Requests made to the Geotab API are performed over HTTPS. The current API is version 1 — this is denoted in the API endpoint URL the web application will send requests to:
Note: The portions of the examples noted with < and > (e.g. <myserver>) indicate where the user will enter information specific to their requirements.
API request parameters and the results are transported in the lightweight JSON format. The API reference contains a listing of the methods that can be invoked, the parameters they expect and the results they return. Below are examples to illustrate the capabilities of the Geotab API.
Requests to the API can be invoked using HTTP GET or POST. HTTP POST requests uses the JSON-RPC standard. The following sections explain how to construct HTTP GET and POST requests to the Geotab API.
The MyGeotab API only allows making requests over secure connections (HTTPS). The minimum SSL/TLS version supported by the MyGeotab API is TLS v1.2.
Methods can be invoked via HTTP GET request as follows:
Here is a simple example of invoking the method GetVersion. This method does not require any parameters and can be called without credentials:
The HTTP response is returned as JSON. For example:
Where the version will be the current version on the server.
Here is a more complex example that requires parameters. For the sake of clarity, the example below is not URI (Universal Resource Identifier) encoded (more on this below). Both POST and GET requests are supported. This example shows a GET request that returns all devices (vehicles) and their properties.
The HTTP response is returned a JSON object (shortened for example purposes). The return will be in this format:
The full set of API methods and objects returned can be viewed by clicking on the API Reference. When utilizing methods which require the user to send their login credentials as part of the URL, it is advised to take precautions regarding visibility of their password to other parties.
To understand how the parameters were passed in the URL, consider the following JSON object that needs to be passed to the method:
Using an HTTP query string, all the JSON object properties above are serialized after the method name in the query string as key/value pairs, separated by ampersand characters as follows:
Note that in the examples above, the property credentials are objects. In this case, stringify the JSON object and set that as the property value. Also take note that the query string should be properly URI encoded; paste the example below here and select decode URL. The final HTTP GET request looks as follows:
When using HTTP POST request to invoke an API method, the same endpoint as the GET is used:
However, instead of encoding the method name and parameters in the query string, it is passed in the HTTP body using the JSON-RPC format. Geotab API version 1 supports JSON-RPC version 1.0.
Using the example above, a successful call to the server will result in an object with property “result”, in this format:
However, when the call is incorrect or an error is triggered on the server, the error will be returned as an object with property “error”. For example:
For all JSON-RPC errors this is always “JSONRPCError”.
The description of the likely root cause of the error.
An array of individual errors that were caught. Usually, there is at least one error in this array.
The name of the server exception. For example, “InvalidUserException”, “NullReferenceException”, etc.
The description associated with the server exception.
If there is a stack trace, this will be a string of method calls that led to this server exception triggering. This field may not always be present, depending on the server exception that was triggered.
See Example 3: Dealing with a database move or credential expiry for an example of a case where it would be useful to catch and handle errors.
The MyGeotab API supports gzip and deflate compression. To utilize either of these supported compression methods, include the HTTP header for “Accept-Encoding”. Ex:
Data is stored on one of many servers in our cloud. A group of servers is referred to as a federation of servers. For example, the my.geotab.com federation consists of my1.geotab.com, my2.geotab.com and many other servers.
While it is tempting to simply “hard code” the application to point to a particular server, such as my20.geotab.com, this is the incorrect approach. Over the course of time a database is not guaranteed to remain on the same server. It is common for load balancing to occur and resources to be transferred from one server to another as necessary. To prevent the application from losing its connection to the correct database, authentication calls must be made to the root federation server instead of making the request to a particular server.
As an example; making an authentication call to “my.geotab.com” and authentication occurring. Such a call could be made as:
Where the database, user and password are set by you.
If a redirect is necessary, the application will be informed and the correct server can be targeted. Below are special cases which should be considered when accessing the federation.
In this example, an authentication call is made to my.geotab.com to log into the database “acme” and the server responds that the server is correct (e.g. no need to redirect).
The path will either contain the URL of a server or the string value ThisServer. Since the database “acme” in this example is on my.geotab.com, it simply returns ThisServer as highlighted below. This means that the correct server has been targeted and there is no need for a redirect.
The credentials object contains the username, database and session ID. This object will be used in all subsequent calls (password not required when used).
In this example, an authentication call to my.geotab.com is made trying to log into database “acme”. Here the server responds that the database is located on my23.geotab.com. Subsequent calls are then directed to my23.geotab.com
The path will either contain the URL of a server or the string value ThisServer. Since the database “acme” in this example is on my23.geotab.com, the return is “my23.geotab.com” meaning that all subsequent requests should be directed at my23.geotab.com.
The credentials object contains the username, database and session ID. This object will be required in all subsequent calls to the server for security reasons (password not required when used).
The examples in the previous sections demonstrated how to specify which server to communicate with during authentication. There are however two additional situations to consider:
When this happens the next API call will fail with the following error object:
When the errors collection contains an object with name “InvalidUserException”, the authentication process must be repeated. This will indicate what the new server is and provide a new credentials object. If the authentication process returns an error, the user was likely changed, in this case another user will be required for the login.
To safeguard optimal functioning and ensure that poorly written SDK applications do not impact the overall system performance, a limit is imposed on Authentication calls. Starting in November 2016, the MyGeotab API will enforce limits on the number of Authentication requests it will accept. This change will start rolling out in November 2016 for new customers, and will be fully enforced for all customers by end of January 2017.
No more than 10 Authentication requests per minute are permitted for a user. Both successful and unsuccessful Authentication calls count towards the limit. When the Authentication limit has been exceeded, the server will return an OverLimitException until the limit is automatically reset every minute.
