile app.

HTTP request

GET https://api.safetyculture.io/export_profiles/<profile ID>

URL parameters

Response

The response will have the content type application/json and the body will be the JSON formatted export profile.

Templates

The iAuditor API contains a search interface to your template metadata.

Search templates

curl "https://api.safetyculture.io/templates/search?field=template_id&field=modified_at" \
  -H "Authorization: Bearer {your access token}"

The above command returns JSON structured like this:

{
  "count": 2,
  "total": 2,
  "templates": [
    {
      "template_id": "template_093AAED63D0A40CAA287CC9AE1F724B7",
      "modified_at": "2013-03-15T13:16:55.000Z"
    },
    {
      "template_id": "template_7fc988ab936911e29499db43a4fa41d1",
      "modified_at": "2013-03-22T10:57:36.000Z"
    },
  ]
}

The template search endpoint allows you to retrieve the template ID, name, modification date and creation date, of templates that meet a certain criteria. It is possible to request templates modified between given dates, and whether or not to include archived templates.

In the request, you must specify the fields that you want to return. The field template_id is not required, the template ID will be always included in every template result returned in the response. To include other template properties in the response you can optionally add parameters modified_at, created_at and name. Multiple field elements can be provided.

Searching by modification date:

curl "https://api.safetyculture.io/templates/search"\
"?field=template_id&field=modified_at"\
"&modified_after=2015-01-01T00:00:00.000Z" \
  -H "Authorization: Bearer {your access token}"

curl "https://api.safetyculture.io/templates/search"\
"?field=template_id&field=modified_at"\
"&modified_after=2015-01-01T00:00:00.000Z"\
"&modified_before=2015-04-01T00:00:00.000Z" \
  -H "Authorization: Bearer {your access token}"

To modify the order in which templates are returned, an optional parameter order can be given. order defaults to asc meaning templates are given from oldest to most recently modified, but can also be set to desc.

To search between dates, use the modified_before and modified_after parameters. This will find templates between the dates given.

The dates should be formatted according to ISO 8601 and include the date, time and timezone. For example, 2015-04-01T00:00:00.000Z or 2015-04-01T00:00+1000.

The modification dates used for searching are related to SafetyCulture’s cloud storage and include latest sync times, modifications through the iAuditor website, and other system modifications. This means that the date may not match the last date that the template was modified. This will ensure that you may consistently find all of the templates modified since your last search, even if they are synced some time after they are last changed.

Searching by ownership:

curl "https://api.safetyculture.io/templates/search?field=template_id&owner=me" \
  -H "Authorization: Bearer {your access token}"

curl "https://api.safetyculture.io/templates/search?field=template_id&owner=other" \
  -H "Authorization: Bearer {your access token}"

Including archived templates:

curl "https://api.safetyculture.io/templates/search?field=template_id&archived=both" \
  -H "Authorization: Bearer {your access token}"

By default, archived templates are not included in the search. The archived parameter allows you to decide whether to search only archived templates (true), not search archived templates (false), or search all templates including those archived (both).

The number of results returned defaults to 1000 at a time, which is the maximum allowed. It is possible to customise the limit parameter to retrieve fewer templates in each request. The limit is a maximum, and fewer templates may be returned than the limit, even if there are more available within the search parameters. This can occur if two or more templates have the same modified_at across the limit boundary, in which case no templates with that timestamp are returned, allowing you to correctly retrieve the next “page” using the modified_after parameter.

The templates are returned in ascending order from the earliest first, up to the limit specified. More templates can be retrieved by repeating the search, using the modified_at of the last template as the modified_after parameter to the next request.

HTTP request

GET https://api.safetyculture.io/templates/search

Query parameters

Response

The response will have the content type application/json and include the following parameters:

Response Sets

A Global Response Set is a collection of responses that’s available to be used in all templates in an organization. Endpoints are provided to manipulate response sets as well as individual responses within them.

