메뉴
Tekmetric REST API — authentication, paginated endpoints, sync patterns, and undocumented behaviors. Use when integrating with Tekmetric shop management data (customers, vehicles, repair orders, employees, appointments).
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
Semver release workflow — bump version, tag, push, verify CI. Use when releasing, bumping version, updating version, or when the user says 'release', 'bump', 'major', 'minor', 'patch', 'update version', 'new version', 'cut a release', 'tag', or 'goreleaser'.
Mise dev tool manager — installing tools, running mise-managed commands, and configuring .mise.toml. Use when installing tools, running CLI commands that aren't found, or setting up project environments.
Reference for the promptherder CLI — syncs AI agent rules, skills, and workflows from herd repos to agent targets. Use when installing, updating, or troubleshooting prompt distribution.
Docker best practices for multi-stage Alpine builds — security patches, image pinning, and layer optimization. Use when creating, reviewing, or updating Dockerfiles.
DaisyUI v5 component library for Tailwind CSS — semantic UI classes, themes, layout patterns, drawer/sidebar gotchas, and component quick reference. Use when building, styling, or debugging UI with DaisyUI, Tailwind components, or DaisyUI themes.
Groq API syntax — Whisper transcription, audio processing, and prompt-based jargon guidance. Use when calling Groq endpoints or transcribing audio.
| name | tekmetric-api |
| description | Tekmetric REST API — authentication, paginated endpoints, sync patterns, and undocumented behaviors. Use when integrating with Tekmetric shop management data (customers, vehicles, repair orders, employees, appointments). |
Full endpoint documentation: See
Tekmetric-API.txtin this skill directory. This skill focuses on patterns, gotchas, and integration knowledge that go beyond the raw docs.
| Environment | Base URL | Rate Limit |
|---|---|---|
| Sandbox | https://sandbox.tekmetric.com | 300 req/min |
| Production | https://shop.tekmetric.com | 600 req/min |
All endpoints are under /api/v1/.
OAuth2 client credentials flow. Token does not expire until explicitly revoked.
curl -X POST 'https://sandbox.tekmetric.com/api/v1/oauth/token' \
-H "Authorization: Basic $(echo -n 'CLIENT_ID:CLIENT_SECRET' | base64)" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=client_credentials"
Response:
{
"access_token": "7de937e1-8574-4459-a0cc-bb4505e7803f",
"token_type": "bearer",
"scope": "1 2"
}
scope is a space-separated list of Shop IDs the token has access to-H "Authorization: Bearer <access_token>"expires_in field may or may not be present in the response; if absent, treat as non-expiringSecurity implications: Since the token is permanent and non-rotatable, treat the Client ID + Client Secret as the primary secrets to protect. Store them in sealed secrets (never in code or env files). The access token should be cached in memory only (never persisted to disk or logged). If a token is ever compromised, contact Tekmetric to revoke and reissue.
All list endpoints return a Spring Data Page envelope:
{
"content": [ ... ],
"totalPages": 5,
"totalElements": 450,
"last": false,
"first": true,
"size": 100,
"number": 0,
"numberOfElements": 100
}
| Field | Meaning |
|---|---|
content | Array of records for this page |
number | Zero-indexed page number |
size | Requested page size (capped at 100) |
totalElements | Total matching records across all pages |
totalPages | Total pages |
last | true if this is the final page |
first | true if this is the first page |
size param > 100 is silently cappedtotalElements is reliable for quick count-based verificationlast == true OR number + 1 >= totalPages| Entity | List | Single | Notes |
|---|---|---|---|
| Shops | GET /shops | GET /shops/{id} | Not paginated — returns array |
| Customers | GET /customers | GET /customers/{id} | Paginated |
| Vehicles | GET /vehicles | GET /vehicles/{id} | Paginated |
| Repair Orders | GET /repair-orders | GET /repair-orders/{id} | Paginated, includes jobs |
| Jobs | GET /jobs | GET /jobs/{id} | Paginated |
| Employees | GET /employees | GET /employees/{id} | Paginated |
| Appointments | GET /appointments | GET /appointments/{id} | Paginated |
All paginated list endpoints accept:
| Param | Type | Description |
|---|---|---|
shop | Integer | Required — filter by shop ID |
size | Integer | Page size (max 100) |
page | Integer | Zero-indexed page number |
updatedDateStart | Date | ISO 8601 — filter by updated date >= |
updatedDateEnd | Date | ISO 8601 — filter by updated date <= |
deletedDateStart | Date | ISO 8601 — filter by deleted date >= |
deletedDateEnd | Date | ISO 8601 — filter by deleted date <= |
All dates use ISO 8601 with Z suffix: 2025-02-15T10:31:59Z
Use DateTime.to_iso8601/1 in Elixir — the default output with Z suffix is compatible.
