API Endpoint Maintenance from v01.2026.05.200
Coming Soon!
From v01.2026.05.200, this program includes a comprehensive logging and analytics suite. This updated version of the API Endpoint Maintenance page is intended for Friendly Schools to review the enhancement details. Refer to the TASS Release Notes for more information.
Overview
The ‘API Endpoint Maintenance’ program allows you to create API Endpoint User Accounts and manage their access.
You can access this program from TASS.web System Admin > Utilities > API Endpoint Maintenance.
This program provides a secure way for API integration partners to access school data from TASS. You can assign each API Endpoint User permissions to add, update, read, and delete endpoints, protecting data by preventing under-fetching and over-fetching. Each user receives a key and secret to verify their identity before accessing assigned endpoints.
The program also includes a detailed logging and analytics suite for API endpoints. School administrators can view real-time API audit logs, user activity stats, endpoint usage data, and error reports. This allows schools to actively monitor API performance, identify integration issues faster, and make informed decisions about API access and usage.
Refer to ‘How to Setup a New API Endpoint User Account’ for more information.
API Documentation can be found here: api.developer.tassweb.com.au.
Read the ‘Introduction’, then select your TASS Software Version from the ‘Version’ drop-down list. There is a separate section and documentation for each API Endpoint.
Check out the ▶️ Introduction to API Endpoint Maintenance Video and ▶️ TASS's New API Program Webinar 2026 Video for more information.
User Security Permissions
This program requires users to have the ‘API Endpoint Maintenance’ permissions enabled in TASS.web System Admin > Users > User Maintenance or TASS.web System Admin > Users > Security Role Permissions.
On the ‘API Endpoint Maintenance User Grid’ screen:
The ‘View’ icon is active only when the logged-in user has the ‘View’ permission enabled, but not ‘Edit’.
The ‘Edit’ icon is active only if the user has ‘Edit’ permission.
The 'Copy’ icon activates with ‘Add’ permission.
The ‘Key’ icon is active when ‘Edit’ permissions are granted.
The ‘Delete’ icon is available with ‘Delete’ permission.
The ‘+Add New User’ button is only active when the logged-in user has the ‘Add’ permission enabled.
Recent Errors
The ‘Recent Errors’ section appears when opening the program and lists the top 10 most recent errors. The error code appears in red, with the error message beside it when applicable. Grey text below each code summarises the API Audit Log, including Request Date/Time, User Name, HTTP Method, and Endpoint details.
Click ‘View All’ in the section header to open the API Audit Logs screen with only error codes selected in the ‘Status Code’ column. From here, you can select your preferred filters and view all errors.
Click the 
‘Error Details’ icon next to each listed error to open the ‘Error Details' screen and view additional information about the request, including Request ID, IP Address, Elapsed Time (ms), Request Length, Response Length, User Agent, Query Parameters, Error Message, and Stack Trace details.
Top Users
The ‘Top Users’ section on the right side of the screen lists the top 5 API Endpoint User Names, and details the total number of endpoint requests they have made.
Click ‘View All’ in the section header to open the ‘All User Statistics’ screen. From here, you can see statistics for all users.
Click the ‘View Details’ icon next to each listed user to open the ‘User Statistics’ screen. Here, you can see the user's last activity date and time, along with detailed Endpoint Statistics.
The ‘Endpoint Statistics’ section shows the total number of times the user accessed the endpoint and the HTTP methods used. Each HTTP method includes details on the number of times each method has been used, the Average Call Time (ms), Data Received (KB), and Data Sent (KB). Use the drop-down list in the section header to display either the ‘Top 5’ endpoint statistics or ‘All’.
The ‘Recent Errors’ section lists the top 10 most recent errors that the selected user has received. The error code appears in red, with the error message beside it when applicable. Grey text below each code summarises the API Audit Log, including Request Date/Time, User Name, HTTP Method, and Endpoint details. Click the ‘Error Details’ icon to open the ‘Error Details' screen and view additional information about the request, including Request ID, IP Address, Elapsed Time (ms), Request Length, Response Length, User Agent, Query Parameters, Error Message, and Stack Trace details.
