From halopsa
Provides patterns for HaloPSA REST API integration: OAuth 2.0 Client Credentials authentication, tenant-aware URLs, query building, pagination, rate limiting, and error handling.
npx claudepluginhub wyre-technology/msp-claude-plugins --plugin halopsaThis skill uses the workspace's default tool permissions.
The HaloPSA REST API provides access to all PSA entities including tickets, clients, assets, contracts, and more. This skill covers OAuth 2.0 Client Credentials authentication, tenant configuration, query patterns, pagination, and error handling.
Guides Next.js Cache Components and Partial Prerendering (PPR) with cacheComponents enabled. Implements 'use cache', cacheLife(), cacheTag(), revalidateTag(), static/dynamic optimization, and cache debugging.
Migrates code, prompts, and API calls from Claude Sonnet 4.0/4.5 or Opus 4.1 to Opus 4.5, updating model strings on Anthropic, AWS, GCP, Azure platforms.
Facilitates interactive brainstorming sessions using diverse creative techniques and ideation methods. Activates when users say 'help me brainstorm' or 'help me ideate'.
The HaloPSA REST API provides access to all PSA entities including tickets, clients, assets, contracts, and more. This skill covers OAuth 2.0 Client Credentials authentication, tenant configuration, query patterns, pagination, and error handling.
HaloPSA uses OAuth 2.0 Client Credentials flow for API authentication. This is different from basic API key authentication - you must obtain an access token before making API requests.
HaloPSA has two server URLs:
| Server | Purpose | Example |
|---|---|---|
| Authorization Server | Token endpoint | https://yourcompany.halopsa.com/auth |
| Resource Server | API endpoints | https://yourcompany.halopsa.com/api |
Find these in Configuration > Integrations > HaloPSA API > API Details.
Token Endpoint:
POST https://{base_url}/auth/token?tenant={tenant_name}
Request:
curl -X POST "https://yourcompany.halopsa.com/auth/token?tenant=yourcompany" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=client_credentials" \
-d "client_id=YOUR_CLIENT_ID" \
-d "client_secret=YOUR_CLIENT_SECRET" \
-d "scope=all"
Response:
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
"token_type": "Bearer",
"expires_in": 3600,
"scope": "all"
}
| Parameter | Required | Description |
|---|---|---|
grant_type | Yes | Must be client_credentials |
client_id | Yes | Application Client ID |
client_secret | Yes | Application Client Secret |
scope | Yes | Permissions scope (use all or specific scopes) |
tenant | Conditional | Required for cloud-hosted instances (query parameter) |
# Required environment variables
export HALOPSA_CLIENT_ID="your-client-id"
export HALOPSA_CLIENT_SECRET="your-client-secret"
export HALOPSA_BASE_URL="https://yourcompany.halopsa.com"
export HALOPSA_TENANT="yourcompany" # Leave empty for self-hosted
class HaloPSAAuth {
constructor(clientId, clientSecret, baseUrl, tenant) {
this.clientId = clientId;
this.clientSecret = clientSecret;
this.baseUrl = baseUrl;
this.tenant = tenant;
this.accessToken = null;
this.tokenExpiry = null;
}
async getAccessToken() {
// Return cached token if still valid (with 5 min buffer)
if (this.accessToken && this.tokenExpiry > Date.now() + 300000) {
return this.accessToken;
}
const tokenUrl = this.tenant
? `${this.baseUrl}/auth/token?tenant=${this.tenant}`
: `${this.baseUrl}/auth/token`;
const response = await fetch(tokenUrl, {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded'
},
body: new URLSearchParams({
grant_type: 'client_credentials',
client_id: this.clientId,
client_secret: this.clientSecret,
scope: 'all'
})
});
if (!response.ok) {
throw new Error(`Token request failed: ${response.status}`);
}
const data = await response.json();
this.accessToken = data.access_token;
this.tokenExpiry = Date.now() + (data.expires_in * 1000);
return this.accessToken;
}
}
GET /api/Tickets
Authorization: Bearer {access_token}
Content-Type: application/json
| Instance Type | URL Pattern |
|---|---|
| Cloud-hosted | https://{company}.halopsa.com/api |
| Self-hosted | https://{your-server}/api |
| Resource | Endpoint | Methods |
|---|---|---|
| Tickets | /api/Tickets | GET, POST |
| Clients | /api/Client | GET, POST |
| Assets | /api/Asset | GET, POST |
| Contracts | /api/ClientContract | GET, POST |
| Users | /api/Users | GET, POST |
| Actions | /api/Actions | GET, POST |
| Sites | /api/Site | GET, POST |
HaloPSA uses query parameters for filtering:
GET /api/Tickets?client_id=123&status_id=1&tickettype_id=5
| Parameter | Type | Description |
|---|---|---|
client_id | int | Filter by client |
status_id | int | Filter by status |
tickettype_id | int | Filter by ticket type |
agent_id | int | Filter by assigned agent |
search | string | Text search |
order | string | Sort field |
orderdesc | bool | Sort descending |
GET /api/Tickets?dateoccurred_start=2024-01-01&dateoccurred_end=2024-01-31