Create a Global Response Set

The Create Response Set endpoint allows a user to create a new response set.

curl \
-X POST “ https://api.safetyculture.io/response_sets "\
-H “Authorization: Bearer …” \
-H “Content-Type:application/json” \
-d `{
      "name": "employee",
      "responses": [
        {
          "label": “John Smith",
          "short_label": "John"
        }
      ]
    }`

The above command returns JSON structured like this

{
   "name": "employee",
   "responseset_id": "responseset_7db5002c72754d2a99ac1e4b82f088be",
   "responses": [
     {
       "id": "64285441-782f-4891-b0f7-2beffbdd78bc",
       "label": "John Smith",
       "short_label": "John"
     }
   ],
   "created_at": "2017-07-21T03:35:26.323Z",
   "modified_at": "2017-07-21T03:35:26.323Z"
}

HTTP request

POST https://api.safetyculture.io/response_sets

Request body

The body should use the content type application/json with the following parameters:

The responses should have the following properties:

Response

The response will have the content type application/json and include the following parameters:

See the Errors section for more details.

Get a Global Response Set

The Get Response Set endpoint allows a user to retrieve the response set with a particular response set ID.

curl “ https://api.safetyculture.io/response_sets/responseset_7db5002c72754d2a99ac1e4b82f088be" \
-H “Authorization: Bearer …”

The above command returns JSON structured like this

{
   "name": "employee",
   "responseset_id": "responseset_7db5002c72754d2a99ac1e4b82f088be",
   "responses": [
     {
       "id": "64285441-782f-4891-b0f7-2beffbdd78bc",
       "label": "John Smith",
       "short_label": "John"
     }
   ],
   "created_at": "2017-07-21T03:35:26.323Z",
   "modified_at": "2017-07-21T03:35:26.323Z"
}

HTTP request

GET https://api.safetyculture.io/response_sets/<responseset_id>

URL parameters

Response

The response will have the content type application/json and include the following parameters:

See the Errors section for more details.

Search Global Response Sets

The Get Response Sets endpoint allows a user to retrieve all the available response sets for the user’s organisation.

curl “ https://api.safetyculture.io/response_sets " \
-H “Authorization: Bearer …” \
-H "Content-Type:application/json"

The above command returns an array of JSON objects structured like this

[
  {
    "name": "John Smith",
    "responseset_id": "responseset_89c6fcb53531400ba3ec164fac2cf8b2",
    "created_at": "2017-07-15T12:04:18.152Z"
  },
  {
    "name": "Joe Bloggs",
    "responseset_id": "responseset_a0c1548da7db47bcb254a2e7aeab6070",
    "created_at": "2017-07-14T06:54:42.354Z"
  }
]

HTTP request

GET https://api.safetyculture.io/response_sets

Query parameters

Response

The response will have the content type application/json and include the following parameters:

See the Errors section for more details.

Update a Global Response Set

The Update Response Set endpoint allows a user to update a response set. If responses are specified in the payload then all the responses will be overwritten by the ones provided.

curl \
-X PUT “ https://api.safetyculture.io/response_sets/responseset_7db5002c72754d2a99ac1e4b82f088be "\
-H “Authorization: Bearer …” \
-H “Content-Type:application/json” \
-d `{
      "name": "employee",
      "responses" : [
        {
          "label": "John Smith",
          "short_label": "John"
        }
      ]
    }`

The above command returns JSON structured like this

{
  "name": "employee",
  "responseset_id": "responseset_7db5002c72754d2a99ac1e4b82f088be",
  "responses": [
    {
      "id": "64285441-782f-4891-b0f7-2beffbdd78bc",
      "label": "John Smith",
      "short_label": "John"
    }
   ],
  "created_at": "2017-07-21T03:35:26.323Z",
  "modified_at": "2017-07-21T03:35:26.323Z"
}

HTTP request

PUT https://api.safetyculture.io/response_sets/<responseset_id>

URL parameters

Request body

The body should use the content type application/json with the following parameters:

Response

The response will have the content type application/json and include the following parameters:

See the Errors section for more details.

