Overview
UniAsset provides an Integration API that allows external systems — ERPs, IoT pipelines, automation tools, and custom applications — to read and write asset data programmatically.
The API is available on Business and Enterprise plans. IoT signal ingestion requires an Enterprise plan.
Plan Requirements
| Capability | Minimum Plan |
|---|---|
| Asset creation, maintenance, assignment, geo-position | Business |
| Webhook management and delivery | Business |
| IoT signal ingestion | Enterprise |
Authentication
The Integration API uses API key authentication with Bearer tokens.
Header format:
Authorization: Bearer ua_live_<your-key>
Content-Type: application/json
API keys are created and managed in Settings → Integrations → API Keys. Only users with the Owner role can create or revoke keys.
When you create a key, the full key is shown once only. UniAsset stores a bcrypt hash — the plaintext is never stored or recoverable. Copy your key immediately and store it in a secrets manager (Azure Key Vault, AWS Secrets Manager, etc.).
Available Endpoints
| Endpoint | Permission | Plan |
|---|---|---|
POST /api/integrations/assets/create | asset:create | Business+ |
POST /api/integrations/assets/maintenance | maintenance:create | Business+ |
POST /api/integrations/assets/assignment | assignment:update | Business+ |
POST /api/integrations/assets/geo-position | asset:location | Business+ |
POST /api/integrations/iot/signals | iot:signal:ingest | Enterprise |
All endpoints are write-only in the current release. Read endpoints are planned in a future phase.
Getting Started
- Upgrade to Business plan (or Enterprise for IoT signals).
- Log in as the Owner.
- Go to Settings → Integrations → API Keys.
- Click Create API Key.
- Enter a descriptive name (e.g.
ERP Integration — Production). - Select only the permissions your integration needs.
- Click Generate. Copy the key immediately.
- Store the key in your secrets manager.
- Include the key as
Authorization: Bearer <key>on every API request.
Payload Examples and Field Reference
For complete request/response schemas, required fields, constraints, and error codes, see the Developer Guide inside Settings → Integrations → Developer Guide.
The canonical payload reference is also maintained at /docs/VALIDATED_API_PAYLOAD_REFERENCE.md in the project repository.
Security Best Practices
- Create one key per integration (not one key for everything)
- Grant only the permissions each integration actually needs (least-privilege)
- Store keys in a secrets manager — never in source code or environment variable files committed to version control
- Rotate keys on a regular schedule or immediately on suspected exposure
- Revoke keys that are no longer in use
Webhooks
UniAsset can also push events to your systems when asset data changes. See Settings → Integrations → Webhooks to configure outbound webhooks.
Available events include asset creation, assignment changes, maintenance records, warranty expiry, document expiry, and incidents. For webhook security and signature verification, see Webhook Security Verification.
Error Codes
| Code | HTTP | Meaning |
|---|---|---|
PLAN_UPGRADE_REQUIRED | 403 | Business plan or higher required |
ENTERPRISE_REQUIRED | 403 | Enterprise plan required (IoT endpoints) |
FORBIDDEN | 403 | Key lacks the required permission scope |
KEY_REVOKED | 401 | Key has been revoked |
VALIDATION_ERROR | 422 | Request payload failed schema validation — see details[] |
Related Articles
Need Help?
If you have questions not covered in this article, our support team is here to help.
Contact Support