Skip to main content

Overview

The JobTicket+ Developer Portal gives you a self-service interface to manage everything you need to integrate with the JobTicket B2B API — API keys, permissions, webhooks, and delivery logs.

Production Portal

Access the live production developer dashboard

Staging Portal

Access the staging developer dashboard for testing
The dashboard summarises your account at a glance:
CardWhat it shows
API StatusWhether API access is ENABLED or disabled for your account
Active API KeysNumber of currently enabled keys
Disabled API KeysNumber of keys that exist but are disabled
Total WebhooksNumber of webhook endpoints registered

Granting Developers Access

Before a developer can log in to the Developer Portal, a company admin must complete the following four steps in the AllRide B2B Admin Panel.
1

Create a Developer Admin Group

  1. In the left navigation go to Company management → Admin groups.
  2. Click + Add new admin group in the top-right corner.
  3. Enter a group name (e.g. Developers) and click Add group.
The new group appears in the list with 0 Permissions.
2

Grant the Group Developer Portal Permissions

  1. Click the menu on the Developers group row and select Update group permissions.
  2. Enable the following permissions:
PermissionDescription
Access Developer PortalAccess and use the developer portal and its resources
View API KeysView API keys and access credentials
View API Key SecretsView API key secrets and sensitive credentials
Create API KeysCreate new API keys and access credentials
Update API KeysUpdate existing API keys and access credentials
View WebhooksView webhook configurations and settings
View Webhook SecretsView webhook secrets and signing credentials
Create WebhooksCreate new webhook configurations and endpoints
Update WebhooksUpdate existing webhook configurations and endpoints
Remove WebhooksRemove webhook configurations and endpoints
View Webhook LogsView webhook delivery logs and event history
  1. Click Update permissions to save.
3

Add the Developer as an Employee

  1. In the left navigation go to Jobticket+ management → Manage employees.
  2. Click + Add employee and fill in the developer’s details:
    • First name, Last name, Email address
    • Date of birth
    • Set Subscription start date to Don’t Start Subscription (developers do not need a Jobticket+ plan)
  3. Click Add employee.
4

Assign the Employee as an Admin in the Developer Group

  1. In the left navigation go to Company management → Manage admins.
  2. Click + Add new admin.
  3. In the Select employees step, search for and check the developer’s name, then click Next.
  4. In the Select groups step, check the Developers group, then click Add users.
The developer can now log in to the Developer Portal using their employee email address and will have access to all the permissions assigned to the Developers group.
Assign only the permissions your developers actually need. Avoid enabling View API Key Secrets or View Webhook Secrets for developers who only need read access to configurations.

Authentication

Every API request uses HTTP Basic Auth. The credentials come from an API key you create in the portal:
Basic Auth fieldValue
UsernameAPI Key ID (e.g. f1b24afa-39c6-4cc2-b545-cfab6b687f6e)
PasswordAPI Key Secret (revealed via View API Key Secret in the ⋯ menu)
Authorization: Basic <base64(apiKeyId:apiKeySecret)>
Most HTTP clients (e.g. curl -u, Axios auth, Python requests auth=) handle the Base64 encoding automatically when you supply a username and password separately.

API Keys

Permissions

Each API key carries a set of permissions that control which endpoints it can call. The portal shows the count (e.g. 5 Permissions) on the key list. Click the count to see the full list assigned to that key. Available permissions and what they unlock:
PermissionDescriptionEndpoints covered
View Employees (view-employees)Allows the API key to view the list of employees, their details, and their documents within the company.List Employees, Get Employee, List Documents, Get Document, Get Employee Documents
Add New Employees (add-employees)Enables the API key to add new employees to the company, including setting up their roles and permissions.Used internally during HR sync
Update Existing Employee Details (update-employees)Allows modification of existing employee details such as role, department, and contact information.Used internally during HR sync
Remove Existing Employees From Company (remove-employees)Grants permission to remove employees from the company and deactivate their accounts.Used internally during HR sync
View HR Integrations (view-hr-integrations)View HR integration connections and settings.List HR Integrations, Get HR Integration
A key only succeeds on endpoints that match its permissions — all others return 403 Forbidden.

Creating an API Key

1

Open API Keys

In the left navigation click API Keys, then click + Add New Api Key in the top-right corner.
2

Enter a description

Type a descriptive label in the API Key Description field (e.g. Production – Payroll System) and click Create API Key.
3

Copy your credentials

After creation, click the menu on the key row and select View API Key Secret to reveal the secret. Copy the API Key ID and API Key Secret and store them in a secret manager.
If you need to replace a compromised or lost secret, use Rotate API Key Secret to generate a new one. The old secret is immediately invalidated.
4

Assign permissions

Click the menu on the new key row and select Update API Key permissions to grant the scopes your integration needs.

Managing API Keys

Click the menu on any key row to access:
ActionWhat it does
View API Key SecretReveals the current secret (requires confirmation)
Update API Key permissionsOpens a permissions editor to add or remove scopes
Rotate API Key SecretGenerates a new secret and immediately invalidates the old one
Disable API KeyRevokes API access without deleting the key — can be re-enabled later

Webhooks

Webhooks let JobTicket+ push real-time events to your server so you don’t need to poll the API. When a subscribed event occurs, JobTicket+ makes an HTTP POST to your endpoint with a signed JSON payload. See Webhooks for the full payload schemas and signature verification guide.

Creating a Webhook

1

Open Webhooks

In the left navigation click Webhooks, then click + Add New Webhook.
2

Fill in the form

FieldDescription
Webhook DescriptionA friendly label (required)
Webhook URLThe HTTPS URL JobTicket+ should POST to
Event TypesCheck one or more events to subscribe to
Available event types:
EventFires when…
employee-subscription-changedAn employee’s subscription status or dates change
new-employee-document-generatedA new document is generated for an employee
3

Submit

Click Add webhook. The webhook is active immediately.

Managing Webhooks

Click the menu on any webhook row:
ActionWhat it does
View Webhook LogsNavigate to filtered delivery logs for this webhook
View Webhook Signing SecretsReveal the two signing secrets used to verify payloads
Update WebhookChange the URL, description, or subscribed events
Rotate First Webhook Signing SecretGenerates a new first secret; old one is immediately invalid
Rotate Second Webhook Signing SecretGenerates a new second secret; old one is immediately invalid
Delete WebhookPermanently removes the webhook and stops all deliveries
Two signing secrets exist to support zero-downtime rotation. Both are valid simultaneously — rotate one while the other keeps requests flowing, then retire the old one. See Verifying Signatures for details.

Webhook Logs

The Webhook Logs section records every delivery attempt. Each row shows:
ColumnDescription
Webhook Log IDUnique ID of the delivery attempt
Event IDID of the event that triggered the delivery
URLThe endpoint JobTicket+ posted to
Event TypeThe event type label
Status CodeHTTP status returned by your server
Logged AtTimestamp of the delivery attempt
Click View Webhook Log on any row to inspect the full details — including the raw JSON payload, the X-Signing-Signature header value, and your server’s response body. This is your primary debugging tool when a delivery fails or produces an unexpected response.