| HTTP Code | Meaning | Action |
|---|---|---|
| 200 | Success | — |
| 400 | Bad request | Fix params |
| 401 | Invalid token | Re-authenticate |
| 403 | Insufficient scope | Token lacks shop access |
| 404 | Not found | — |
| 429 | Rate limited | Backoff and retry |
| 5xx | Server error | Retry with exponential backoff |
The API uses three different error response formats depending on the endpoint and error type:
1. OAuth token errors (POST /oauth/token):
{"error": "invalid_client"}
// or
{"error": "unsupported_grant_type", "error_description": "OAuth 2.0 Parameter: grant_type"}
2. Bearer token 401 (invalid/expired token on API endpoints):
HTTP 401 — empty body (no JSON)
3. API-level errors (403 forbidden, etc.):
{ "type": "ERROR", "message": "Access Denied", "data": null, "details": {} }
⚠️ Always check the HTTP status code first — don't assume a JSON body exists.
wait = min(2^n + random_ms, 60_000) # n starts at 1
All monetary fields are in cents (integer). Examples:
laborSales: 13000 → $130.00partsSales: 25997 → $259.97cost: 15999 → $159.99Before writing or modifying any code that interacts with the Tekmetric API, verify the actual API behavior with a direct curl call first. Do not trust the official documentation alone — it is incomplete and sometimes inaccurate.
This rule applies when:
updatedDateStart with deletedDateStart)This rule does NOT apply to:
Why this matters: This API has undocumented behaviors that have caused production bugs. The employees endpoint silently omits shopId, error responses come in 3 different formats, and page sizes are silently capped. Every one of these was discovered through direct curl testing, not from reading docs.
See the Local Development & Testing section for ready-to-use curl and PowerShell examples.
These are field-hardened findings from production integration work. They are not in the official Tekmetric documentation.
When querying /repair-orders (and likely other endpoints), combining regular date params with deleted date params causes the API to return ONLY deleted records:
# ❌ WRONG — returns ONLY deleted records, not both
GET /repair-orders?shop=1&updatedDateStart=...&deletedDateStart=...
# ✅ CORRECT — two separate calls, merge in app code
# Call 1: active/updated records
GET /repair-orders?shop=1&updatedDateStart=...&updatedDateEnd=...
# Call 2: deleted records
GET /repair-orders?shop=1&deletedDateStart=...&deletedDateEnd=...
Confirmed October 2025. This applies to Repair Orders, Customers, and Vehicles.
Exception: Appointments use includeDeleted=true parameter instead of separate calls.
shopIdThe /employees endpoint accepts a shop query parameter for filtering, but the response body does not include a shopId field. This means:
shop_id from the request context, not the responseshopId being in the response for database mapping, it will always be nilhas_any_employees? checks always returned false, triggering full re-syncs every cycleRequesting size=500 does not return an error — it silently returns 100 results. Always use size=100 explicitly to make code behavior match expectations.
The standalone /jobs endpoint filters by job.updatedDate, which may miss jobs that were part of a Repair Order update but not individually updated. For reliable job syncing, extract jobs from the embedded jobs array in /repair-orders/{id} responses instead.
The API accepts both formats for query parameters:
# Both work — Req library handles either
{"shop", shop_id} # string-keyed tuple
[shop: shop_id] # atom-keyed keyword list
Standardize on string-keyed tuples for consistency across modules.
The scope field in the token response is a space-separated string of Shop IDs, not a permission scope. Example: "scope": "1 2" means access to shops 1 and 2.
Network latency (~250-400ms per request) is typically the bottleneck before hitting rate limits. Sequential throughput maxes out around 200-240 req/min on the sandbox, well below the 300 req/min rate limit.
defmodule SyncPlugins.Tekmetric.Client do
@doc "GET request using the provider's base_url and credentials."
def get(%SmsProvider{} = provider, path, params \\ []) do
Req.get(
url: provider.base_url <> "/api/v1" <> path,
headers: [{"Authorization", "Bearer #{get_token(provider)}"}],
params: params
)
end
end
defmodule SyncPlugins.Tekmetric.Paging do
@doc "Fetch all pages using a closure that binds the provider."