Click the ‘View Logs’ button to open the API Audit Logs screen with the user's name selected in the ‘Users’ column. Then, select filters to view detailed user activity. See the API Audit Logs section below for more information.
Click the ‘Refresh’ button to update the screen with real-time activity data.
Top Endpoints
The 'Top Endpoints' section on the right side of the screen lists the top 5 most used API endpoints and their total request counts.
Click ‘View All’ in the section header to open the ‘All Endpoint Statistics’ screen. From here, you can see statistics for all API Endpoints.
Click the ‘View Details’ icon next to each listed endpoint to open the ‘Endpoint Statistics’ screen. This section shows the endpoint details, including the last activity date and time, request statistics, and user statistics for the selected endpoint.
The ‘Request Statistics’ section shows endpoint request statistics for each HTTP Method, including the number of times each method has been used, the Average Call Time (ms), Data Received (KB), and Data Sent (KB).
The ‘User Statistics' section displays endpoint statistics broken down by user name. Click the 'View User’ icon next to a user to open the 'User Statistics' screen for details on other endpoints the user has accessed.
Click the ‘View Logs’ button to open the API Audit Logs screen. From here, you can select your preferred filters for user activity. See the API Audit Logs section below for more information.
Click the ‘Refresh’ button to update the screen with real-time activity data.
API Endpoint Maintenance User Grid
When you open the program, the ‘API Endpoint Maintenance User Grid’ appears below the API Audit Logs. It shows all the API user accounts created by the school and their current status.
Grid Column | Description | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
User Code | This column displays the ‘User Code’ that was automatically generated for the API User Account when it was created. This code cannot be changed. | ||||||||||||||
User Name | This column displays the ‘User Name’ that was entered when the account was created. This can be edited via the ‘Edit’ icon in the Action column if needed. | ||||||||||||||
Enabled | This column indicates the user's status based on what has been selected in the ‘Enabled’ checkbox field on the ‘Add/Edit —API Endpoint User’ screen.
| ||||||||||||||
Action |
|
Adding a New User
To create a new API Endpoint User Account, click ‘+Add New User’ in the top right corner of the screen.
API Endpoint User | |||||||||||
* User Name | Enter a ‘User Name’ for the API Endpoint User Account. This could be either a person's name or a company’s name. | ||||||||||
Purpose | This optional field can be used to track the reason each user account was created and its intended use. | ||||||||||
* Enabled | Select this checkbox to enable the user account and allow the user to access their assigned companies and endpoints. Deselect this checkbox to disable the user account and prevent the user from accessing any assigned companies and endpoints. | ||||||||||
* Contact Name | Enter the name of the contact person for the API Endpoint User Account. | ||||||||||
* Contact Email | Enter an email address for the API Endpoint User Account. This is the email address where the ‘Key’ and ‘Secret’ information will be sent. | ||||||||||
Contact Phone | Enter a phone number for the API Endpoint User Account. | ||||||||||
Companies | |||||||||||
The ‘Companies’ section allows you to define which company data sets the API Endpoint User Account can access. Click the ‘+ Add Company’ button, select a Company from the dropdown list, then click ‘Add.’ The selected Company Code and Name will then appear in the ‘Companies’ section of the screen. To delete Company access, click the ‘Delete’ icon in the Action column in the same row as the Company you wish to delete. | |||||||||||
Endpoints | |||||||||||
The ‘Endpoints’ section is where you can define which API endpoints and fields the API Endpoint User account can access. Click ‘+ Add Endpoint’, select the checkboxes for each API endpoint the user should access, then click ‘Add’. The selected endpoints will then appear in the ‘Endpoints’ section of the screen. Endpoint access modifications can only be made using the ‘Edit’ or ‘Delete’ icons. Endpoints displaying an ‘Alert’ icon must have a User Security Role assigned to them by clicking the ‘Edit’ icon in the Action column. User Security Roles can be reviewed and created in TASS.web System Admin > Users > Security Role Permissions.
