API Documentation

• API Error Codes
• Permits API
• Pull API: Permit Stats
• Push API: Permit Delete
• Push API: Permit Create
• Push API: Permit Update
• Push API: Vehicle Create
• Pull API: UserType
• Push API: User Create/Update
• Pull API: Overdue Violations
• Pull API: Plate Validation
• Lot Value API

API Error Codes

API error codes indicate a failure while communicating with the OPSCOM API.

Example Error

Content-Type: application/json

{     "ErrorCode": 9001,     "ErrorMessage": "API Token is missing from the request." }

Error Codes

Error Code	Error Message
9000	Client Code is missing from the request.
9001	API Token is missing from the request.
9002	The supplied API token does not have permission to perform that request.
9003	Could not parse the request.
9004	End Time is a required field.
9005	The end time value is invalid.
9006	Plate is a required field.
9007	The start time value is invalid.
9008	Reference ID is required. On a new permit push, a reference id is returned. This is required for updates and deletes.
9009	Record not found.
9010	The Plate Type is required.
9011	The province or state is required.
9012	The vehicle is already in the database.
9013	A unique id is required.
9014	The login source is required.
9015	The login source is invalid.
9016	The user e-mail is required.
9017	The user's first name is required.
9018	The user's last name is required.
9019	The user's email address must be unique.
9020	The user's username must be unique.
9021	The vehicle's plate length exceeds 50 characters.
9022	A record already exists with the supplied details.
9030	The field's maximum number of characters was exceeded.
9031	The field is required.
9032	The field has a minimum number of characters.
9033	The field's value is invalid.
9034	The API Token does not exist for the specified client.

Permits API

Pull API: Permit Stats

The OPSCOM Controller provides a simple JSON based API to integrate with. Clients use this API to gather stats on permits pushed into OPSCOM.

API access is a paid feature and must be granted by OPSCOM. Email your Account Executive to negotiate access. 

Making API Requests 

Make sure you set the HTTP Content-Type header to be application/json.        

Raw Request:

JavaScript Request

Request Object Attributes

Attribute	Type	Limits	Possible Names	Description
apiToken	String	50-character alphanumeric including dashes	apiToken	(Required) Your supplied API Token.
zones	String	Listed zones match zone names in database	zones	(Not Required) Comma delimited list of zones e.g. zone1,zone2,Lot 03,Red Lot,Street parking

Successful Response

The response will be a json object. The same reference id will be returned.

Content-Type: application/json

Push API: Permit Delete

API access is a paid feature and must be granted by OPSCOM. Email your Account Executive to negotiate access. 

The OPSCOM Controller provides a simple JSON based API to integrate with. Clients use this API to directly feed details about existing paid permits and their changes into OPSCOM from other systems such as Parking apps.  

Make sure you set the HTTP Content-Type header to be application/json.

Making API Requests

Raw Request:

JavaScript Request:

Request Object Attributes

Attribute	Type	Limits	Possible Names	Description
apiToken	String	50-character alphanumeric including dashes	apiToken	(Required) Your supplied API Token.
Reference ID	String	50-character alphanumeric including dashes	referenceid referenceID reference_id	(Required) This value is supplied to when the permit push api is successful. e.g. 1a9b5375-cb75-4c71-9939-eeae550b09ac

Successful Response

The response will be a json object. The same reference id will be returned.

Content-Type: application/json

Push API: Permit Create

The Push API: Permit Create allows OPSCOM administrators to integrate external parking systems directly with the OPSCOM Controller. This RESTful integration automatically synchronizes paid or temporary permit details from third-party hardware and software, such as parking meters, pay stations, and mobile parking applications. By pushing active parking instances into the centralized database, administrators ensure real-time compliance tracking and seamless enforcement across all connected devices.

Setup and Configuration

Before third-party systems can transmit transaction data into the system, specific environmental settings and authorization keys must be established.

API access is a premium paid feature that requires licensing activation. Organizations must contact their OPSCOM Account Executive to negotiate access and enable the endpoint interface for their environment.

Admin Side Configuration

1. Secure an authenticated API token from your OPS-COM technical representative.

2. Confirm that all target parking zones match your external hardware naming conventions. Review configuration rules on the Parking Zone Administration page to avoid disconnected reporting errors.

3. Distribute the production endpoint URL and unique alphanumeric token to your third-party integration developers or vendors (e.g., HotSpot).

Using this Feature

The integration relies on an external system triggering HTTP POST requests to the centralized server. The endpoint accepts a standard structured JSON payload containing authorization, vehicle identity, and time boundaries.

Endpoint Address

POST [https://controller.operationscommander.io/api/OC-TOMA/v1/permits/push](https://controller.operationscommander.io/api/OC-TOMA/v1/permits/push)

Request Header Requirements

External systems must supply the following exact headers within every network transmission:

• Content-Type: application/json

• Accept: application/json

Request Payload Examples

Raw HTTP Request

POST /api/OC-TOMA/v1/permits/push HTTP/1.1
Host: controller.operationscommander.io
Accept: application/json
Content-Type: application/json
Cache-Control: no-cache

{
    "apiToken": "YOUR-API-TOKEN",
    "Amount": "14.50",
    "CurrencyID": "CAD",
    "LicencePlate": "PL8RDR",
    "zone": "Lot 4",
    "permitNo": "L4-1138",
    "startTime": "2018-07-02T09:00:00",
    "endTime": "2018-07-02T09:30:00",
    "promoCode": "DISCOUNT20"
}

JavaScript XMLHttpRequest Example

var request = new XMLHttpRequest();

request.open('POST', 'https://controller.operationscommander.io/api/OC-TOMA/v1/permits/push');

request.setRequestHeader('Content-Type', 'application/json');
request.setRequestHeader('Accept', 'application/json');

request.onreadystatechange = function () {
  if (this.readyState === 4) {
    console.log('Status:', this.status);
    console.log('Headers:', this.getAllResponseHeaders());
    console.log('Body:', this.responseText);
  }
};

var body = {
    "apiToken": "YOUR-API-TOKEN",
    "Amount": "14.50",
    "CurrencyID": "CAD",
    "LicencePlate": "PL8RDR",
    "zone": "Lot 4",
    "permitNo": "L4-1138",
    "startTime": "2018-07-02T09:00:00",
    "endTime": "2018-07-02T09:30:00",
    "promoCode": "DISCOUNT20"
};

request.send(JSON.stringify(body));

Request Object Attributes

The endpoint processes incoming data objects using strict key names. Use the definitions below to map external database variables correctly.

API Server Responses

Successful Response

Upon successfully accepting and writing a record to the database, the server transmits an HTTP status code 200 OK along with a tracking object.

Successful Response

The response will be a json object. Content-Type: application/json

{
    "status": "success",
    "reference_id": "1a9b5375-cb75-4c71-9939-eeae550b09ac",
    "InternalReferenceID": "1a9b5375-cb75-4c71-9939-eeae550b09ac"
}

Best Practices and Considerations

• Audit third-party zone names precisely. Ensure that zone names passed into the zone parameter exactly match your current system setup. If an external pay station pushes a value that does not correspond with a recognized lot name, it registers as a disconnected record and fails to populate correctly within enforcement reports.

• Validate promotional campaign metrics. When working with mobile applications like HotSpot, instruct vendors to map their promotional parameters to the promoCode field. Administrators can track usage and verify free or discounted transaction validity by auditing the dedicated promotional code column found on the Paystation Status page.

• Adhere strictly to UTC string constraints. Confirm that your developers match the ISO-8601 date formatting style explicitly for startTime and endTime. For technical validation, reference the PHP Date Formatting development rules.

Push API: Permit Update

API access is a paid feature and must be granted by OPSCOM. Email your Account Executive to negotiate access. 

The OPSCOM Controller provides a simple JSON based API to integrate with. Clients use this API to directly feed paid permit details into OPSCOM from other systems such as Parking Apps.  

Make sure you set the HTTP Content-Type header to be application/json.

Making API Requests

Raw Request:

JavaScript Request:

Request Object Attributes

Successful Response

The response will be a json object. The same reference id will be returned.

Content-Type: application/json

Push API: Vehicle Create

API access is a paid feature and must be granted by OPSCOM. Email your Account Executive to negotiate access. 

The OPSCOM Controller provides a simple JSON based API to integrate with. Clients use this API to directly feed vehicles into OPSCOM from other systems.  

Make sure you set the HTTP Content-Type header to be application/json.

Making API Requests

Raw Request:

JavaScript Request:

Request Object Attributes

Successful Response

The response will be a json object. 

Content-Type: application/json

Pull API: UserType

API access is a paid feature and must be granted by OPSCOM. Email your Account Executive to negotiate access. 

The OPSCOM Controller provides a simple JSON based API to integrate with. Clients use this API to obtain a list of the current profile user types in their system.

Make sure you set the HTTP Content-Type header to be application/json.

Making API Requests

Raw Request:

JavaScript Request:

Request Object Attributes

Successful Response

The response will be a json object. 

Content-Type: application/json

Push API: User Create/Update

API access is a paid feature and must be granted by OPSCOM. Email your Account Executive to negotiate access. 

The OPSCOM Controller provides a simple JSON based API to integrate with. Clients use this API to push to OPSCOM new users and update existing users directly from another system. For example, you may wish to push Student and Staff information from Banner directly to OPSCOM.

Make sure you set the HTTP Content-Type header to be application/json.

Making API Requests

Raw Request:

JavaScript Request:

Request Object Attributes

Successful Response

The response will be a json object. 

Content-Type: application/json

Pull API: Overdue Violations

API access is a paid feature and must be granted by OPSCOM. Email your Account Executive to negotiate access. 

The OPSCOM Controller provides a simple JSON based API to integrate with.

Clients use this API to export a list of the currently overdue violations, which are then marked as having been sent to collections.

Make sure you set the HTTP Content-Type header to be application/json.

Information

When accessed, this API will send all overdue violations that have not been sent to collections yet in a JSON object. It will also mark them as having been sent to collections, so subsequent calls to the API will not get the same information more than once.

This is a POST request. Data is being posted to the server.

POST /api/{client}/v1/violations/send_overdue_to_collections

Sample Request - All Params

/api/OC_TOMA/v1/violations/send_overdue_to_collections

Making API Requests

Raw Request:

JavaScript Request:

Request Object Attributes

Successful Response

The response will be a JSON object.

Content-Type: application/json

Pull API: Plate Validation

API access is a paid feature and must be granted by OPSCOM. Email your Account Executive to negotiate access. 

Use this API to obtain details related to a plate.  Plate details include permits, alerts and DNTT status.

Make sure you set the HTTP Content-Type header to be application/json.

Making API Requests

Raw Request

JavaScript Request

Request Object Attributes

Response Values

Successful Response

The response will be a json object. 

Content-Type: application/json

Response Samples

Any response listed below could be merged with any other.  This is a list of possible responses to demonstrate responses with data.

Lot Value API

The Lot Value API provides administrators with a programmatic version of the existing Lot Value Report. Its primary purpose is to retrieve real-time parking lot occupancy, valuation, and capacity data directly from the OPSCOM Controller, allowing organizations to independently ingest this information into their own custom data dashboards or third-party reporting tools.

Setup and Configuration

Before querying the endpoint, A Tomahawk Support agent must generate an authentication token with the correct structural permissions assigned. Once this token is generated for you, it will be sent securely to you, and you can use this API key in the body of a get request, sent to this endpoint:

https://controller.preview.operationscommander.io/api/[YOUR CLIENT ID]/v1/permits/lot-values

This is how the body should be formatted to receive lot values in return;

Using this Feature

The endpoint mimics the data structure of the standard system report but delivers it as a structured payload for external integration.

Expected API Responses

A successful request returns a structured JSON payload containing real-time data for all configured parking lots. The output includes individual lot identifiers, total capacities, active permit counts, current vehicle volume calculations, and the monetary value assigned to the spaces.

If an unauthenticated key is passed into the request body, the server rejects the connection.

Here is an example of what the API will return:

