EasyTrack API reference
Every endpoint you can integrate into your own system or external app: authentication, trackers, real-time GPS positions, vehicles, geofences, agent assignments, alerts, reports and share-links.
Overview
The EasyTrack API is a JSON REST API hosted on Cloudflare (edge, EU region).
All requests use HTTPS. Responses are application/json (except CSV/PDF exports).
Real-time tracking data comes from Teltonika / FMC trackers and is available a few
seconds after the server receives it.
| Domain | https://api.easytrack.ch |
|---|---|
| Format | JSON UTF-8 |
| Auth | Bearer token (obtained via email OTP) |
| Methods | GET, POST, PUT, PATCH, DELETE |
| CORS | Enabled (Access-Control-Allow-Origin: * on the main resources) |
Base URL & formats
https://api.easytrack.ch
Every endpoint below is relative to this base. Example:
GET /devices → https://api.easytrack.ch/devices.
Authentication
Almost every endpoint requires a Bearer token. You obtain the token in two
steps: request an OTP code by email, then verify the code. Then add the
Authorization header to every request:
Authorization: Bearer <your_token>
Content-Type: application/json
401 with {"error":"Token manquant"} or
{"error":"Session invalide ou expirée"}. Endpoints marked
Public do not require a token.
Your first call
1 · Request a code
curl -X POST https://api.easytrack.ch/auth/request-code \
-H "Content-Type: application/json" \
-d '{"email":"you@example.ch","lang":"en"}'
2 · Verify the code and get the token
curl -X POST https://api.easytrack.ch/auth/verify-code \
-H "Content-Type: application/json" \
-d '{"email":"you@example.ch","code":"123456"}'
# => { "success": true, "token": "…", "expires_at": "…", "user": { … } }
3 · List your trackers
curl https://api.easytrack.ch/devices \
-H "Authorization: Bearer <token>"
In JavaScript (fetch):
const res = await fetch("https://api.easytrack.ch/devices", {
headers: { Authorization: `Bearer ${token}` }
});
const { devices } = await res.json();
Endpoint families
Authentication — login & session
Sends a 6-digit OTP code by email (or SMS).
Body
{
"email": "you@example.ch",
"lang": "en" // optional (fr, de, en, it…)
}
Response
{ "success": true, "message": "Code sent", "expires_in": 600 }
Verifies the OTP and returns a Bearer token. If 2FA is enabled, returns requires_2fa.
Body
{ "email": "you@example.ch", "code": "123456" }
Response (no 2FA)
{
"success": true,
"token": "…",
"expires_at": "2026-08-01T10:00:00.000Z",
"user": { "id": 42, "email": "you@example.ch", "role": "client", "two_factor_enabled": false }
}
Response (2FA required)
{ "success": true, "requires_2fa": true, "pending_token": "…" }
Completes login with the TOTP code (or a backup code) and the pending_token.
Body
{ "pending_token": "…", "code": "654321" }
Sends a one-time login link by email.
Body
{ "email": "you@example.ch" }
Returns the user tied to the current token (useful to validate a session).
Invalidates the current session (the token can no longer be used).
Lists the account's active sessions. DELETE /auth/sessions revokes the other sessions.
Authentication — 2FA & profile
| Method | Endpoint | Purpose |
|---|---|---|
| GET | /auth/profile | Get the profile |
| PUT | /auth/profile | Update the profile (name, language…) |
| GET | /auth/2fa/status | 2FA status |
| POST | /auth/2fa/setup | Generate TOTP secret + QR |
| POST | /auth/2fa/verify | Enable 2FA (validates a code) |
| POST | /auth/2fa/disable | Disable 2FA |
| POST | /auth/2fa/backup-codes | Regenerate backup codes |
| POST | /auth/push-token | Register a push token (mobile) |
| DELETE | /auth/push-token | Remove a push token |
| GET | /auth/notification-preferences | Notification preferences |
| PUT | /auth/notification-preferences | Update preferences |
Trackers (devices)
A device is a GPS tracker identified by its imei. The endpoints below only
return the trackers on your account (and those shared with you).
