Public API for GPS providers

Overview

ALCS has public API for receiving trucks GPS data from GPS providers.

In order to provide GPS data to ALCS system, GPS provider has two options:

  1. Submit data to ALCS service.
  2. Implement GPS providing service using ALCS API specifications so ALCS system could request GPS provider for required data.

Services are protected. In order to submit or provide data, both parties must provide authentication credentials.

API services are implemented as REST web services. POST method must be used by GPS provider for submit data to ALCS. GET method must be implemented by GPS provider to allow ALCS request GPS data.

Security, authentication and authorization

For GPS API reference please, go to: https://alcs.eu/api/

Network security

All network communication conducted using HTTPS (TLS/SSL).

Authentication

API provides following methods of authentication:

Access token (API key)

Party that accepts request provide counterparty with access token. The method for generation access token may vary and depends on service provider.

ALCS uses such approach for generation access token:

  1. One provider can have more than one access token in a time.
  2. IP address is saved together with access token.
  3. Access token is unique across the whole system.
  4. Provider may request new access token. If token is requested from the same IP address, old token for this IP address will be replaced.
  5. Access token is used both for identification and authentication.

Authorization

Party providing data is responsible for proper caller authorization, it means, that only data, that caller has privilege to access, will be provided upon request.

Establishing relationship

In order to be able exchange data, both parties – ALCS and GPS data provider – should sign an agreement and exchange authentication credentials. Following information must be provided in agreement:

  1. Data providing method, either POST (ALCS will receive data) or GET (ALCS will request data).
  2. Public certificates using to establish secure  HTTPS (TLS/SSL) channel.
  3. Access token and external IP address in case when token-based authentication will be used.

Future authentication methods

Username and password based authentication

Parties identified using username, password and caller IP address.

SSL certificate authentication

To call service, both parties must provide valid SSL certificate.

 

API key request

Fill out the form to get the API key