Authentication should be avoided by using the credentials object that is returned from an Authentication request for subsequent calls. It contains a token that confirms your identity for API operations. If the session expires or a database is moved, a new Authentication call should be made. This approach allows for efficient usage of Authentication requests and is detailed in the Authentication section above.
Credentials provided with password instead of or combined with session ID must be authenticated. Therefor, each request where credentials are provided in this way will tally against a given user’s authentication limits.
When exchanging dates as parameters to API methods, you must ensure that they are formatted properly as an ISO 8601 string (format yyyy-MM-ddTHH:mm:ss.fffZ). In addition, all dates will have to first be converted to UTC in order to ensure time zone information and daylight savings times are accounted for correctly.
As a general rule, MyGeotab uses the metric system for values such as speed (km/h) and distance (m). For example, if you queried the odometer reading for a vehicle, the value would be returned in meters or if you retrieved the current speed of a vehicle it would be in km/h. It does not matter in which region in the world the vehicle or user of MyGeotab system is located — we always return the values in metric. A simple conversion can be applied to these values should you wish to work in imperial units or other customized units instead.
Please note that MyGeotab also records various other status data (i.e. engine data) from the vehicle and these values can be in various units of measure. The units of measure are not provided by Geotab in all cases. Refer to the applicable SAE standard of the specific code for the associated unit of measure.
All objects in the MyGeotab system are called entities. Entities have an ID property that is used to uniquely identify that object in the database. The ID is an opaque string value that uniquely identifies the entity and no assumption about the format or length of this ID value should be made when comparing or storing the values.
An ID is used to uniquely reference entities in the API. IDs are represented by opaque strings. Generally the contents of the IDs are not significant for the user. Building logic around the value of the string should be avoided — unless it is a system ID (see the examples below).
In this example, a vehicle in the system and its ID value will be examined. Here is a partial JSON representation of a device object:
Note the "id" property with value “b0a46”. This is the unique identifier for the device (vehicle) with description “007 - Aston Martin”.
To find Trips for this vehicle all of the properties of the device do not have to be passed to the Get method. Instead, only the ID property of the device object is required. Below is an example of a valid parameter object (TripSearch) for passing into Get method. The deviceSearch with the ID property set to the value “b0a46” (as indicated in the example above) is passed.
Calling the Get method with the parameter defined above will return all trips for the vehicle “007 - Aston Martin”.
There are certain IDs that are predefined for system entities. For example the group that has been defined as the root group of all user groups, and called the CompanyGroup, will have an ID of “CompanyGroupId” rather than other characters (such as “b0a46” above). For example:
If the system entities do not have any properties then they are specified as strings with their ID’s name. For example the source “Obd” will be identified as “SourceObdId”.
The results of a call to our API will only contain literal values and the identities of contained objects — not the actual fully populated child objects. This provides a predictable system that efficiently serializes objects to JSON and back. Additional lookups of the nested objects will be required to retrieve additional properties of the objects.
For example, an engine status data record has a device property. If 1000 engine status data records are retrieved for a device, the status data’s device property will only contain the ID of the device. An additional retrieval for the devices object will be required to obtain the status data records. This approach has several benefits:
In the example below it can be seen how, by creating a dictionary of devices where the key is the device ID and the value is the device object, devices can be easily “stitched” into the status data records:
A MultiCall is a way to make several API calls against a server with a single HTTP request. This eliminates potentially expensive round trip costs.
Making an HTTP request over a network has overhead. This can be in the form of Network overhead, the round trip time to send and receive data over the network and HTTP overhead, the HTTP request and response headers. A MultiCall can be used to reduce amount of overhead in situations where many small requests need to be made to a server.
For example, if we make a request to get the max road speed from a set of points. The request would be constructed in a format similar to:
Making the assumption that it takes 100 milliseconds for this call round trip (the time from sending request to receiving the response), 40 milliseconds to send the request, 20 ms to process the data on the server and 40 ms for the response to be returned. Google's SPDY research project white paper states that “typical header sizes of 700-800 bytes is common”. Based on this assume a 750 byte cost when making a request. From the example, there would be 80 ms of network overhead and 750 bytes of HTTP overhead, this is accepted as the “cost of doing business” when making a request over a network.
Taking the previous assumptions, what would the overhead be for making 1000 requests for road max speeds? When individual calls are made to the server for 1000 addresses; the base (minimum) HTTP and Network overhead is required for each of these calls. This would result in 80 seconds (80,000 milliseconds) of network overhead and 5.72 MB (750,000 bytes) in headers just going to and from the server. It can be clearly seen that a great deal of overhead can be generated by making small but repeated requests.
By using a MultiCall, the network and HTTP overhead remains at the cost of a single request. This brings the overhead back down to our original 80 milliseconds and 750 bytes. The server processes each request and returns an Array of results when complete.
The above illustration is an extreme example to demonstrate the benefits of using a MultiCall. A MultiCall can (and should) be used to make short running calls of 2 or more requests more efficient than individual calls.
Making a MultiCall is very simple, use the method “ExecuteMultiCall” with the parameter “calls” of JSON type Array. Each call should be formatted as an Object with property “method” of type string with the method name as its value and a property “params” of type Object with the method parameters as its properties. The “params” object will also need to contain the user credentials if they are required for the method being called.
Yes, it is possible to use a search in a multicall.
There is no limit on the number of requests that can be made in a multicall. When making a large number of requests it may be desirable to “chunk” the requests into several requests of a smaller and more manageable size.
The index in the array of results will have a null value.
In a MultiCall, each request is run on the server in succession, when one fails the error results are returned immediately and unreached calls are not run.
To illustrate, let’s assume an array of calls (api.multicall([call-a, call-b, call-c])) where call-b is formatted incorrectly. On the server this would look similar to:
Alternatively, a successful MultiCall would look similar to: