From zero to your first call.

What you'll build

By the end of this quickstart you'll have an authenticated request working against the CHeKT API and (optionally) a webhook endpoint receiving live events. The same building blocks scale up to any integration you'll build later — there's no "tutorial-only" shortcut here.

The arc at a glance

Five steps from a fresh terminal to a working integration.

1 Set up your shell environment

Every CHeKT request authenticates with your app's API key sent as a Bearer token. Store it as an environment variable so you don't paste it into commands (which ends up in your shell history). Pick your shell:

# Add to ~/.bashrc or ~/.zshrc
export CHEKT_CLIENT_ID='your-client-id'
export CHEKT_CLIENT_SECRET='your-client-secret'
export CHEKT_DEALER_ID='your-dealer-id'

# Confirm they're set
echo $CHEKT_CLIENT_ID $CHEKT_DEALER_ID

2 Install an SDK (optional)

You don't need an SDK — curl works fine for everything. But if you're shipping a real app, the typed SDK gives you autocomplete, schema validation, and built-in retries with exponential backoff.

npm install @chekt/sdk

3 Make your first call

List the devices on your dealer. A successful response confirms auth, permissions, and connectivity all work end-to-end. Pick your language:

# 1) Exchange client credentials for an access token
ACCESS_TOKEN=$(
  curl -s -X POST https://api.chekt.com/oauth/token \
    -H "Content-Type: application/x-www-form-urlencoded" \
    -d "grant_type=client_credentials" \
    -d "client_id=${CHEKT_CLIENT_ID}" \
    -d "client_secret=${CHEKT_CLIENT_SECRET}" \
    | jq -r .access_token
)

# 2) List the sites under your dealer
curl https://api.chekt.com/partner/v1/dealers/${CHEKT_DEALER_ID}/sites \
  -H "Authorization: Bearer ${ACCESS_TOKEN}" \
  -H "x-partner-trace-id: $(uuidgen)"

Success looks like this:

{
  "data": [
    {
      "id": "dev_8h2j3kfm",
      "type": "camera",
      "name": "Main Entrance",
      "site_id": "site_29snd",
      "status": "online",
      "firmware": "2.14.1",
      "last_seen_at": "2026-05-26T10:21:34Z"
    }
  ],
  "has_more": false,
  "next_cursor": null
}

4 Handle the common errors

Most first-call problems fall into one of four buckets. Skim them now — you'll recognise them faster when something goes sideways at 3am.

See the full error reference for every stable error code and the right way to handle each.

5 Listen for events

The REST API gets you pull. Webhooks give you push. Register a public HTTPS endpoint in your app's settings, subscribe to the event types you care about, and CHeKT will POST signed payloads to your endpoint in real time.

Here's a minimal receiver with HMAC signature verification:

import express from "express";
import crypto from "crypto";

const app = express();

app.post(
  "/webhooks/chekt",
  express.raw({ type: "application/json" }),
  (req, res) => {
    const sig = req.headers["x-chekt-signature"] as string;
    const ts  = req.headers["x-chekt-timestamp"] as string;
    const signed = `${ts}.${req.body.toString("utf8")}`;

    const expected = crypto
      .createHmac("sha256", process.env.CHEKT_WEBHOOK_SECRET!)
      .update(signed)
      .digest("hex");

    if (!crypto.timingSafeEqual(
      Buffer.from(sig, "hex"),
      Buffer.from(expected, "hex"),
    )) return res.status(401).end();

    const event = JSON.parse(req.body.toString("utf8"));
    console.log(`Got ${event.type}`);
    res.sendStatus(200);
  },
);

app.listen(3000);

You're done.

You've authenticated, called the API, handled errors, and received a webhook. That's the complete loop — every CHeKT integration is variations on this pattern. Pick where to go next:

• API ReferenceEvery endpoint, parameter, and DTO.
• Webhooks deep-diveRetries, dedup patterns, signing details.
• Lock down the appIP allow lists, key rotation, incident response.
• Operator CLIDrive the same API from your terminal.
• MCP for AIPlug CHeKT into Claude, ChatGPT, or any agent.
• GuidesLong-form walkthroughs for common app shapes.