Developers

The same API we build on.

RouteIQ's dashboard and driver app run on the REST API you get: 180+ endpoints, documented in an OpenAPI 3.0 spec. If it's in the product, you can automate it.

Quickstart

Your first request

Every site gets its own subdomain, and every request is scoped to it. You need an application API key and a signed-in user's access token.

Create a jobcurl
# Base URL: https://<your-subdomain>.routeiq.app/api
# Every request carries both headers

curl -X POST https://acme.routeiq.app/api/job \
  -H "x-api-key: $ROUTEIQ_API_KEY" \
  -H "x-access-token: $ROUTEIQ_ACCESS_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "customer_first_name": "Dana",
    "customer_phone": "2125550100",
    "service_type_id": 12,
    "stops": [ ... ]
  }'

# List jobs, newest first
curl "https://acme.routeiq.app/api/job?page=1&per_page=20&sort_by=created_at&sort_order=desc" \
  -H "x-api-key: $ROUTEIQ_API_KEY" \
  -H "x-access-token: $ROUTEIQ_ACCESS_TOKEN"
Authentication

Two headers, every request

Every API call carries both headers. The dashboard, the driver app, and your integrations all authenticate the same way.

Header Identifies Where it comes from
x-api-key: <key> Your application Register an application in your site settings and scope keys to it.
x-access-token: <token> The signed-in user Obtained by signing in (see the authentication endpoints in the API reference); expires and must be refreshed.
Conventions

Boring, in the good way

The API behaves the same everywhere, so you learn it once.

Concern How it works
Multi-tenancy Every request is scoped to a site by subdomain. Data is fully isolated between sites; credentials from one site cannot touch another.
Pagination page and per_page (default 20, max 100). Responses include a meta object with total, page, and per_page.
Sorting sort_by=<field> with sort_order=asc or desc, e.g. sort_by=created_at&sort_order=desc.
Errors Consistent JSON: {"error": "message", "code": "ERROR_CODE"} with standard HTTP status codes (400, 401, 403, 404, 409, 422, 500).
Rate limiting Per API key or token. Exceeding it returns 429 with a Retry-After header telling you when to come back.
Partial updates PATCH uses a three-state model: send a value to set it, omit the field to leave it unchanged, send null to clear it.
Mapping

Not married to one map vendor

Routing, geocoding, and traffic data flow through a provider abstraction with a stable interface. We can switch vendors per site for accuracy, coverage, or cost, and a provider outage doesn't take routing down with it.

HERE Maps Google Maps Mapbox Free options available
Events

Webhooks that don't lose things

Subscribe your endpoints to the events you care about: job state changes, payments, driver status. Delivery is queue-based and retried on failure, so a blip on your end doesn't mean a missed update.

Custom fields

Attach your own structured data to jobs, workers, and stops through the API. No schema change requests, no waiting on us.

Configurable workflows

Job, stop, and route states are defined per site over the API. Five fixed lifecycle phases underneath keep your automations stable whatever the states are named.

Integrations

Stripe, Twilio, Slack, Mailgun, Firebase push, and LiveKit are first-class integrations. Credentials are encrypted field-by-field at rest.

Audit log

Every change is recorded in an append-only log with the before and after state. Query it through the API like anything else.

Read the full reference

All 180+ endpoints with schemas, parameters, and example payloads, rendered straight from the OpenAPI spec.