Enriched list of your trackers: last position, battery, online status, linked vehicle, active agent, SIM backup.
Response (excerpt)
{
"success": true,
"source": "known_devices",
"devices": [
{
"id": 12, "imei": "350612073912345", "name": "Truck 1",
"status": "online",
"last_latitude": 46.204, "last_longitude": 6.143,
"last_speed": 0, "last_heading": 180, "last_battery": 87,
"last_position_at": "2026-07-11 06:12:33",
"vehicle_plate": "GE 123456", "vehicle_name": "Van",
"active_agent_name": null, "is_shared": false
}
]
}
Real-time variant: latest raw values of each active tracker, ideal to refresh a map.
Days for which at least one of the given IMEIs has positions (useful for a date picker).
Query
| Param | Required | Description |
|---|---|---|
imeis | yes | Comma-separated list of IMEIs |
from | no | Min date YYYY-MM-DD |
to | no | Max date YYYY-MM-DD |
Tracker details by IMEI + its last 50 positions.
Tracker details by internal ID + its last 50 positions.
Activates (registers) a tracker on your account by its IMEI.
Body
{ "imei": "350612073912345", "name": "Truck 1" } // name optional
Renames/activates a tracker and updates the linked vehicle (created if needed).
Body (all fields optional)
{
"name": "Truck 1", "is_active": true,
"vehicle_plate": "GE 123456", "vehicle_name": "Van",
"vehicle_type": "van", "vehicle_model": "Ford Transit",
"vehicle_color": "#2563eb", "vehicle_assigned_to": "John"
}
Removes a tracker from the account (linked positions and alerts cleaned up, vehicle unlinked).
GPS positions
Last known position of each of your trackers (one row per device).
Stream of recent positions, filterable by IMEI.
Query
| Param | Default | Description |
|---|---|---|
imei | — | Filter on one tracker |
limit | 100 | Max number of points |
Position history of a tracker, with optional geocoded addresses.
Query
| Param | Default | Description |
|---|---|---|
limit | 100 | Max number of points |
from | — | Min bound (server_timestamp) |
to | — | Max bound |
address | true | false to disable reverse geocoding |
Paginated export of a tracker's raw history (5000 points per page).
Query
| Param | Required | Description |
|---|---|---|
imei | yes | Tracker to export |
from/to | no | Time range |
page | no | Page index (0 by default) |
Response
{ "success": true, "imei": "…", "page": 0, "page_size": 5000,
"count": 5000, "has_more": true, "positions": [ … ] }
Positions of a tracker via its internal ID.
Fallback positions from cellular (SIM) location when GPS is unavailable.
Position ingestion (called by trackers/gateways). Rarely useful for a client integration.
Position fields
| Field | Description |
|---|---|
latitude, longitude | WGS84 coordinates |
speed | Speed (km/h) |
heading / angle | Heading (degrees) |
altitude | Altitude (m) |
satellites, hdop | GPS fix quality |
ignition, movement | Ignition / movement (0/1) |
battery_level, gsm_signal | Battery and network signal |
server_timestamp | Server timestamp (YYYY-MM-DD HH:MM:SS, UTC) |
Vehicles
Vehicle record linked to a tracker (plate, model, color, assigned person).
| Method | Endpoint | Purpose |
|---|---|---|
| GET | /vehicles | List your vehicles |
| GET | /vehicles/{id} | Vehicle details |
| POST | /vehicles | Create a vehicle |
| PUT | /vehicles/{id} | Update a vehicle |
| DELETE | /vehicles/{id} | Delete a vehicle |
Body (POST/PUT)
{
"plate": "GE 123456", "name": "Van",
"vehicle_type": "van", "vehicle_model": "Ford Transit",
"color": "#2563eb", "device_id": 12, "assigned_to": "John"
}
Geofences
Circular zones triggering alerts on enter and/or exit.
