About the Complete Control Public API

The Public API of Complete Control is a REST API. REST is the most common way to implement APIs on the web.

Our REST API is accessible through a unique and customer-specific base URL with API endpoints in the various product areas of Complete Control. Integrations such as your ERP or HR system can then interact with Complete Control by making specific HTTP requests to the various API endpoints. Depending on the endpoint, you can POST (create), PUT (update), GET (list), and/or DELETE data.

Our REST API communicates via JSON data. JSON is most commonly used for REST APIs and has the advantage that reading and interpreting a json file is as easy for humans as it is for machines.

Note!
REST APIs are "passive". For ongoing synchronization between your integration and Complete Control, you would need to set up own routines.

Insecure APIs are a serious threat. They are usually the most vulnerable component of a network, susceptible to attacks and easy to exploit. For example, API vulnerabilities in online services have exposed users' personal data or enabled fraudulent transactions. That's why we in House of Control AS take potential security risks highly seriously - and why the connection between Complete Control and your integration is protected to the maximum.

• Each service that wants to send data between your integration and Complete Control needs an access token. In case you have several services, you would ideally create one token per integration (e.g. one for your HR-system and one for your ERP-system). And you would then pinpoint the related endpoints by giving your HR-system access to People and your ERP system access to Contracts and Payment Schedules in Complete Control. And of course you can time limit each access token.
  
  
  

• Each service that wants to send data between your integration and Complete Control must be whitelisted. Also, each developer machine or any other IP with access to the API documentation on Swagger must be whitelisted. This is necessary as Swagger gives you live access to the integration - so the same data security precautions must be applied.
  

• And, of course, all these features can only be accessed from an area in Complete Control that is limited to system administrators or other administrators with extended rights.

Also, our REST API restricts service connections to what is necessary – and not more. This can help to reduce security risks to a minimum: By opening defined areas in Complete Control via "endpoints", and then only allowing specific requests such as POST or GET, you ensure that other - not specified - requests like DELETE will be rejected. This ensures that malicious and misconfigured clients fail to perform their actions. And at the same time, it helps to prevent "user errors": The People endpoint does, for example, not allow to DELETE persons in Complete Control protecting your database from accidental loss of data and consequential errors due to missing data links.

Read more about how to create access tokens here.
Read more about whitelisting IPs here.

You can send data to basically all product areas in Complete Control. This is done by targeting the related URL endpoints in Complete Control.

An endpoint is a communication point between your system and Complete Control. If you, for example, want to send employee data from your HR system to Complete Control, you must ensure that the information is send to the People product area in Complete Control. That's why we have an URL endpoint called "people". It simply ensures that your data is delivered to the right place.

Complete Control has endpoints for basically all product areas:

• Assets

• Organization with companies, departments, locations and regions

• Contracts with e.g. payment schedules and reports

• Partners

• Files

• Undersøgelser

• People

In addition, there are some supporting API endpoints for data sources and custom registers.

Below an illustration of the available endpoints per November 2023.

Find more details about e.g. endpoint URLs in the Swagger documentation.

Depending on the endpoint/area in Complete Control, you can create (POST), update (PUT), delete and simply list (GET) data. You can, for example, create employees, update employee data with new or changed information, or request information about certain employees.

Tip!
You can also set an external ID and thus link employees in Complete Control to the master employee in your HR system.

Note however that you can't do all these actions in all modules. For example - as already mentioned above, you can't delete employees via an API request in Complete Control. The reason for this is that employee data is cumbersome information with potential links to e.g. contracts and assets. So the risk of doing something wrong is high. And this is also why we prefer setting employees inactive directly in Complete Control instead of deleting them completely in Complete Control.

Note!
If you have questions about the available requests for a specific product area (e.g. for contracts), please take contact. We will give you all necessary information.

Find all methods and e.g. possible responses in the Swagger documentation.

Your developers will find all the information they need to build a working integration in our Swagger API documentation: Your unique base URL, all available API endpoints, and for each endpoint the available methods, parameters, states and more.

Here, your responsible developers can test requests on 1 specific entry - in a controlled and documented environment – instead of immediately executing a request on all related entries in your live database.

The documentation is complete and always up-to-date.

Read here how to open your database's Swagger documentation.
Read here some general information about the documentation's content.