API Reference.

Conventions

The CHeKT Partner API is the single endpoint surface used by both Platform partners (running Platform Linking) and Dealer apps (CHeKT Apps). The same paths, the same auth, the same response shapes — what differs is the scope of dealers a token is granted access to.

Base URL

https://api.chekt.com — all endpoints versioned under /partner/v1.

Auth (most endpoints)

OAuth 2.0 Client Credentials Grant. POST /oauth/token with client_id + client_secret returns an access_token; send as Authorization: Bearer <token>.

Auth (connect endpoint)

The /partner/v1/dealers/connect endpoint requires an Authorization access token tied to a user, not a client credential — that flow binds the dealer in the token to your external_dealer_id.

Tracing header

Optional x-partner-trace-id UUID propagated through CHeKT logs. Send your correlation ID to make support requests trivial.

Status

Currently version 0.8 — the API is in active draft. Breaking changes are still possible.

A first call

Exchange your client credentials for an access token, then list sites under a dealer. The x-partner-trace-id header is optional but recommended — we use it to correlate requests across our edge and core.

# 1) Get an access token (OAuth 2.0 Client Credentials Grant)
curl -X POST https://api.chekt.com/oauth/token \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=client_credentials&client_id=${CLIENT_ID}&client_secret=${CLIENT_SECRET}"

# 2) Use the access_token to list a dealer's sites
curl https://api.chekt.com/partner/v1/dealers/${DEALER_ID}/sites \
  -H "Authorization: Bearer ${ACCESS_TOKEN}" \
  -H "x-partner-trace-id: 550e8400-e29b-41d4-a716-123456789000"

[
  {
    "site_id": 1,
    "external_site_id": "1234567890",
    "name": "Gangnam Headquarters",
    "monitoring_station_id": 12345,
    "external_monitoring_station_id": "12345",
    "account_number": "1234567890",
    "address1": "123 Teheran-ro, Gangnam-gu, Seoul",
    "timezone": "Asia/Seoul",
    "is_activated": 1,
    "created_at": "2025-01-01 00:00:00"
  }
]

Query strings on list endpoints

List endpoints accept a small set of query parameters that let you select columns, filter, sort, and paginate without a separate query language.

fields

Comma-separated column names. Use tableName.column when joining. Example: fields=site_id,name,timezone

filter

Format: filter=column,value,operator. Operators: eq (default), neq, lt, lte, gt, gte, regex. Multiple filter params combine with AND.

sort

Column name to sort by. Example: sort=created_at

dir

Sort direction: asc (default) or desc.

limit

Maximum rows returned. Example: limit=50

offset

Skip this many rows before returning results. Use with limit for offset pagination.

GET /partner/v1/dealers/42/sites
    ?fields=site_id,name,timezone
    &filter=is_activated,1,eq
    &sort=created_at&dir=desc
    &limit=50&offset=0

Resource families

Jump to any section below, or scroll through the full reference.

Dealers

Connect and disconnect dealer accounts, read and update dealer metadata.

Sites

Physical or logical locations a dealer monitors. Sites group devices, contacts, and arming configuration.

Monitoring Stations

The central stations that receive alarms from sites. Configure routing prefix and linecard per station.

Contacts

People associated with a site who receive verification calls or notifications.

Devices

Cameras and bridges installed at a site. Bulk-create, bulk-update, and bulk-delete are supported because devices are typically provisioned in batches.

Arming Settings

Per-site arming configuration. Choose which security system handles the site (CHeKT video, alarm panel via bridge, or external security system).

Alarm Verifications

Respond to alarm verification requests CHeKT initiates. Each verification has a verification_id (UUID) and is tied to one contact_id.

Common response shapes

Every endpoint returns a documented DTO. The most-used shapes below — the full schema lives in the OpenAPI spec.

ResponseDealerDto

{
  "dealer_id": 12345,
  "external_dealer_id": "ext-67890",
  "company_name": "CHeKT Security Solutions Inc.",
  "company_address1": "456 Market Street",
  "company_address2": "Suite 801, 8th Floor",
  "company_email": "support@chektdealer.com",
  "company_phone_number": "+1-555-123-4567",
  "created_at": "2024-03-27T12:34:56.000Z"
}

ResponseSiteDto

{
  "site_id": 1,
  "external_site_id": "1234567890",
  "name": "Gangnam Headquarters",
  "monitoring_station_id": 12345,
  "external_monitoring_station_id": "12345",
  "account_number": "1234567890",
  "address1": "123 Teheran-ro, Gangnam-gu, Seoul",
  "address2": "7th Floor, Suite 701",
  "timezone": "Asia/Seoul",
  "is_activated": 1,
  "has_physical_bridge": true,
  "created_at": "2025-01-01 00:00:00"
}

ResponseDeviceDto

{
  "device_id": 1,
  "external_device_id": "ext-67890",
  "device_type": "camera",
  "name": "Front Door",
  "zone_number": "001",
  "additional_zone_numbers": "002,003",
  "mac": "1234567890",
  "manufacturer": "CHeKT",
  "model": "CHEKT-CAM-001",
  "serial_number": "1234567890",
  "registered_by_partner": "chekt",
  "created_at": "2021-07-01T00:00:00.000Z",
  "updated_at": "2021-07-01T00:00:00.000Z"
}

Bulk device response (Create / Update / Delete)

Bulk endpoints return per-item success or failure so partial failure is recoverable on your side.

{
  "success_count": 2,
  "failure_count": 1,
  "results": [
    { "is_successful": true, "req": { /* CreateDeviceDto */ }, "res": { /* ResponseDeviceDto */ } },
    { "is_successful": true, "req": { /* … */ }, "res": { /* … */ } },
    {
      "is_successful": false,
      "status_code": 400,
      "error_message": "name must not be empty",
      "req": { /* CreateDeviceDto that failed */ }
    }
  ]
}

Error responses

Every endpoint uses the same four error codes for predictable client handling:

400 Bad Request

Invalid input — missing required field, wrong type, or failed validation. Inspect the response body for the failed field.

401 Unauthorized

Token missing, expired, or invalid. Refresh via the OAuth token endpoint.

403 Forbidden

Token is valid but lacks scope for this resource. Common when a Partner token tries to read a dealer that is not connected.

404 Not Found

Resource ID does not exist or has been deleted. Double-check IDs in the URL.

Next steps

• QuickstartToken exchange → first call in 10 minutes.
• AuthenticationClient credentials, scopes, token rotation.
• Partner programmeApply for Platform Linking access.