API Endpoint Maintenance

Coming Soon!

The API Endpoint Maintenance program is currently only available to a select group of beta-testing schools. It will be rolled out to all schools in a future release.

Overview

The ‘API Endpoint Maintenance’ program allows you to create API Endpoint User Accounts and manage their access.

You can access this program from TASS.web System Admin > Utilities > API Endpoint Maintenance.

This program provides a secure way for API integration partners to access school data from TASS. You can assign each API Endpoint User permissions to add, update, read, and delete endpoints, protecting data by preventing under-fetching and over-fetching. Each user receives a key and secret to verify their identity before accessing assigned endpoints.

Refer to ‘How to Setup a New API Endpoint User Account’ for more information.

API Documentation can be found here: api.developer.tassweb.com.au.

Read the ‘Introduction’, then select your TASS Software Version from the ‘Version’ drop-down list. There is a separate section and documentation for each API Endpoint.

Check out the ▶️ Introduction to API Endpoint Maintenance Video and ▶️ TASS's New API Program Webinar 2026 Video for more information.

Click here for an Administrator Note.

User Security Permissions

This program requires users to have the ‘API Endpoint Maintenance’ permissions enabled in TASS.web System Admin > Users > User Maintenance or TASS.web System Admin > Users > Security Role Permissions.

On the ‘API Endpoint Maintenance User Grid’ screen:

The ‘View’ icon is active only when the logged-in user has the ‘View’ permission enabled, but not ‘Edit’.

The ‘Edit’ icon is active only if the user has ‘Edit’ permission.

The 'Copy’ icon activates with ‘Add’ permission.

The ‘Key’ icon is active when ‘Edit’ permissions are granted.

The ‘Delete’ icon is available with ‘Delete’ permission.

The ‘+Add New User’ button is only active when the logged-in user has the ‘Add’ permission enabled.

API Endpoint Maintenance User Grid

When you open the program, the ‘API Endpoint Maintenance User Grid’ appears, showing all the API user accounts created by the school and their current status.

Grid Column

Description

User Code

This column displays the ‘User Code’ that was automatically generated for the API User Account when it was created. This code cannot be changed.

User Name

This column displays the ‘User Name’ that was entered when the account was created. This can be edited via the ‘Edit’ icon in the Action column if needed.

Enabled

This column indicates the user's status based on what has been selected in the ‘Enabled’ checkbox field on the ‘Add/Edit —API Endpoint User’ screen.

	A ‘green tick’ icon indicates that the API User Account is enabled, and the user can access their assigned endpoints.
	A ‘red cross’ icon indicates the API User Account is not enabled, and the user cannot access any assigned endpoints.

Action

	The ‘View’ icon opens the 'View—API Endpoint User’ screen. See the ‘Add a New User’ section below for details about this screen's fields. This icon only appears to users without editing permissions.
	The ‘Edit’ icon takes you to the 'Edit—API Endpoint User’ screen. See the ‘Add a New User’ section below for more information about the fields on this screen.
	The ‘Copy’ icon duplicates the selected API Endpoint User Account’s companies, endpoints and permissions, then opens a screen to create a new user with the same access. From here, you can modify the assigned companies, endpoints, and permissions as needed. The ‘Copy - API Endpoint User’ screen features a layout similar to the ‘Add - API Endpoint User’ screen. Refer to the ‘Add a New User’ section below for further details.
	The ‘Key’ icon generates the Key and Secret for the API Endpoint User Account. After you have generated the Key and Secret, this screen also displays a list of related actions, along with the dates and times each action occurred. Refer to the ‘Key Generation' section below for more information about generating a key for a new API Endpoint User Account. To regenerate a key for an existing API Endpoint User, click ‘Delete’. Enter a ‘Passphrase’ with a minimum of 15 characters, define the ‘Link Expiry Time (hours)’, then click the 'Generate’ button to resend the access email.
	The ‘Delete’ icon allows you to delete the API Endpoint User Account if required.

Adding a New User

To create a new API Endpoint User Account, click ‘+Add New User’ in the top right corner of the screen.

API Endpoint User

* User Name

Enter a ‘User Name’ for the API Endpoint User Account. This could be either a person's name or a company’s name.

Purpose

This optional field can be used to track the reason each user account was created and its intended use.

* Enabled

Select this checkbox to enable the user account and allow the user to access their assigned companies and endpoints.

Deselect this checkbox to disable the user account and prevent the user from accessing any assigned companies and endpoints.

* Contact Name

Enter the name of the contact person for the API Endpoint User Account.

* Contact Email

Enter an email address for the API Endpoint User Account.

This is the email address where the ‘Key’ and ‘Secret’ information will be sent.

Contact Phone

Enter a phone number for the API Endpoint User Account.

Companies

The ‘Companies’ section allows you to define which company data sets the API Endpoint User Account can access.

Click the ‘+ Add Company’ button, select a Company from the dropdown list, then click ‘Add.’ The selected Company Code and Name will then appear in the ‘Companies’ section of the screen.

To delete Company access, click the ‘Delete’ icon in the Action column in the same row as the Company you wish to delete.

Endpoints

The ‘Endpoints’ section is where you can define which API endpoints and fields the API Endpoint User account can access.

Click ‘+ Add Endpoint’, select the checkboxes for each API endpoint the user should access, then click ‘Add’. The selected endpoints will then appear in the ‘Endpoints’ section of the screen.

