Skip to content

FAQ

What type of API service does ProSuite use?

We use RESTful API.

What data format does the API use for its return?

We use JSON. Support for XML may be added in the future if there is sufficient interest.

What types of data transmission does the API Support?

The API supports both imports and exports unless there is a specific reason to only support one way. For example, the "Charge endpoint" family only supports exports because imports could break state reporting, citation interfaces, jail reporting etc if changed without full understanding of the system. The API documentation covers which methods are available for each endpoint.

What kind of support is available with the API?

When building an interface with a new vendor, our Product team will meet with your Vendor to help architect the interface and orient your vendor on the available documentation and endpoints. Additionally, similar to a custom interface, professional services hours can be contracted to assist in processes such as setting up the interface, helping match codes between the system, setting permissions, configuring forms etc.

I’m computer savvy, can I do anything with the API?

Yes, the API can be used for much more than interfacing with another vendor. Advanced users can make API calls to gather data for use in custom reporting solutions, to display on a website or can be used as the basis for homegrown applications. The API gives you access to your data; that data can be used to power all sorts of things! Your imagination and technical skills are the only limit.

Is the API secure?

Yes, the API is fully CJIS compliant including the ability to audit data access. The API also incorporates various industry best practices such as:

  • Messages are exchanged in an encrypted format (HTTPS).

  • Authentication is handled with JWT Bearer tokens (a complex, self-expiring “temporary password” generated when you authenticate).

  • The Bearer tokens are signed using a Public/Private key pair encryption algorithm (RSA256).

  • Bearer tokens are used by all endpoints to reduce potential exposure of user credentials.

  • User credentials are easily and immediately revocable in the event of a breach.

  • Specific permissions are required for each endpoint to limit the scope of any breach.

  • Additional security measures like IP whitelisting/blacklisting or firewall port management can be added at the networking level based on your security practices.

To put that all in laymen’s terms, it would take a supercomputer millions of years to break the encryption on the data being exchanged. The main threat is going to be from users exposing their credentials to people. To mitigate that, we don’t directly expose the user’s passwords anywhere and we make it easy for you to change their password should it get exposed. We also let you give people only the access they NEED which will reduce the impact from a breach. The other big potential threat is if someone compromises your server and steals the data once it is already in plain text. Various networking protections and security software can be used by your IT staff to limit risk to your server.