[     {         "lot_type": "Y",         "lot_name": "TU Residence",         "default_cost": 525,         "total_permits": 20,         "rented_permits": 0,         "utilized_pct": 0,         "amount_projected": 0,         "amount": 0,         "tax_amount": 0,         "tax_amount1": 0,         "tax_amount2": 0,         "total": 0     },     {         "lot_type": "M",         "lot_name": "TU Residence Visitors",         "default_cost": 11,         "total_permits": 0,         "rented_permits": 0,         "utilized_pct": null,         "amount_projected": 0,         "amount": 0,         "tax_amount": 0,         "tax_amount1": 0,         "tax_amount2": 0,         "total": 0     },     {         "lot_type": "S",         "lot_name": "TU Semester East",         "default_cost": 100,         "total_permits": 21,         "rented_permits": 17,         "utilized_pct": 80.95,         "amount_projected": 1700,         "amount": 2897.8783,         "tax_amount": 0,         "tax_amount1": 144.89392,         "tax_amount2": 231.83026,         "total": 3274.6     },     {         "lot_type": "M",         "lot_name": "TU Semester Central",         "default_cost": 125,         "total_permits": 60,         "rented_permits": 3,         "utilized_pct": 5,         "amount_projected": 375,         "amount": 313.08447,         "tax_amount": 0,         "tax_amount1": 15.65422,         "tax_amount2": 25.04676,         "total": 353.79     },     {         "lot_type": "Y",         "lot_name": "TUSC Yearly Staff",         "default_cost": 350,         "total_permits": 10,         "rented_permits": 0,         "utilized_pct": 0,         "amount_projected": 0,         "amount": 0,         "tax_amount": 0,         "tax_amount1": 0,         "tax_amount2": 0,         "total": 0     },     {         "lot_type": "Y",         "lot_name": "TUSC Yearly Executive",         "default_cost": 0,         "total_permits": 10,         "rented_permits": 0,         "utilized_pct": 0,         "amount_projected": 0,         "amount": 0,         "tax_amount": 0,         "tax_amount1": 0,         "tax_amount2": 0,         "total": 0     },     {         "lot_type": "M",         "lot_name": "TU Visitors",         "default_cost": 11,         "total_permits": 0,         "rented_permits": 0,         "utilized_pct": null,         "amount_projected": 0,         "amount": 0,         "tax_amount": 0,         "tax_amount1": 0,         "tax_amount2": 0,         "total": 0     },     {         "lot_type": "M",         "lot_name": "Veritas Communications - All Lots",         "default_cost": 165,         "total_permits": 28,         "rented_permits": 2,         "utilized_pct": 7.14,         "amount_projected": 330,         "amount": 330,         "tax_amount": 0,         "tax_amount1": 16.5,         "tax_amount2": 26.4,         "total": 372.9     },     {         "lot_type": "M",         "lot_name": "Veritas Communications - Complimentary",         "default_cost": 0,         "total_permits": 5,         "rented_permits": 0,         "utilized_pct": 0,         "amount_projected": 0,         "amount": 0,         "tax_amount": 0,         "tax_amount1": 0,         "tax_amount2": 0,         "total": 0     },     {         "lot_type": "M",         "lot_name": "North Lot",         "default_cost": 195,         "total_permits": 0,         "rented_permits": 0,         "utilized_pct": null,         "amount_projected": 0,         "amount": 0,         "tax_amount": 0,         "tax_amount1": 0,         "tax_amount2": 0,         "total": 0     },     {         "lot_type": "M",         "lot_name": "Solus Tech Inc",         "default_cost": 183,         "total_permits": 15,         "rented_permits": 2,         "utilized_pct": 13.33,         "amount_projected": 366,         "amount": 366,         "tax_amount": 0,         "tax_amount1": 18.3,         "tax_amount2": 29.28,         "total": 413.58     },     {         "lot_type": "M",         "lot_name": "Recreation Complex",         "default_cost": 0,         "total_permits": 0,         "rented_permits": 0,         "utilized_pct": null,         "amount_projected": 0,         "amount": 0,         "tax_amount": 0,         "tax_amount1": 0,         "tax_amount2": 0,         "total": 0     },     {         "lot_type": "M",         "lot_name": "Main Street Parking",         "default_cost": 200,         "total_permits": 20,         "rented_permits": 0,         "utilized_pct": 0,         "amount_projected": 0,         "amount": 0,         "tax_amount": 0,         "tax_amount1": 0,         "tax_amount2": 0,         "total": 0     },     {         "lot_type": "O",         "lot_name": "Public Works",         "default_cost": 0,         "total_permits": 30,         "rented_permits": 0,         "utilized_pct": 0,         "amount_projected": 0,         "amount": 0,         "tax_amount": 0,         "tax_amount1": 0,         "tax_amount2": 0,         "total": 0     },     {         "lot_type": "M",         "lot_name": "Mall Parking",         "default_cost": 0,         "total_permits": 0,         "rented_permits": 0,         "utilized_pct": null,         "amount_projected": 0,         "amount": 0,         "tax_amount": 0,         "tax_amount1": 0,         "tax_amount2": 0,         "total": 0     },     {         "lot_type": "M",         "lot_name": "Main Street Private Parking",         "default_cost": 150,         "total_permits": 200,         "rented_permits": 0,         "utilized_pct": 0,         "amount_projected": 0,         "amount": 0,         "tax_amount": 0,         "tax_amount1": 0,         "tax_amount2": 0,         "total": 0     },     {         "lot_type": "M",         "lot_name": "TU South Garage",         "default_cost": 75,         "total_permits": 3000,         "rented_permits": 2,         "utilized_pct": 0.07,         "amount_projected": 150,         "amount": 150,         "tax_amount": 0,         "tax_amount1": 7.5,         "tax_amount2": 12,         "total": 169.5     } ]

Best Practices and Considerations

• Verify token scopes before deployment. The API token must be exactly as it appears when it was sent to you by OPSCOM. It is your information's password.

• Match pull frequencies to operational needs. This API should not need to be polled more than once an hour.