Getting started
This guide gets you from zero to your first authenticated MaxTrax API call.
Base URL
Section titled “Base URL”MaxTrax is multi-tenant, and each tenant is served from its own origin behind a per-tenant edge. Your API base URL is therefore tenant-specific — your MaxTrax administrator provides it when you are onboarded. Throughout these docs we write it as:
https://<your-tenant>.maxtrax.ioAll paths in the API reference are relative to that base — for example
GET /welds means GET https://<your-tenant>.maxtrax.io/welds.
A first (anonymous) call
Section titled “A first (anonymous) call”The health endpoints require no authentication, so they are the simplest way to confirm you can reach your tenant:
curl https://<your-tenant>.maxtrax.io/health/liveA healthy tenant returns 200 OK.
Authenticate
Section titled “Authenticate”Every data endpoint requires authentication. There are two supported modes (see Authentication for the full picture):
- The MaxTrax web app authenticates with httpOnly cookies — handled for you by the browser.
- Server-to-server / early integrators authenticate with a bearer token in the
Authorizationheader.
For an integration, sign in to obtain an access token, then send it as a bearer token:
# 1. Sign in (credentials issued by your MaxTrax administrator).curl -X POST https://<your-tenant>.maxtrax.io/auth/login \ -H 'Content-Type: application/json' \# -> returns an access token (and a rotating refresh token).
# 2. Call a data endpoint with the access token as a bearer credential.curl https://<your-tenant>.maxtrax.io/welds \ -H 'Authorization: Bearer <access-token>'Access tokens are short-lived; use POST /auth/refresh to obtain a new one when it expires.
See Authentication for token lifetimes, refresh, and CSRF rules.
Response shape
Section titled “Response shape”- Responses are JSON.
- Errors use the standard RFC 9457
application/problem+jsonProblem Details shape (atype,title,status, anddetail). - The exact request and response schema for every endpoint is in the REST API reference, generated from the OpenAPI contract.
Next steps
Section titled “Next steps”- Authentication — cookie vs. bearer, refresh, and CSRF.
- Data model — the weld / ISO / inspection vocabulary the endpoints use.
- REST API reference — every endpoint, parameter, and schema.