IQS Flow API

Built for your existing tech stack.

Connect IQS Flow to your ERP, CMMS, or BI platform. Clean RESTful endpoints, webhook events, and Bearer token auth - production-ready from day one.

Get API Keys View Documentation

Authentication

Bearer token, one line.

Every request authenticates with an Authorization: Bearer header. Tokens are scoped per tenant and rotatable at any time from your admin panel.

# Fetch all sites for your tenant

curl -X "GET" \
  https://api.iqsflow.com/v1/sites \
  -H "Authorization: Bearer sk_live_••••••••••••••••" \
  -H "Content-Type: application/json"

# Response: 200 OK
{
  "data": [
    {
      "id": "site_01J8X2K9M",
      "name": "Terminal 3 - O'Hare",
      "score": 94.2,
      "status": "active"
    }
  ],
  "total": 12,
  "page": 1
}

REST API

Key endpoints

Everything your integrations need, structured and versioned.

GET/v1/sites

Sites

List and filter all sites in your portfolio. Includes live quality scores, status, GPS coordinates, and vendor assignments.

# Filter by score threshold
GET /v1/sites?score_lt=80&status=active

GET/v1/inspections

Inspections

Full inspection records with scores per checklist item, photo attachments, inspector metadata, and compliance flags.

# By site, paginated
GET /v1/inspections?site_id=site_01J8X2K9M&limit=50

GET/v1/reports

Reports

Aggregate quality summaries by site, vendor, or time window. Use these to feed your BI dashboards or executive reporting pipelines.

# Monthly summary
GET /v1/reports?period=2026-03&group_by=vendor

Webhooks

Real-time event delivery.

Subscribe to IQS Flow events and receive signed JSON payloads instantly to your endpoint. No polling required. Events include inspection completions, failing score alerts, ticket escalations, and compliance threshold breaches.

# POST to your webhook endpoint - inspection.completed

{
  "event": "inspection.completed",
  "id": "evt_01HXKP4B7Q",
  "created_at": "2026-03-25T14:32:07Z",
  "data": {
    "inspection_id": "insp_04MXYZ891",
    "site_id": "site_01J8X2K9M",
    "site_name": "Terminal 3 - O'Hare",
    "score": 91.4,
    "passed": true,
    "inspector": {
      "id": "user_09XAB",
      "name": "Maria Santos"
    },
    "items_failed": 2,
    "photos_attached": 7
  }
}

Signature verification: Every webhook includes an X-IQS-Signature header - a HMAC-SHA256 of the raw body signed with your webhook secret. Validate it before processing.

Rate Limits

Generous limits at every tier.

Limits are enforced per API key with a rolling 60-second window. Headers on every response tell you exactly where you stand.

Standard

100

req / min

Professional

500

req / min

Enterprise

Custom

SLA-backed

Best practices

Read the X-RateLimit-Remaining header and back off when it approaches zero.
Use webhooks for near-real-time needs instead of polling the REST API.
Cache site and user data client-side - these change infrequently.
Contact us for Enterprise SLAs, dedicated rate pools, or IP whitelisting.

Ready to integrate?

Talk to our team, get sandbox credentials, and push your first request within the hour.

Get API Keys →View Pricing