Articles in this section

ASAP API Update

  • Updated
Follow

Important Update: API Authentication Version 2 - Method Change

June 2025

 

Overview

To enhance the security and reliability of our public API, ASAP has updated its authentication method and released a new version of our API Authentication method. This change affects how clients authenticate when integrating with our platform.

  • In Version 1, authentication was performed using a GET request with credentials passed in the URL or headers. The Version 1 method will be retired in Summer 2025.
  • Version 2 is a more secure and modern approach, using a POST request with credentials included in the request body as JSON. Version 2 is now live. 

Both versions currently run simultaneously. We will retire Version 1 during the summer of 2025. 

 

Why This Change Matters

Version 1 GET-based method posed potential security risks, particularly around the exposure of sensitive credentials in URLs or logs. Version 2 POST-based authentication method offers several key benefits:

  • Improved security: Credentials are transmitted in the request body, reducing the risk of interception or accidental exposure.
  • Standards compliance: Aligns with best practices for API authentication in modern web applications.

  • Better compatibility: Easier integration with contemporary development frameworks and tools.

     

 

What You Need to Do to Switch to Authentication V2

For Developers and Technical Users

You must now authenticate using a POST request to the following endpoint:

POST https://api.asapconnected.com/api/login

Request Format

The request body must be in JSON format and include the following parameters:

{
  "apiKey": "your_api_key",
  "user": "your_username",
  "organizationId": "your_organization_id",
  "password": "your_password"
}

Response

If authentication is successful, the server will return an HTTP 200 response and include an access token in the response header:

asap_accesstoken: your_access_token

This token must be included in the headers of all subsequent API requests:

asap_accesstoken: your_access_token

Note: The access token is valid for 2 hours. After expiration, you must re-authenticate to obtain a new token.

 

 

For Organizations Using Third-Party Integrations

If your organization uses a third-party integration (e.g., with an LMS, CRM, or financial system), we strongly recommend that you contact your integration provider to confirm that they have implemented the new POST-based authentication method.

To help guide that conversation, you can share the following:

“ASAP has updated its API authentication method to Version 2 to use a secure POST request with credentials in the JSON body. Please confirm that our integration has been updated to comply with this change.”

If your provider has not yet made this update, they may need access to our Developer Documentation. https://developer.asapconnected.com/Authentication.aspx

 

 

Frequently Asked Questions

Are we actively using the API? 

If you contact our support team, we can identify the last time an API token was created by your organization.

 

Which third-party integrations are we using with your API? 

At this time, we do not have a report or settings panel that identifies all third-party software or tools connecting to your ASAP data via the API. While we can see that API calls are being made, we’re unable to determine which specific tools or applications are making those requests.

 

I cannot identify the staff member who is actively using the API. What can I do? 

One possible way to identify usage is to temporarily change your API login credentials. This would cause any active API calls to fail, which may prompt the responsible party to contact you or our support team for assistance.

 

We integrate with a few third parties through the ASAP application (Canvas, Zoom, CASAS Tops, our payment gateway). Will we need to take any action to ensure these applications continue working? 

No. Canvas, Zoom, CASAS Tops and ALL payment gateways do not require any action on your part—they will continue to function without changes.

 

What if I’m using a third-party vendor like CI Solutions?

CI Solutions is currently working on updating their integration. Please reach out to them directly for a status update or ETA on when their implementation of the new authentication method will be complete.

 

We use CI Solutions' legacy product, and they’re recommending we upgrade to their new platform. Do you work with any other badge solution providers?

We do not currently work directly with any other badging solution providers.

 

Do you offer technical assistance or example code for implementing Version 2?

Please refer to our support resources:
👉ASAP API Authentication Version 2 Update
👉API Developer Site

If you encounter specific issues or have questions during implementation, feel free to contact our support team—we’re here to help!

 

Where should I include the access token in my requests?

Include it in the header of all API requests like so:

asap_accesstoken: your_access_token

 

I am receiving a 502 Bad Gateway error.  How do I fix this?

A 502 Bad Gateway error is typically caused by a missing Accept header. Be sure to include the following headers in your request:

Content-Type: application/json
Accept: application/json

Related articles

Powered by Zendesk