Delete a Global Response Set

The Delete Response Set endpoint allows a user to delete a response set.

curl \
-X DELETE “ https://api.safetyculture.io/response_sets/responseset_7db5002c72754d2a99ac1e4b82f088be " \
-H “Authorization: Bearer …” \
-H “Content-Type:application/json”

The above command returns JSON structured like this

{
  "ok": true
}

HTTP request

DELETE https://api.safetyculture.io/response_sets/<responseset_id>

URL parameters

Response

The successful response for this request will be {“ok”: true}

See the Errors section for more details.

Add a response

The Add Response endpoint allows a user to add a new response to the response set. When you add a response to a response set it gets added at the bottom of the existing responses.

curl \
-X POST “ https://api.safetyculture.io/response_sets/responseset_7db5002c72754d2a99ac1e4b82f088be/responses "\
-H “Authorization: Bearer …” \
-H “Content-Type:application/json” \
-d `{
      "label": “New label”,
      "short_label": "New"
    }`

The above command returns JSON structured like this

{
  "id": "64285441-782f-4891-b0f7-2beffbdd78bc",
  "label": "New label",
  "short_label": "New"
}

HTTP request

POST https://api.safetyculture.io/response_sets/<responseset_id>/responses

URL parameters

Request body

The body should use the content type application/json with the following parameters:

Response

The response will have the content type application/json and include the following parameters:

See the Errors section for more details.

Update a response

The Update Response endpoint allows a user to update a response within a response set.

curl \
-X PUT “ https://api.safetyculture.io/response_sets/responseset_7db5002c72754d2a99ac1e4b82f088be/responses/64285441-782f-4891-b0f7-2beffbdd78bc "\
-H “Authorization: Bearer …” \
-H “Content-Type:application/json” \
-d `{
      "label": “New label”,
      "short_label": "New"
    }`

The above command returns JSON structured like this

{
  "id": "64285441-782f-4891-b0f7-2beffbdd78bc",
  "label": "New label",
  "short_label": "New"
}

HTTP request

PUT https://api.safetyculture.io/response_sets/<responseset_id>/responses/<response_id>

URL parameters

Request body

The body should use the content type application/json with the following parameters:

Response

The response will have the content type application/json and include the following parameters:

See the Errors section for more details.

Delete a response

The Delete Response endpoint allows a user to delete a response from a response set.

curl \
-X DELETE “ https://api.safetyculture.io/response_sets/responseset_7db5002c72754d2a99ac1e4b82f088be/responses/64285441-782f-4891-b0f7-2beffbdd78bc "\
-H “Authorization: Bearer …” \
-H “Content-Type:application/json”

The above command returns JSON structured like this

{
  "ok": true
}

HTTP request

DELETE https://api.safetyculture.io/response_sets/<responseset_id>/responses/<response_id>/

URL parameters

Response

See the Errors section for more details.

Users and Groups

Add a user

This endpoint allows an administrator (user with the “Admin” permission) to add a user to their organization. This is a synchronous call that returns the user ID of the created user in the response.

A user can be added to iAuditor with or without a password. In both cases, the request would send the new user an email to notify that they’ve been added to the organization.

If no password is given when a user is added, the user calling the API can indicate in the request if they would like the added user to set a password the first time they access iAuditor or to not set a password at all (e.g. for user that are to access iAuditor only via Single-Sign-On).

Upon successful addition of a user:

1. If a password was submitted for that user in the request, the user will receive an email with a link to the iAuditor login screen so that user can sign in with the provisioned password to access iAuditor.
2. If no password was submitted for that user in the the Add User request and the reset_password_required flag was set to true for that user in the request, then that user receives an email notifying them they have been added to the organisation and inviting them to access iAuditor in their default web browser. Clicking the link takes the user to a page asking them to set a password in order to continue.
3. If no password was submitted for that user in the the Add User and the reset_password_required flag was set to false for that user in the request (the default behaviour), then that user receives an email notifying them they have been added to the organisation and inviting them to access iAuditor in their default web browser. Clicking the link takes the user straight into a single-sign-on page to login with their company credentials in order to access iAuditor.

