No products in the cart.
Coming Soon
Coming Soon
OVERVIEW
Identity & Access
Users
Cohorts
Permissions
Sites & Locations
Sites
Station Assets
Incident Management
Incidents
Incident Types & Severity
Escalation & Notifications
Incident Logs
Plans
Site Incident Response Plans (SIRPs)
Linked Plans
Post-Incident Review (PIR)
PIR Cases
Debriefs
Actions & Lessons Learned
Training & Exercising
Exercises
Scenarios
Attendance & Competence
Audit & Assurance
Audit Logs
Compliance Evidence
Reviews
Reporting & Insights
System Administration
Integrations
Webhooks
Configuration
Introduction
The Tentacle API is organised around REST principles. Our API provides predictable, resource-oriented URLs, accepts application/x-www-form-urlencoded or JSON request bodies, returns JSON-encoded responses, and uses standard HTTP status codes, authentication methods, and verbs.
The API enables integration with Tentacle’s operational security, incident management, station operations, and audit systems.
During development, you may use the Tentacle API in sandbox mode, which allows full testing without impacting live operational data.
If you encounter issues while developing against our APIs, please review the FAQs section below. If you are unable to resolve your issue, contact your designated support team member.
Basic
https://<hostname>/api/v1/
Authentication
The Tentacle API uses secure API key authentication.
You can generate and manage your API credentials within your Tentacle Admin Dashboard.
Your API keys grant access to operational and security-sensitive data. Keep them secure and never expose secret keys in public repositories such as GitHub.
All API requests:
Must be made over HTTPS
Must originate from a whitelisted IP address
Must include valid authentication credentials
Requests made over HTTP, from unauthorised IPs, or without valid credentials will fail.
Required Authentication Parameters
ts_company_id
ts_api_key
ts_environment (0 = production, 1 = sandbox)
Checklist
When calling any API:
1. Set your server's IP Address
2. Send the following parameters:
• tb_companyid
• tb_sharedsecret
• tb_sandbox_mode
1. Set your server's IP Address
2. Send the following parameters:
• tb_companyid
• tb_sharedsecret
• tb_sandbox_mode
Errors
Tentacle uses conventional HTTP response codes to indicate success or failure.
Status Code Guide
2xx – Request successful
4xx – Client-side error (invalid parameters, authentication failure, etc.)
5xx – Server-side error
Common Error Codes
200
OK
400
Missing a required parameter
401
Invalid parameter format
403
Unauthorised request
404
Resource not found
410
Unauthorised IP address
411
Invalid Company ID
412
Invalid API Key
420
Request failed
421
Requested data not found
430
Rate limit exceeded
500
Internal server error
OVERVIEW
Identity & Access
Users
Cohorts
Permissions
Sites & Locations
Sites
Station Assets
Incident Management
Incidents
Incident Types & Severity
Escalation & Notifications
Incident Logs
Plans
Site Incident Response Plans (SIRPs)
Linked Plans
Post-Incident Review (PIR)
PIR Cases
Debriefs
Actions & Lessons Learned
Training & Exercising
Exercises
Scenarios
Attendance & Competence
Audit & Assurance
Audit Logs
Compliance Evidence
Reviews
Reporting & Insights
System Administration
Integrations
Webhooks
Configuration
Introduction
The Tentacle API is organised around REST principles. Our API provides predictable, resource-oriented URLs, accepts application/x-www-form-urlencoded or JSON request bodies, returns JSON-encoded responses, and uses standard HTTP status codes, authentication methods, and verbs.
The API enables integration with Tentacle’s operational security, incident management, station operations, and audit systems.
During development, you may use the Tentacle API in sandbox mode, which allows full testing without impacting live operational data.
If you encounter issues while developing against our APIs, please review the FAQs section below. If you are unable to resolve your issue, contact your designated support team member.
Basic
https:///api/v1/
Authentication
The Tentacle API uses secure API key authentication.
You can generate and manage your API credentials within your Tentacle Admin Dashboard.
Your API keys grant access to operational and security-sensitive data. Keep them secure and never expose secret keys in public repositories such as GitHub.
All API requests:
- Must be made over HTTPS
- Must originate from a whitelisted IP address
- Must include valid authentication credentials
Requests made over HTTP, from unauthorised IPs, or without valid credentials will fail.
Required Authentication Parameters
- ts_company_id
- ts_api_key
- ts_environment (0 = production, 1 = sandbox)
Checklist
When calling any API:
1. Set your server's IP Address
2. Send the following parameters:
• tb_companyid
• tb_sharedsecret
• tb_sandbox_mode
1. Set your server's IP Address
2. Send the following parameters:
• tb_companyid
• tb_sharedsecret
• tb_sandbox_mode
Errors
Tentacle uses conventional HTTP response codes to indicate success or failure.
Status Code Guide
2xx – Request successful
4xx – Client-side error (invalid parameters, authentication failure, etc.)
5xx – Server-side error
Common Error Codes
200
OK
400
Missing a required parameter
401
Invalid parameter format
403
Unauthorised request
404
Resource not found
410
Unauthorised IP address
411
Invalid Company ID
412
Invalid API Key
420
Request failed
421
Requested data not found
430
Rate limit exceeded
500
Internal server error
Checklist
When calling any API:
1. Set your server's IP Address
2. Send the following parameters:
• tb_companyid
• tb_sharedsecret
• tb_sandbox_mode
1. Set your server's IP Address
2. Send the following parameters:
• tb_companyid
• tb_sharedsecret
• tb_sandbox_mode