After endpoint permissions have been assigned, you can see a summary of the assigned endpoints and their settings on the screen. in the ‘Enabled’, ‘Read’, ‘Add’, ‘Update’ and 'Delete' columns.
The ‘Fields' columns, right of the ‘Read' and 'Update' columns, show 'All' if the user has permissions for all fields, or 'Custom' if a custom set of field permissions is defined. To review or modify a user's field access, click 'Edit’ in the Action column, then 'Edit’ in the 'Fields' section of the 'Edit API Endpoint' screen. | |||||||||||
Click ‘Save’ to add the new API Endpoint User Account to your TASS database.
Key Generation
After creating a new API Endpoint User Account, click the ‘Key’ icon in the Action column. The ‘Key Generation’ screen will then appear.
The ‘Key Generation' screen shows the following messages to indicate the status of the key generation process:
|
The user does not currently have a key. | This message appears when the user does not have a key generated. |
|
User has successfully accessed key. | This message appears if the user has successfully accessed their key. |
|
User has been sent email link but has yet to view key. | This message appears if a key has been generated, but the user has not successfully accessed it. |
|
There have been 3 unsuccessful verification attempts. | This message appears if there have been 3 unsuccessful verification attempts. |
|
Verification link has expired. | This message appears if the verification link has expired based on the ‘Link Expiry Time’ entered when generating the Key and Secret. |
Fields that require further explanation | |
| Enter a ‘Passphrase’ with a minimum of 15 characters. This passphrase enables the API Endpoint User to access the ‘Key/Secret’ link, which will be sent to the 'Contact Email' once the key has been generated. A secure method must be used to share the Passphrase with the user. |
* Link Expiry Time (hours) | Use the drop-down list to select how long the ‘Key/Secret’ link and ‘Passphrase’ will remain active. The link sent in the email will expire if the verification process is not completed within the nominated ‘Link Expiry Time (hours)’. |
Link Expiry | This read-only field indicates the date and time that the ‘Key/Secret’ link and ‘Passphrase’ will expire based on the expiry time selected in the field above. The date is displayed in DD/MM/YYYY. The time is displayed in 12-hour HH:MM AM/PM format. |
Action Date/Time | The ‘Action’ section lets you view a list of key-related actions started after the key was generated, including the dates and times each action took place. Example Key/secret generated and email sent 24/06/2025 03:45 PM Verification expired 24/06/2025 09:45 PM Key/secret deleted 25/06/2025 09:05 AM Key/secret generated and email sent 25/06/2025 09:07 AM Verification successful 25/06/2025 09:28 AM |
Click ‘Generate’ to create the 'Key/Secret’ and send the access email to the Contact Email entered on the ‘Add-API Endpoint User’ screen.
To regenerate a Key/Secret for an existing API Endpoint User, click ‘Delete’. Enter a ‘Passphrase’ with a minimum of 15 characters, define the ‘Link Expiry Time (hours)’, then click the 'Generate’ button to resend the email.
A secure method must be used to share the passphrase with the API Endpoint User. The user will need this passphrase to access the link to the Key and Secret provided in the email.
Example of the email sent to the API Endpoint User.
From: noreply@school.edu.au
Subject: TASS API User Registration
Message:
Hi <USER NAME>
Below is a link to view your key and secret for the TASS API for:
<COMPANY NAME>
Please note that for security reasons, you will only be able to view your key and secret once. Please store the Key and Secret securely and contact the school if you require new credentials.
Link: <KEY AND SECRET LINK>
Important!
The Key and Secret will be shared only once, so the API Endpoint User needs to store them securely. If the new Key and Secret are lost, the API Endpoint User must contact the school to have a new key generated.
After accessing the Key and Secret and verifying the API Endpoint User, the Action column will display the verification date and time, with a message at the top stating, ‘User has successfully accessed the key.’
API Documentation
Information about each API endpoint is available at api.developer.tassweb.com.au. Visit this site to view the requirements for each endpoint. Read the ‘Introduction’, then select your TASS Software Version from the ‘Version’ drop-down list. There is a separate section and documentation for each API Endpoint.