Special cases:

If the user was added to the organisation earlier and was de-activated or removed, then adding the user via the API will cause an email to be sent to the user asking the user to re-activate their account.

If the user added to the organisation already existed in iAuditor any password provided with the Add User request will be ignored. The user will still be able to login to iAuditor with their old password.

It may take a few seconds until a newly added user is visible by other endpoints like those used to search users.

curl \
-X POST “https://api.safetyculture.io/users" \
-H “Authorization: Bearer …” \
-H “Content-Type:application/json” \
-d `{
      "firstname": "Thomas",
      "lastname": "Hardy",
      "email": "thomashardy@safetyculture.io"
    }`

The above command returns JSON structured like this:

{
    "user": {
        "firstname": "Thomas",
        "lastname": "Hardy",
        "email": "thomashardy@safetyculture.io",
        "user_id": "user_eacb68331f5b4e1cbe42e37f55b3ce5b"
    }
}

HTTP request

POST https://api.safetyculture.io/users

Request body

The body should use the content type application/json with the following parameters:

Response

See the Errors section for more details.

Update a user

The Update User endpoint allows administrators (users with the Admin permission) to update any of the following user properties:

• username (email address)
• first name
• last name
• status (active or inactive)

Patch semantics are supported, meaning only the fields that are sent in the request are updated.

To update a user, the user must belong to the same organisation as the requesting administrator (user with the Admin permission). When updating the username (email address) of another user, that user gets an email address change confirmation email. Only once the user has confirmed the request the new username is reflected in their account.

When a user is de-activated i.e. their status changed from active to inactive, their access to inspection data they owned or was previously shared with them ceases.

curl \
-X PUT “https://api.safetyculture.io/users/user_3618cfc7ab274df6bf8a44f546b5e443" \
-H “Authorization: Bearer …” \
-H “Content-Type:application/json” \
-d `{
      "firstname": "Tom",
      "lastname": "Hugh",
      "new_email": "tomhugh2@safetyculture.io",
      "status": "inactive"
    }`

The above command will update the user’s details and reply 200 response

HTTP request

PUT https://api.safetyculture.io/users/<user_id>

Request body

The body should use the content type application/json with the following parameters:

Response

Remove a user

Allows administrators (users with the Admin permission) to remove a user from a specified group or from their organisation.

To remove a user from a user group, the following conditions must be satisfied:

1. The requesting user cannot remove themselves
2. Only users with the Admin permission can remove other users
3. Administrators (users with Admin permission) can remove other administrator users from any group in the organisation
4. If the user to be removed belongs to a group with Admin permission they inherit the Admin permission. In that case the user can only be removed from the group if they are not the only administrator in the organisation. After removal from the group the user loses the previously inherited Admin permission.
5. The last remaining user with Admin permission in the organisation cannot be removed

Remove a user with user ID

To lookup the user ID required by the remove user endpoint use the Search Users endpoint.

curl \
-X DELETE “https://api.safetyculture.io/groups/role_01ca38a821504cda885736cccbb9ba40/users/user_22ca38a821504cda885736cccbb9ba40" \
-H “Authorization: Bearer …”

The above command returns a JSON object structured like this

{"ok": true}

HTTP request

DELETE https://api.safetyculture.io/groups/<group_id>/users/<user_id>

URL parameters

Response

See the Errors section for more details.

Add a user to a group

The Add User to Group endpoint allows any user with Group Management permissions to add a user to a group within their organisation. A user can only be added to a group within the requesting user’s organisation and only users within the requesting user’s organisation can be added to a group.

When a user is added to a group, the user inherits the permissions of the group they are added to. The endpoint returns a list of all users in the group after the add user operation is complete.

curl \
-X POST “https://api.safetyculture.io/groups/role_6c5f0ce82ab0410eb3f2cdf50a799e6b/users" \
-H “Authorization: Bearer …” \
-H “Content-Type:application/json” \
-d `{
      "user_id": "user_55e75057df064e929b1faec2e84cbe03"
    }`

The above command returns an array structured like this:

    "user_55e75057df064e929b1faec2e84cbe03",
    "user_45e75057df064e929b1faec2e84cbe03"
]

HTTP request

POST https://api.safetyculture.io/groups/<group_id>/users

Request body

The body should use the content type application/json with the following parameters:

Response

See the Errors section for more details.

