Skip to main content
Skip table of contents

Equipment Portal Public Read-Only API

The Public Read-Only API for the Equipment Portal enables customers to automatically access all data available in the portal, eliminating manual exports and copy-paste into third-party systems.

The API offers structured, standardized data ideal for integrations with ERP systems, BI solutions, dashboards, or custom applications.

Examples:
• Push equipment data into your ERP
• Display inspection data in BI dashboards
• Embed location data in custom overviews

Note: The API is fixed, standardized, and read-only.

Custom extensions or write access are not provided.

Benefits of Our Interface

  • Automation: No more manual exporting or copying.

  • Easy integration into your own tools (e.g., ERP, BI, reporting).

  • Standardized format – ready to use immediately.

  • Up-to-date data: always current – directly from the portal.

  • Fast start: clear documentation with field options, explanations, and versioning.

  • Secure and performant: HTTPS and API key access. User-based token generation including monitoring and versioning.

Common Questions About the API

Question

Answer

Can I add custom fields?

The interface is standardized and cannot be customized. However, you can repurpose existing fields for your needs. All fields from the portal are exported for equipment, functional locations, and inspections. Map these to your target system as needed, e.g., use the free-text “Description” field on equipment.

Can I write data into the portal?

No. The API is currently read-only. Data can only be retrieved.

How do I get access?

Contact your Carl Stahl representative to schedule an initial consultation. You will then receive the full documentation and access to generate a token for your organization.

How does authentication work?

Through your Carl Stahl representative as part of onboarding, you receive personalized backend access to generate your API token yourself. The token is accessible only to you, preventing access by others. Access is limited to your organization (tenant).

Is there monitoring?

Internal monitoring, API versioning, and continuous tests ensure high availability of the API.

How are updates handled? Is there versioning?

The API is versioned. With proactive announcements, updates switch to the new version so existing integrations remain stable. Versioning is part of the URL, enabling clear separation between API maturity levels. Customers are proactively informed about new versions.

What about data protection and security?

We ensure no unauthorized access occurs via the API. See below.

Is there an emergency process if a token is compromised?

Customers can revoke a token within minutes or generate a new one. This can also be done via your Carl Stahl representative.

Is the interface available only in German?

No, it is available in all languages. The API language can be selected in the token.

Data Protection and Security

1) Access Restriction / Tenant Isolation

  • Each customer can retrieve only their own organization’s data.

  • Tenant separation is technically enforced.

  • Authentication and authorization are enforced by Carl Stahl.

2) Authentication / API Key

  • Access is via a customer-specific API key (token).

  • The token is shown only once on creation, then cannot be displayed again.

  • Token creation is only possible after a Carl Stahl employee enables the rights.

3) Data Transmission Security

  • All API endpoints are provided exclusively via HTTPS.

  • Authentication data is never transmitted unencrypted.

4) Read-Only Processing

  • The API delivers export data only (GET).

  • No ability to change, delete, or manipulate data.

5) Type of Transferred Data

  • Only technical equipment data, locations, and inspection information.

  • No personal customer data.

6) Data Protection

  • No additional customer data is stored or processed by the API.

  • Transmission is limited to data that the customer can already view in the portal.

  • GDPR-compliant through measures such as strict tenant isolation and exclusion of customers’ employee personal data.

7) Rapid Token Revocation

  • If a token is compromised, the customer can revoke it within minutes and generate a new independent token.

  • This can also be handled via Carl Stahl Support.

Interested?

Please contact your Carl Stahl representative to schedule a scoping session.

Technical Details — Available Data

You will receive comprehensive documentation as a Swagger file and a detailed description of possible fields and input options at project kickoff.

Our read-only API is divided into three areas. You can retrieve functional locations and their details, equipment and their details, as well as inspections with details and attachments. Technically, the API offers the following endpoints:

Functional Location API

  1. CODE 
    Get all latest functional locations based on sent timestamp (paged)

    - Retrieve all new functional locations (IDs) since the provided timestamp.

  2. CODE 
    Get one functional location details

    - Retrieve all details for these functional locations.

Equipment API

  1. CODE 
    Get all latest equipment based on sent timestamp (paged)

    - Retrieve all new equipment (IDs) since the provided timestamp.

  2. CODE 
    Get equipment details

    - Retrieve all details for this equipment.

Inspection API

  1. CODE 
    Get all latest equipment with inspections based on sent timestamp

    - Retrieve all new inspections (IDs) since the provided timestamp.

  2. CODE 
    Get inspection details

    - Retrieve all details for these inspections.

  3. CODE 
    Get inspection certificate

    - Retrieve the certificate for these inspections.

  4. CODE 
    Get inspection media

    - Retrieve uploaded media for these inspections (images and documents).

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close