Accessing API Endpoints
Read the ‘Introduction’ section of api.developer.tassweb.com.au, then select your TASS Software Version from the ‘Version’ drop-down list.
There is a separate section and documentation for each API Endpoint.
Each new user must authenticate by entering their Key and Secret (which were emailed to them) to generate a bearer token before they can access the endpoints. This bearer token must then be included in each request sent to verify the user's identity.
Bearer tokens are valid for 15 minutes. If you work in the API for longer than this, obtain a new bearer token by running the ‘POS User - Authenticate’ call again.
Refer to the 'POS User - Authenticate' section of api.developer.tassweb.com.au for more information.
Refer to ‘How to Setup a New API Endpoint User Account’ for more information.
TASS Support does not cover assistance for uncertified third-party software accessing the TASS database, internally developed products, scripts, or systems using TASS APIs, or integration points within a TASS API not certified for that vendor. This includes products such as Postman. The third-party API platforms that your school chooses to use are at the discretion of the leadership at your school.
Most schools can use and access the API Endpoints immediately. However, a few need TASS Technical Services to install an update on their server first. If your school requires this installation, you would have received information about this in the email communications for the v01.2026.01.201 TASS Software Release. To book an API installation, visit Stack Booking.
API Audit Logs
The ‘API Audit Logs’ screen can be accessed by clicking the ‘View Logs’ button located in the top right corner of the API Endpoint Maintenance landing page. This is where users can apply filters to search for specific user activity, endpoint usage, or errors.
Display Filters
Filtering Options | Description |
|---|---|
Date From Date To | Use the date filters to select the date range of records for the API Audit Logs Grid. The date range cannot exceed 60 days. |
Error Message | Enter text in this field to search for keywords related to an error message. |
HTTP Methods | Use the ‘HTTP Methods’ filter to select HTTP methods DELETE, GET, PATCH, POST, and PUT for inclusion in the API Audit Logs Grid. This is a multi-select field. Hold the 'Shift' key while clicking to select a range, and hold the 'Ctrl' key to select additional methods individually. |
Status Code | Use the ‘Status Code’ filtering option to select status codes to be displayed in the API Audit Logs Grid. Select the 'Errors Only' checkbox to select all error-related status codes. Only status codes recorded in the audit logs appear in this list. This is a multi-select field. Hold the 'Shift' key while clicking to select a range, and hold the 'Ctrl' key to select additional codes individually. |
Users | Use the ‘Users’ filter to select a specific User Name for display in the API Audit Logs Grid. This list includes both enabled and disabled users. This is a multi-select field. Hold the 'Shift' key while clicking to select a range, and hold the 'Ctrl' key to select additional users individually. |
Companies | Use the ‘Companies' filter to select specific Companies for display in the API Audit Logs Grid. This is a multi-select field. Hold the 'Shift' key while clicking to select a range, and hold the 'Ctrl' key to select additional companies individually. |
Endpoints | Use the ‘Endpoints’ grid filter to select specific Endpoints for display in the API Audit Logs Grid. This list includes only endpoints accessed and recorded in the audit logs. It shows a generic URL, while the grid shows the actual URL used for the call. This is a multi-select field. Hold the 'Shift' key while clicking to select a range, and hold the 'Ctrl' key to select additional endpoints individually. |
Click 'Apply Filters' to generate the API Audit Logs Grid based on your selected filtering options.
Use the ‘Clear Filters’ button to reset your filters and select new ones.
API Audit Logs Grid
The ‘API Audit Logs Grid’ displays data based on your selected Display Filters. The row at the top of the grid indicates how many records are loaded on the screen and contains the following data columns.
Grid Column | Description |
|---|---|
Request Date/Time | This column displays the Date and Time in YYYY-MM-DD HH:MM:SS format. |
User Name | This column displays the User Name details. |
Method | This column displays the HTTP Method used. |
Endpoint | This column shows the actual endpoint URL used for the call, including the company code or record ID when applicable. |
Status | This column displays the Status Code. |
Error Message | This column displays the Error Message for Error Codes only. |
| Click the |