List the users in a group

The List Users in Group endpoint allows administrators (users with the Admin permission) to list users in their organisation or a group within their organisation. The response returned can be filtered based on the status of the user (active or inactive or both). Inactive users are those who have been de-activated but are still part of the organisation. If no status query parameter is given, both active and inactive users are returned. The maximum number of users that can be returned by a single request is 2000. To list more users use the offset and limit query parameters as described below.

curl \
-X GET “https://api.safetyculture.io/groups/role_6c5f0ce82ab0410eb3f2cdf50a799e6b/users?limit=50&offset=25&status=active" \
-H “Authorization: Bearer …” \
-H “Content-Type:application/json”

The above command returns an array structured like this:

{
    "total": 27,
    "offset": 25,
    "limit": 50,
    "users": [
        {
            "email": "test25@gmail.com",
            "firstname": "test25",
            "lastname": "test25",
            "user_id": "user_4dbad1ca3faf439d9415c98ecf166d67",
            "status": "active"
        },
        {
            "email": "test26@gmail.com",
            "firstname": "test26",
            "lastname": "test26",
            "user_id": "user_aec23bf3609b4f6abd1ff2a15022bc0c",
            "status": "active"
        }
    ]
}

HTTP request

GET https://api.safetyculture.io/groups/<group_id>/users

URL parameters

Query parameters

Response

See the Errors section for more details.

Search users

Search users by user ID

curl -X GET "https://api.safetyculture.io/users/user_22ca38a821504cda885736cccbb9ba40" \
-H "Authorization: Bearer {your access token}"

The above command returns JSON structured like this:

{
    "email": "jsmith@safetyculture.io",
    "firstname": "John",
    "lastname": "Smith",
    "user_id": "user_22ca38a821504cda885736cccbb9ba40",
    "status": "active"
}

Use this endpoint to lookup user’s details by their user ID. Only users belonging to the same group(s) as the authenticated user can be looked up in this manner and Admin users (users with Admin permission) can lookup both active and inactive users in their organisation with this endpoint whereas users without Admin permissions can lookup only active users for consistency with other iAuditor applications.

HTTP request

GET https://api.safetyculture.io/users/<user_id>

Response

The response will have the content type application/json and include a JSON object with the following properties:

A number of different Errors may be returned.

Search users by email address

curl -X POST "https://api.safetyculture.io/users/search" \
-d "{"email": ["john.citizen@safetyculture.io"]}}" \
-H "Authorization: Bearer {your access token}"

The above command returns JSON structured like this:

{
  "users": [
    {
      "id": "user_c4e2421223b5497186bb8ea4e4159fcc",
      "email": "john.citizen@safetyculture.io",
      "firstname": "John",
      "lastname": "Citizen",
      "status": "active"
    }
  ]
}

Use this endpoint to lookup one or more user’s details by their email address. Only users belonging to the same group(s) as the authenticated user can be looked up in this manner. Admin users (users with Admin permission) can lookup both active and inactive users in their organisation with this endpoint whereas users without Admin permissions can lookup only active users for consistency with other iAuditor applications..

The maximum number of email addresses that can be provided to a single request is 100.

Note: It takes some time (usually a few seconds) after a user is added to iAuditor for them to be able to be looked up by email using this endpoint.

HTTP request

POST https://api.safetyculture.io/users/search

Response

The response will have the content type application/json and include an array of JSON objects with the following properties:

Any email addresses that did not result in a successful lookup will be omitted from the response.

A number of different Errors may be returned.

