Access and Authentication

This section describes how to access all of the JSON API functions.

To access the API directly, use the following format:


Alternatively, start with any of the following addresses:


and append the function call (JSON_Func=) and any required parameters (JSON_P1=, JSON_P2=):


For example:


Note that the order of the parameters on the URL is important. For example, the GetItem call fails if you have the table ID parameter value in the item ID parameter and vice versa.

Tip: If you are calling a function via JavaScript on a custom form, begin the URL with tmtrack.dll?JSONPage&command=. This ensures the call will succeed in both the classic interface and in Work Center.

Every JSON API call contains a result in the response. For every call that is successfully authenticated, the result contains a type of either OK or ERROR. Every ERROR result has an English message after msg and may also contain a localizable message in msgLoc.

"result":{"type":"ERROR","msg":"Could not read specified record by ID"}
"result":{"type":"ERROR","msg":"Could not read specified record by ID",
"msgLoc":"The item could not be found."}

All functions are accessible from the browser using existing authentication methods such as Windows Authentication or Single Sign-On (SSO). You can use the TokenService call to acquire and send an SSO token in the HTTP header for SBM server configurations that use SSO. For details, refer to Requesting a Security Token.

If authentication fails, or the required SSO token is not found, the authentication type is returned with the message Authentication failed:

"request": {
"url": "http://AE/tmtrack/tmtrack.dll?JSONPage&command=jsonapi&JSON_Func=getVersion&"
"error": {
"type": "authentication"
"msg": "Authentication failed"
"sso": {
"idp": "http://SSOserverName:8085/idp/services/Trust"
"msg": ""
"code": ""

All functions provided by the JSON API honor SBM user privileges; additional privileges are not required to access the API functions.