Skip to content
  • There are no suggestions because the search field is empty.

k12panel API concepts

A few ideas make the whole API easier to use.

Record IDs

Every asset, person, site, and group has a numeric ID — for example 4021. This is the same ID you see in the app's web address and in your CSV exports, so an ID from an export works directly with the API and vice-versa. Once you know a record's ID, it's a permanent handle to that record.

Finding records by what you already know

You usually don't know the ID up front — you know a serial number, an asset tag, or an email address. So you look records up first, then use the ID you get back:

  • Find assets by serial, asset_tag, or name.
  • Find people by email or name.
# Find an asset by serial, then read its id from the response
curl -H "Authorization: Bearer $KEY" \
  "https://<your-panel-domain>/api/public/v1/assets?serial=5CD1234XYZ"

Match rules: serial, asset_tag, and email match exactly (case-insensitive); name matches partially (contains). Because serials and emails aren't guaranteed to be unique, a lookup can return more than one record — see Handling errors.

Reference data

To fill in things like a site when updating an asset, you first need the IDs of your sites, groups, and classes. These are available read-only:

  • GET /sites
  • GET /org-units
  • GET /person-groups
  • GET /asset-classes
  • GET /asset-tags
  • GET /meta — the allowed values for fields like an asset's state

Check-in and check-out

An asset can be checked out to exactly one person at a time. Checking out records who has the device and adds an entry to both the device's and the person's history. Checking in clears it. This is exactly how check-in/out works in the web interface.

When you check a device in or out through the API, the history entry is attributed to the key's name (shown as APIKEY_<name>), so API actions are easy to tell apart from actions a staff member took in the app.

You can identify the person either by their ID or by email — you don't have to look them up first:

{ "person": { "email": "jsmith@school.org" } } 

Keys and permissions

Your key belongs to one organization and only has the permissions you granted it. Keep it secret (treat it like a password), and revoke or rotate it any time from Settings → API Keys. See Getting started.