List organization groups

The Get Organisation Groups endpoint allows administrators (users with the Admin permission) to list all the groups in their organisation. This endpoint lists all groups in the organisation of the requesting user, regardless if the requesting user is a member or not of these groups.

curl \
-X GET “https://api.safetyculture.io/groups" \
-H “Authorization: Bearer …” \
-H “Content-Type:application/json”

The above command returns an array structured like this:

{
  "groups": [
    {
      "name": "Group 1",
      "id":"role_7c5f0ce82ab0410eb3f2cdf50a799e6b"
    },
    {
      "name": "Group 2",
      "id":"role_92f8dff1a22748f1b56516cda7af7c8e"
    },
    {
      "name": "Group 3",
      "id":"role_8c5f0ce82ab0410eb3f2cdf50a799e6b"
    }
  ]
}

HTTP request

GET https://api.safetyculture.io/groups

Response

See the Errors section for more details.

List groups

curl "https://api.safetyculture.io/share/connections" \
-H "Authorization: Bearer {your access token}"

The above command returns JSON structured like this:

{
  "groups":
  [
    {
      "id": "role_e0d6f18b80e24c739c7b1bf77246e8dd",
      "name": "Acme Pty Ltd"
    },
    {
      "id": "role_08a05982612547518f7f5e63712ae9dc",
      "name": "Accounting Department"
    }
  ]
}

Use this endpoint to retrieve the name and ID of all groups the authenticated user is a member of.

HTTP request

GET https://api.safetyculture.io/share/connections

Response

The response will have the content type application/json and include an array of JSON objects with the following properties:

For users that are not members of any group an empty groups array will be returned. The maximum number of groups that will be returned with a single request is 1000. See Errors for possible errors that can be returned.

Add a group

The Add Group endpoint allows a user with Group Management permission to add a group to their organisation. This is a synchronous call which returns the name and group ID of the created group in the response.

curl -X POST \
"https://api.safetyculture.io/groups" \
-H "Authorization: Bearer {your access token}" \
-d '{ "name": "Accounting Department" }'

The above command returns JSON structured like this:

{
  "id": "role_08a05982612547518f7f5e63712ae9dc",
  "name": "Accounting Department"
}

Use this endpoint to add a group to your iAuditor organisation.

HTTP request

POST https://api.safetyculture.io/groups

Response

The response will have the content type application/json and include a JSON object with the following properties:

Error Codes

The iAuditor API uses the following error codes:

Limits

Rate limits

To ensure the stability and security of our servers requests sent to the API by the same user simultaneously at a high rate will be throttled. In that case the API will return a 429 HTTP status code with an error message Too Many Requests.

Our rate limiting policy consists of a hard throttling limit

Rate limit response headers

All responses sent from the API will include headers which can be used to help manage the rate which requests are being sent to the API.

Webhooks

Webhooks allow third-party services to receive near real-time inspection event notifications from SafetyCulture.

Webhooks are seen as one type of workflow that can be setup to be executed automatically when particular inspection events happen. Future workflows may include the ability to generate an inspection report automatically, send an email/sms or combine multiple action steps each time an inspection event takes place.

At the moment, workflows consist of a single step only which is to send a webhook.

Webhook workflows will be sent in the form of a POST HTTP request to the specified URL when an inspection event like audit_completed takes place.

Any inspection event in the top-level organisation of the user that registered the workflow will trigger the workflow. In other words, workflows are set up per organisation, not per user account.

To create a webhook workflow, register the URL within your application that will receive the webhook payload sent when the event is triggered.

To keep the payload size manageable, the webhook payload only contains a subset of the inspection and template information. The format of a webhook payload (here for the audit_started event) is included as example code.