Endpoint access modifications can only be made using the ‘Edit’ or ‘Delete’ icons.

Endpoints displaying an ‘Alert’ icon must have a User Security Role assigned to them by clicking the ‘Edit’ icon in the Action column. User Security Roles can be reviewed and created in TASS.web System Admin > Users > Security Role Permissions.

	Select the ‘View’ icon in the Action column to review which actions the user can carry out for each endpoint. This icon only appears to users without editing permissions.
	Select the ‘Edit’ icon in the Action column to specify which actions the user can carry out for each endpoint. Some endpoints have permissions enabled automatically, while others do not and require manual assignment.
	To delete Endpoint access, click the ‘Delete’ icon in the Action column in the same row as the Endpoint you wish to delete.

After endpoint permissions have been assigned, you can see a summary of the assigned endpoints and their settings on the screen. in the ‘Enabled’, ‘Read’, ‘Add’, ‘Update’ and 'Delete' columns.

	A ‘green tick’ icon indicates that the API Endpoint User has permission to the specified API Endpoint and/or permission point.
	A ‘red cross’ icon indicates the API Endpoint User does not have permission to the specified API Endpoint and/or permission point.

The ‘Fields' columns, right of the ‘Read' and 'Update' columns, show 'All' if the user has permissions for all fields, or 'Custom' if a custom set of field permissions is defined. To review or modify a user's field access, click 'Edit’ in the Action column, then 'Edit’ in the 'Fields' section of the 'Edit API Endpoint' screen.

Click ‘Save’ to add the new API Endpoint User Account to your TASS database.

Key Generation

After creating a new API Endpoint User Account, click the ‘Key’ icon in the Action column. The ‘Key Generation’ screen will then appear.

The ‘Key Generation' screen shows the following messages to indicate the status of the key generation process:

The user does not currently have a key.	This message appears when the user does not have a key generated.
User has successfully accessed key.	This message appears if the user has successfully accessed their key.
User has been sent email link but has yet to view key.	This message appears if a key has been generated, but the user has not successfully accessed it.
There have been 3 unsuccessful verification attempts.	This message appears if there have been 3 unsuccessful verification attempts.
Verification link has expired.	This message appears if the verification link has expired based on the ‘Link Expiry Time’ entered when generating the Key and Secret.

Fields that require further explanation
Passphrase	Enter a ‘Passphrase’ with a minimum of 15 characters. This passphrase enables the API Endpoint User to access the ‘Key/Secret’ link, which will be sent to the 'Contact Email' once the key has been generated. A secure method must be used to share the Passphrase with the user.
* Link Expiry Time (hours)	Use the drop-down list to select how long the ‘Key/Secret’ link and ‘Passphrase’ will remain active. The link sent in the email will expire if the verification process is not completed within the nominated ‘Link Expiry Time (hours)’.
Link Expiry	This read-only field indicates the date and time that the ‘Key/Secret’ link and ‘Passphrase’ will expire based on the expiry time selected in the field above. The date is displayed in DD/MM/YYYY. The time is displayed in 12-hour HH:MM AM/PM format.
Action Date/Time	The ‘Action’ section lets you view a list of key-related actions started after the key was generated, including the dates and times each action took place. Example Key/secret generated and email sent 24/06/2025 03:45 PM Verification expired 24/06/2025 09:45 PM Key/secret deleted 25/06/2025 09:05 AM Key/secret generated and email sent 25/06/2025 09:07 AM Verification successful 25/06/2025 09:28 AM

Click ‘Generate’ to create the 'Key/Secret’ and send the access email to the Contact Email entered on the ‘Add-API Endpoint User’ screen.

To regenerate a Key/Secret for an existing API Endpoint User, click ‘Delete’. Enter a ‘Passphrase’ with a minimum of 15 characters, define the ‘Link Expiry Time (hours)’, then click the 'Generate’ button to resend the email.

A secure method must be used to share the passphrase with the API Endpoint User. The user will need this passphrase to access the link to the Key and Secret provided in the email.

Example of the email sent to the API Endpoint User.

From: noreply@school.edu.au

Subject: TASS API User Registration

Message:

Hi <USER NAME>

Below is a link to view your key and secret for the TASS API for:

<COMPANY NAME>

Please note that for security reasons, you will only be able to view your key and secret once. Please store the Key and Secret securely and contact the school if you require new credentials.

Link: <KEY AND SECRET LINK>

Important!

The Key and Secret will be shared only once, so the API Endpoint User needs to store them securely. If the new Key and Secret are lost, the API Endpoint User must contact the school to have a new key generated.

After accessing the Key and Secret and verifying the API Endpoint User, the Action column will display the verification date and time, with a message at the top stating, ‘User has successfully accessed the key.’

API Documentation

Information about each API endpoint is available at api.developer.tassweb.com.au. Visit this site to view the requirements for each endpoint. Read the ‘Introduction’, then select your TASS Software Version from the ‘Version’ drop-down list. There is a separate section and documentation for each API Endpoint.

Accessing API Endpoints

Read the ‘Introduction’ section of api.developer.tassweb.com.au, then select your TASS Software Version from the ‘Version’ drop-down list. There is a separate section and documentation for each API Endpoint.

Each new user must be authenticated before they can access the endpoints. Refer to the 'User - Authenticate' section of api.developer.tassweb.com.au for more information.