Access and Authentication

This section describes how to access all of the JSON API functions.

To access the API directly, use the following format:


Alternatively, start with any of the following addresses:


and append the function call (JSON_Func=) and any required parameters (JSON_P1=, JSON_P2=):


For example:

Tip: If you are calling a function via JavaScript on a custom form, begin the URL with tmtrack.dll?JSONPage&command=. This ensures the call will succeed in both the classic interface and in Work Center.

Every JSON API call contains a result in the response. For every call that is successfully authenticated, the result contains a type of either OK or ERROR. Every ERROR result has an English message after msg and may also contain a localizable message in msgLoc.

"result":{"type":"ERROR","msg":"Could not read specified record by ID"}
"result":{"type":"ERROR","msg":"Could not read specified record by ID",
"msgLoc":"The item could not be found."}

All functions are accessible from the browser using existing authentication methods such as Windows Authentication or Single Sign-On (SSO). You can use the TokenService call to acquire and send an SSO token in the HTTP header for SBM server configurations that use SSO. For details, refer to Requesting a Security Token.

If authentication fails, or the required SSO token is not found, the authentication type is returned with the message Authentication failed:

"request": {
"url": "http://AE/tmtrack/tmtrack.dll?JSONPage&command=jsonapi&JSON_Func=getVersion&"
"error": {
"type": "authentication"
"msg": "Authentication failed"
"sso": {
"idp": "http://SSOserverName:8085/idp/services/Trust"
"msg": ""
"code": ""

All functions provided by the JSON API honor SBM user privileges; additional privileges are not required to access the API functions.