Example webhook payload for an audit_started event

{
  "version": "1.0.0",
  "workflow_id": "workflow_8abb7bff902a43a5b3bd498f4bebb42j",
  "event": {
    "date_triggered": "2017-06-29T05:15:19.136Z",
    "event_types": [
      "audit_started"
    ],
    "triggered_by": {
      "type": "user",
      "user": "user_bb5b6ba050bf43c1b447b6f299de4b67",
      "name": "John Smith"
    }
  },
  "data": {
    "audit": {
      "template_id": "template_ca59d625954f4d51baf394400d6e3z87",
      "audit_id": "audit_7e9ee886325a4fb096989c3e2896e876",
      "archived": false,
      "created_at": "2017-06-29T05:15:18.511Z",
      "modified_at": "2017-06-29T05:15:18.511Z",
      "audit_data": {
        "score": 0,
        "total_score": 0,
        "name": "",
        "duration": 0,
        "authorship": {
          "device_id": "user_bb5b6ba050bf43c1b447b6f299de4b67",
          "owner": "John Smith",
          "owner_id": "user_bb5b6ba050bf43c1b447b6f299de4b67",
          "author": "John Smith",
          "author_id": "user_bb5b6ba050bf43c1b447b6f299de4b67"
        },
        "date_completed": null,
        "date_modified": "2017-06-29T05:15:18.509Z",
        "date_started": "2017-06-29T05:15:18.509Z"
      },
      "template_data": {
        "authorship": {
          "device_id": "8a582619-95e9-43e8-b671-6h765745b200",
          "owner": "John Smith",
          "owner_id": "user_bb5b6ba050bf43c1b447b6f299de4b67",
          "author": "John Smith",
          "author_id": "user_bb5b6ba050bf43c1b447b6f299de4b67"
        },
        "metadata": {
          "description": "",
          "name": "test"
        }
      },
      "header_items": [
        {
          "item_id": "f3245d39-ea77-11e1-aff1-0800200c9a78",
          "label": "Title Page",
          "type": "section",
          "children": [
            "f3245d46-ea77-11e1-aff1-0800200c9a66",
            "f3245d40-ea77-11e1-aff1-0800200c9a66",
            "f3245d41-ea77-11e1-aff1-0800200c9a66",
            "f3245d42-ea77-11e1-aff1-0800200c9a66",
            "f3245d43-ea77-11e1-aff1-0800200c9a66",
            "f3245d44-ea77-11e1-aff1-0800200c9a66",
            "f3245d45-ea77-11e1-aff1-0800200c9a66"
          ]
        },
        {
          "parent_id": "f3245d39-ea77-11e1-aff1-0800200c9a66",
          "item_id": "f3245d46-ea77-11e1-aff1-0800200c9a66",
          "label": "Document No.",
          "type": "textsingle",
          "responses": {
            "text": "000027"
          }
        },
        {
          "parent_id": "f3245d39-ea77-11e1-aff1-0800200c9a66",
          "item_id": "f3245d45-ea77-11e1-aff1-0800200c9a66",
          "label": "Personnel",
          "type": "text"
        }
      ]
    },
    "template": {
      "template_id": "template_ca59d625954f4d51baf394400d6e3z87",
      "name": "test"
    }
  }
}

If the service receiving the webhook replies with an error, the webhook will be retried with an exponentially increasing delay. A total of 18 attempts are made over 3 days at the following time intervals (in seconds):

0.5 2 5.5 13 28.5 60 123.5 251 506.5 1018 2041.5 4089 8184.5 16376 32759.5 65527 131062.5

Webhook delivery is on a best effort basis, no guarantee is provided that a particular webhook will be delivered within a time frame or at all. The Search Inspections functionality can help client code verify which inspections changed in a given date range and to compare with received wehbooks to ensure completeness.

When inspections are processed on a mobile device (as opposed to the iAuditor web application or using the API directly), workflows will only be triggered when these inspections are synced to the SafetyCulture backend.

In the following sections we describe how to perform CRUD operations on webhook workflows.