| Parameter | Type | Default | Description |
|---|---|---|---|
page_no | int | 1 | Page number (1-based) |
page_size | int | 50 | Results per page |
count | int | - | Total count (in response) |
GET /api/Tickets?page_no=1&page_size=100
{
"record_count": 523,
"tickets": [
{ "id": 1, "summary": "..." },
{ "id": 2, "summary": "..." }
]
}
async function fetchAllTickets(filters = {}) {
const allTickets = [];
let pageNo = 1;
const pageSize = 100;
let hasMore = true;
while (hasMore) {
const params = new URLSearchParams({
...filters,
page_no: pageNo,
page_size: pageSize
});
const response = await fetch(`${baseUrl}/api/Tickets?${params}`, {
headers: {
'Authorization': `Bearer ${accessToken}`,
'Content-Type': 'application/json'
}
});
const data = await response.json();
allTickets.push(...data.tickets);
hasMore = data.tickets.length === pageSize;
pageNo++;
}
return allTickets;
}
HaloPSA implements rate limiting to protect the API. When rate limited:
429 Too Many Requests{
"error": "rate_limit_exceeded",
"message": "Too many requests. Please retry after 60 seconds.",
"retry_after": 60
}
async function requestWithRetry(url, options, maxRetries = 5) {
for (let attempt = 0; attempt < maxRetries; attempt++) {
try {
const response = await fetch(url, options);
if (response.status === 429) {
const retryAfter = parseInt(response.headers.get('Retry-After')) || 60;
const jitter = Math.random() * 5000;
console.log(`Rate limited. Waiting ${retryAfter}s + jitter`);
await sleep(retryAfter * 1000 + jitter);
continue;
}
if (response.status === 401) {
// Token expired, refresh and retry
await refreshToken();
options.headers['Authorization'] = `Bearer ${accessToken}`;
continue;
}
return response;
} catch (error) {
if (attempt === maxRetries - 1) throw error;
// Exponential backoff with jitter
const delay = Math.pow(2, attempt) * 1000 + Math.random() * 1000;
await sleep(delay);
}
}
}
async function batchProcess(items, batchSize = 25, delayMs = 2000) {
const results = [];
for (let i = 0; i < items.length; i += batchSize) {
const batch = items.slice(i, i + batchSize);
const batchResults = await Promise.all(
batch.map(item => processItem(item))
);
results.push(...batchResults);
// Delay between batches to avoid rate limits
if (i + batchSize < items.length) {
await sleep(delayMs);
}
}
return results;
}
POST /api/Tickets
Authorization: Bearer {token}
Content-Type: application/json
[
{
"summary": "New ticket summary",
"details": "Detailed description",
"client_id": 123,
"tickettype_id": 1,
"status_id": 1,
"priority_id": 2
}
]
Note: HaloPSA expects an array for POST operations, even for single items.
Single entity:
GET /api/Tickets/54321
List with filters:
GET /api/Tickets?client_id=123&status_id=1
POST /api/Tickets
Authorization: Bearer {token}
Content-Type: application/json
[
{
"id": 54321,
"summary": "Updated summary",
"status_id": 2
}
]
Note: Include the id field to update an existing record.
DELETE /api/Tickets/54321
Note: Not all entities support deletion. Check entity documentation.
| Code | Meaning | Action |
|---|---|---|
| 200 | Success | Process response |
| 201 | Created | Entity created |
| 400 | Bad Request | Check request format/values |
| 401 | Unauthorized | Refresh token or check credentials |
| 403 | Forbidden | Check permissions |
| 404 | Not Found | Entity doesn't exist |
| 429 | Rate Limited | Implement backoff |
| 500 | Server Error | Retry with backoff |
{
"error": "validation_error",
"message": "Invalid field value",
"details": [
{
"field": "status_id",
"message": "Status ID 999 does not exist"
}
]
}
function handleApiError(response, data) {
switch (response.status) {
case 400:
console.log('Validation Error:', data.message);
if (data.details) {
data.details.forEach(d => {
console.log(` Field: ${d.field} - ${d.message}`);
});
}
break;
case 401:
console.log('Authentication failed - refreshing token');
return refreshToken().then(() => retryRequest());
case 403:
console.log('Permission denied. Check API application permissions.');
break;
case 404:
console.log('Resource not found');
break;
case 429:
const retryAfter = response.headers.get('Retry-After') || 60;
console.log(`Rate limited. Retry after ${retryAfter} seconds`);
break;
default:
console.log('API Error:', data);
}
}
When creating an API application, configure these permissions:
| Scope | Description |
|---|---|
all | Full access to all entities |
read:tickets | Read ticket data |
edit:tickets | Create/update tickets |
read:customers | Read client data |
edit:customers | Create/update clients |
read:assets | Read asset data |
edit:assets | Create/update assets |
For typical MSP operations:
expires_in durationCause: Client credentials are incorrect or application is disabled.
Fix:
Cause: Incorrect or missing tenant parameter.
Fix:
Cause: Token used with wrong server URL.
Fix: Ensure Resource Server URL is correct (/api path).