def list_all_pages(get_fn, path, params, opts \\ []) do
size = Keyword.get(opts, :size, 100)
do_fetch(get_fn, path, [{"size", size} | params], 0, [])
end
defp do_fetch(get_fn, path, params, page, acc) do
case get_fn.(path, [{"page", page} | params]) do
{:ok, %{body: %{"content" => content, "last" => true}}} ->
{:ok, acc ++ content}
{:ok, %{body: %{"content" => content}}} ->
do_fetch(get_fn, path, params, page + 1, acc ++ content)
{:error, _} = error ->
error
end
end
end
defmodule SyncPlugins.Tekmetric.Customers do
def list_customers(%SmsProvider{} = provider, shop_id, params \\ []) do
get_fn = fn path, p -> Client.get(provider, path, p) end
Paging.list_all_pages(get_fn, "/customers", [{"shop", shop_id} | params])
end
def sync_recent(%SmsProvider{} = provider, tenant_id, shop_id, %DateTime{} = since) do
updated = list_customers(provider, shop_id, [
{"updatedDateStart", DateTime.to_iso8601(since)}
])
deleted = list_customers(provider, shop_id, [
{"deletedDateStart", DateTime.to_iso8601(since)}
])
# Merge by ID — deleted records may overlap with updated
merged = Map.merge(
Map.new(updated, &{&1["id"], &1}),
Map.new(deleted, &{&1["id"], &1})
) |> Map.values()
upsert_many(provider, tenant_id, merged)
end
end
| Entity | Updated Records | Deleted Records | Merge? |
|---|---|---|---|
| Customers | updatedDateStart/End | deletedDateStart/End | Yes |
| Vehicles | updatedDateStart/End | deletedDateStart/End | Yes |
| Repair Orders | updatedDateStart/End | deletedDateStart/End | Yes |
| Jobs | Derived from RO /repair-orders/{id} | Mark missing as deleted | N/A |
| Employees | updatedDateStart/End | Full re-fetch (no delete filter) | No |
| Appointments | updatedDateStart/End + includeDeleted=true | Same call | No |
| Shops | Full list (small dataset) | N/A | No |
Sandbox credentials are stored as Kubernetes secrets in the breakdown-admin-secrets secret (namespace: default).
Git Bash:
# Extract credentials
TK_ID=$(kubectl get secret breakdown-admin-secrets -n default \
-o jsonpath='{.data.tekmetric_sandbox_client_id}' | base64 -d)
TK_SECRET=$(kubectl get secret breakdown-admin-secrets -n default \
-o jsonpath='{.data.tekmetric_sandbox_client_secret}' | base64 -d)
# Set for local use (optional — add to shell profile for persistence)
export TEKMETRIC_SANDBOX_CLIENT_ID="$TK_ID"
export TEKMETRIC_SANDBOX_CLIENT_SECRET="$TK_SECRET"
PowerShell:
# Extract credentials
$TK_ID = kubectl get secret breakdown-admin-secrets -n default `
-o jsonpath='{.data.tekmetric_sandbox_client_id}' | ForEach-Object {
[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($_))
}
$TK_SECRET = kubectl get secret breakdown-admin-secrets -n default `
-o jsonpath='{.data.tekmetric_sandbox_client_secret}' | ForEach-Object {
[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($_))
}
# Set for local use
$env:TEKMETRIC_SANDBOX_CLIENT_ID = $TK_ID
$env:TEKMETRIC_SANDBOX_CLIENT_SECRET = $TK_SECRET
Git Bash (curl):
# 1. Get a token
BASIC=$(echo -n "${TK_ID}:${TK_SECRET}" | base64)
TOKEN=$(curl -s -X POST 'https://sandbox.tekmetric.com/api/v1/oauth/token' \
-H "Authorization: Basic ${BASIC}" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=client_credentials" | grep -o '"access_token":"[^"]*"' | cut -d'"' -f4)
# 2. List shops
curl -s 'https://sandbox.tekmetric.com/api/v1/shops' \
-H "Authorization: Bearer $TOKEN"
# 3. Fetch customers (paginated)
curl -s 'https://sandbox.tekmetric.com/api/v1/customers?shop=2&size=5' \
-H "Authorization: Bearer $TOKEN"
# 4. Fetch a single repair order with embedded jobs
curl -s 'https://sandbox.tekmetric.com/api/v1/repair-orders?shop=2&size=1' \
-H "Authorization: Bearer $TOKEN"
PowerShell (Invoke-RestMethod):
# 1. Get a token
$basic = [Convert]::ToBase64String([Text.Encoding]::UTF8.GetBytes("${TK_ID}:${TK_SECRET}"))
$tokenResp = Invoke-RestMethod -Method Post `
-Uri 'https://sandbox.tekmetric.com/api/v1/oauth/token' `
-Headers @{ Authorization = "Basic $basic"; 'Content-Type' = 'application/x-www-form-urlencoded' } `
-Body 'grant_type=client_credentials'
$token = $tokenResp.access_token
# 2. List shops
Invoke-RestMethod -Uri 'https://sandbox.tekmetric.com/api/v1/shops' `
-Headers @{ Authorization = "Bearer $token" }
# 3. Fetch customers (paginated)
Invoke-RestMethod -Uri 'https://sandbox.tekmetric.com/api/v1/customers?shop=2&size=5' `
-Headers @{ Authorization = "Bearer $token" }
All assertions in this document were verified against the live sandbox API on 2026-02-15 — 23 passed, 0 failed, 1 warning (rate limit not tested).