Register a workflow

curl \
  -H "Authorization: Bearer {your access token}" \
  -H "Content-Type:application/json" \
  -X POST "https://api.safetyculture.io/workflows" \
  -d '{
         "trigger_events": ["audit_completed", "audit_archived"],
         "steps": [
           {
             "url": "https://example.com",
             "type": "webhook"
           }
         ]
      }'

The above command returns JSON structured like this

{
  "workflow_id": "workflow_de6790b9f3b047018c73c02267ada1b2",
      "trigger_events": [
          "audit_completed", "audit_archived"
      ],
      "steps": [
          {
              "url": "https://example.com",
              "type": "webhook",
              "id": "workflowstep_63aa1e21816f4bf78e6d3a4f7cbfaef1"
          }
      ],
      "user_id": "user_7db5002c72754d2a99ac1e4b82f088be",
      "org_id": "role_7db5002c72754d2a99ac1e4b82f088be",
      "enabled": true,
      "updated_at": "2017-06-19T03:51:12.299Z",
      "created_at": "2017-06-19T03:51:12.299Z",
      "version": "1.0.0"
}

This endpoint allows you to register a workflow for a given event type. The following event types are supported so far: audit_completed, audit_archived, audit_started, audit_updated and audit_unarchived

In addition to changes in inspection responses, the audit_updated event will be triggered when the inspection is started or the inspection’s sharing permissions change.

HTTP request

POST https://api.safetyculture.io/workflows

Request body

The body should use the content type application/json with the following required parameters:

Response

The response will have the content type application/json and include the following parameters:

See the Errors section for more details.

Get a workflow

curl "https://api.safetyculture.io/workflows/workflow_37afc5890aa94e778bbcde4fc4cbe480 \
  -H "Authorization: Bearer {your access token}" \
  -H "Content-Type:application/json"

The above command returns JSON structured like this

{
  "workflow_id": "workflow_37afc5890aa94e778bbcde4fc4cbe480",
      "trigger_events": [
          "audit_completed"
      ],
      "steps": [
          {
              "url": "https://example.com",
              "type": "webhook",
              "id": "workflowstep_37afc5890aa94e778bbcde4fc4cbe480"
          }
      ],
      "user_id": "user_37afc5890aa94e778bbcde4fc4cbe480",
      "org_id": "role_37afc5890aa94e778bbcde4fc4cbe480",
      "enabled": true,
      "updated_at": "2017-06-19T03:51:12.299Z",
      "created_at": "2017-06-19T03:51:12.299Z",
      "version": "1.0.0"
}

This endpoint allows you to retrieve the workflow with the given workflow ID.

HTTP request

GET https://api.safetyculture.io/workflows/<workflow_id>

URL parameters

Response

The response will have the content type application/json and include the following parameters:

See the Errors section for more details.

Get workflows

curl "https://api.safetyculture.io/workflows?org_id=role_37afc5890aa94e778bbcde4fc4cbe480" \
 -H "Authorization: Bearer {your access token}" \
 -H "Content-Type:application/json"

The above command returns JSON structured like this

[
 {
      "workflow_id": "workflow_37afc5890aa94e778bbcde4fc4cbe480",
      "trigger_events": [
          "audit_completed"
      ],
      "steps": [
          {
              "url": "https://example.com",
              "type": "webhook",
              "id": "workflowstep_37afc5890aa94e778bbcde4fc4cbe480"
          }
      ],
      "user_id": "user_37afc5890aa94e778bbcde4fc4cbe480",
      "org_id": "role_37afc5890aa94e778bbcde4fc4cbe480",
      "enabled": true,
      "updated_at": "2017-06-19T03:51:12.299Z",
      "created_at": "2017-06-19T03:51:12.299Z",
      "version": "1.0.0"
 },
 {
       "workflow_id": "workflow_45afc5890aa94e778bbcde4fc4cbe480",
       "trigger_events": [
           "audit_completed"
       ],
       "steps": [
           {
               "url": "https://example.com",
               "type": "webhook",
               "id": "workflowstep_45afc5890aa94e778bbcde4fc4cbe480"
           }
       ],
       "user_id": "user_45afc5890aa94e778bbcde4fc4cbe480",
       "org_id": "role_37afc5890aa94e778bbcde4fc4cbe480",
       "enabled": true,
       "updated_at": "2017-06-19T03:51:12.299Z",
       "created_at": "2017-06-19T03:51:12.299Z",
       "version": "1.0.0"
 }
]