| Method | Endpoint | Purpose |
|---|---|---|
| GET | /geofences | List your zones |
| GET | /geofences/{id} | Zone details |
| POST | /geofences | Create a zone |
| PUT | /geofences/{id} | Update a zone |
| DELETE | /geofences/{id} | Delete a zone |
Body (POST/PUT)
{
"name": "Geneva depot",
"latitude": 46.204, "longitude": 6.143, "radius": 150,
"type": "vehicle", // or "general"
"vehicle_id": 12, // required if type = "vehicle"
"color": "#ef4444",
"alert_on_enter": true, "alert_on_exit": true,
"description": "Parking zone"
}
Agent assignments
Manage your agents (promoters/drivers) and the allocation of trackers to an agent for a session.
| Method | Endpoint | Purpose |
|---|---|---|
| GET | /assignments/agents | List agents |
| POST | /assignments/agents | Create an agent |
| PUT PATCH | /assignments/agents/{id} | Update an agent |
| DELETE | /assignments/agents/{id} | Delete an agent |
| GET | /assignments/devices/{imei}/current | Agent currently assigned to a tracker |
| GET | /assignments/devices/{imei}/history | Assignment history |
| POST | /assignments/devices/{imei}/assign | Assign an agent to a tracker |
| POST | /assignments/devices/{imei}/unassign | Release the tracker |
Alerts
Notification rules (low battery, speeding, zone enter/exit, etc.).
| Method | Endpoint | Purpose |
|---|---|---|
| GET | /manager/alerts | List alerts |
| POST | /manager/alerts | Create an alert |
| PUT | /manager/alerts/{id} | Update an alert |
| DELETE | /manager/alerts/{id} | Delete an alert |
Share-links (public sharing)
Create temporary share links that let anyone follow certain trackers without an account.
| Method | Endpoint | Purpose |
|---|---|---|
| GET | /manager/share-links | List your links |
| POST | /manager/share-links | Create a link (IMEI + expiry) |
| PUT | /manager/share-links/{id} | Update / (de)activate |
| DELETE | /manager/share-links/{id} | Revoke a link |
Reports
Scheduled reports (PDF) and tracking of their runs.
| Method | Endpoint | Purpose |
|---|---|---|
| GET | /manager/reports | List configured reports |
| POST | /manager/reports | Create a scheduled report |
| POST | /manager/reports/autoconfig | Automatic configuration |
| PUT | /manager/reports/{id} | Update a report |
| DELETE | /manager/reports/{id} | Delete a report |
| POST | /manager/reports/{id}/run-now | Generate immediately |
| GET | /manager/reports/{id}/runs | Runs of a report |
| GET | /manager/report-runs | All recent runs |
| GET | /manager/report-configs | List configs |
| POST | /manager/report-configs | Create a config |
Notifications & settings
| Method | Endpoint | Purpose |
|---|---|---|
| GET | /manager/notifications | List notifications |
| POST | /manager/notifications/{id}/read | Mark as read |
| GET | /manager/settings | Account settings |
| PUT | /manager/settings | Update settings |
| PUT | /manager/profile | Update the manager profile |
| GET | /manager/geofences | Geofences (manager view) |
Public sharing
Resolves a share-link: returns the shared trackers/IMEIs and the expiry. No token required.
Response
{ "success": true, "devices": [ … ], "imeis": ["…"], "expires_at": "…" }
Conventions — JSON responses
Successful responses usually carry success: true and the resource (or a list).
{ "success": true, "devices": [ … ] }
Errors
Errors return an appropriate HTTP status and a { "error": "message" } body.
| Status | Meaning |
|---|---|
400 | Invalid request (missing parameter / format) |
401 | Missing, invalid or expired token |
403 | Access denied to this resource (e.g. another account's tracker) |
404 | Resource or endpoint not found |
500 | Server error |
Pagination
Position lists are limited via limit. The history export
(/positions/export) is paginated in pages of 5000 points: iterate over
page while has_more is true.
Dates & time zones
- Tokens/sessions use ISO 8601 UTC (
2026-07-11T06:12:33.000Z). - Position timestamps (
server_timestamp) use theYYYY-MM-DD HH:MM:SSformat in UTC. - The
from/tofilters accept the same format as the target field.
403. Keep the token server-side; do not expose it in a public front end.