Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
From halopsa
Provides patterns for HaloPSA REST API integration: OAuth 2.0 Client Credentials authentication, tenant-aware URLs, query building, pagination, rate limiting, and error handling.
npx claudepluginhub wyre-technology/msp-claude-plugins --plugin halopsaHow this skill is triggered — by the user, by Claude, or both
Slash command
/halopsa:api-patternsThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
The HaloPSA REST API provides access to all PSA entities including tickets, clients, assets, contracts, and more. This skill covers OAuth 2.0 Client Credentials authentication, tenant configuration, query patterns, pagination, and error handling.
Manages HaloPSA service desk tickets: creating, updating, searching, and handling fields, statuses, priorities, types, actions, attachments, SLAs, and workflows.
Provides ConnectWise Manage PSA REST API patterns: authentication with public/private keys and clientId, pagination via page/pageSize, conditions query syntax, 60/min rate limiting, and error handling.
Provides Syncro MSP API integration patterns for authentication with API keys, pagination, rate limiting, error handling, request/response examples in JS, and best practices.
Share bugs, ideas, or general feedback.
The HaloPSA REST API provides access to all PSA entities including tickets, clients, assets, contracts, and more. This skill covers OAuth 2.0 Client Credentials authentication, tenant configuration, query patterns, pagination, and error handling.
HaloPSA uses OAuth 2.0 Client Credentials flow for API authentication. This is different from basic API key authentication - you must obtain an access token before making API requests.
HaloPSA has two server URLs:
| Server | Purpose | Example |
|---|---|---|
| Authorization Server | Token endpoint | https://yourcompany.halopsa.com/auth |
| Resource Server | API endpoints | https://yourcompany.halopsa.com/api |
Find these in Configuration > Integrations > HaloPSA API > API Details.
Token Endpoint:
POST https://{base_url}/auth/token?tenant={tenant_name}
Request:
curl -X POST "https://yourcompany.halopsa.com/auth/token?tenant=yourcompany" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=client_credentials" \
-d "client_id=YOUR_CLIENT_ID" \
-d "client_secret=YOUR_CLIENT_SECRET" \
-d "scope=all"
Response:
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
"token_type": "Bearer",
"expires_in": 3600,
"scope": "all"
}
| Parameter | Required | Description |
|---|---|---|
grant_type | Yes | Must be client_credentials |
client_id | Yes | Application Client ID |
client_secret | Yes | Application Client Secret |
scope | Yes | Permissions scope (use all or specific scopes) |
tenant | Conditional | Required for cloud-hosted instances (query parameter) |
# Required environment variables
export HALOPSA_CLIENT_ID="your-client-id"
export HALOPSA_CLIENT_SECRET="your-client-secret"
export HALOPSA_BASE_URL="https://yourcompany.halopsa.com"
export HALOPSA_TENANT="yourcompany" # Leave empty for self-hosted
class HaloPSAAuth {
constructor(clientId, clientSecret, baseUrl, tenant) {
this.clientId = clientId;
this.clientSecret = clientSecret;
this.baseUrl = baseUrl;
this.tenant = tenant;
this.accessToken = null;
this.tokenExpiry = null;
}
async getAccessToken() {
// Return cached token if still valid (with 5 min buffer)
if (this.accessToken && this.tokenExpiry > Date.now() + 300000) {
return this.accessToken;
}
const tokenUrl = this.tenant
? `${this.baseUrl}/auth/token?tenant=${this.tenant}`
: `${this.baseUrl}/auth/token`;
const response = await fetch(tokenUrl, {
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded'
},
body: new URLSearchParams({
grant_type: 'client_credentials',
client_id: this.clientId,
client_secret: this.clientSecret,
scope: 'all'
})
});
if (!response.ok) {
throw new Error(`Token request failed: ${response.status}`);
}
const data = await response.json();
this.accessToken = data.access_token;
this.tokenExpiry = Date.now() + (data.expires_in * 1000);
return this.accessToken;
}
}
GET /api/Tickets
Authorization: Bearer {access_token}
Content-Type: application/json
| Instance Type | URL Pattern |
|---|---|
| Cloud-hosted | https://{company}.halopsa.com/api |
| Self-hosted | https://{your-server}/api |
| Resource | Endpoint | Methods |
|---|---|---|
| Tickets | /api/Tickets | GET, POST |
| Clients | /api/Client | GET, POST |
| Assets | /api/Asset | GET, POST |
| Contracts | /api/ClientContract | GET, POST |
| Users | /api/Users | GET, POST |
| Actions | /api/Actions | GET, POST |
| Sites | /api/Site | GET, POST |
HaloPSA uses query parameters for filtering:
GET /api/Tickets?client_id=123&status_id=1&tickettype_id=5
| Parameter | Type | Description |
|---|---|---|
client_id | int | Filter by client |
status_id | int | Filter by status |
tickettype_id | int | Filter by ticket type |
agent_id | int | Filter by assigned agent |
search | string | Text search |
order | string | Sort field |
orderdesc | bool | Sort descending |
GET /api/Tickets?dateoccurred_start=2024-01-01&dateoccurred_end=2024-01-31
| Parameter | Type | Default | Description |
|---|---|---|---|
page_no | int | 1 | Page number (1-based) |
page_size | int | 50 | Results per page |
count | int | - | Total count (in response) |
GET /api/Tickets?page_no=1&page_size=100
{
"record_count": 523,
"tickets": [
{ "id": 1, "summary": "..." },
{ "id": 2, "summary": "..." }
]
}
async function fetchAllTickets(filters = {}) {
const allTickets = [];
let pageNo = 1;
const pageSize = 100;
let hasMore = true;
while (hasMore) {
const params = new URLSearchParams({
...filters,
page_no: pageNo,
page_size: pageSize
});
const response = await fetch(`${baseUrl}/api/Tickets?${params}`, {
headers: {
'Authorization': `Bearer ${accessToken}`,
'Content-Type': 'application/json'
}
});
const data = await response.json();
allTickets.push(...data.tickets);
hasMore = data.tickets.length === pageSize;
pageNo++;
}
return allTickets;
}
HaloPSA implements rate limiting to protect the API. When rate limited:
429 Too Many Requests{
"error": "rate_limit_exceeded",
"message": "Too many requests. Please retry after 60 seconds.",
"retry_after": 60
}
async function requestWithRetry(url, options, maxRetries = 5) {
for (let attempt = 0; attempt < maxRetries; attempt++) {
try {
const response = await fetch(url, options);
if (response.status === 429) {
const retryAfter = parseInt(response.headers.get('Retry-After')) || 60;
const jitter = Math.random() * 5000;
console.log(`Rate limited. Waiting ${retryAfter}s + jitter`);
await sleep(retryAfter * 1000 + jitter);
continue;
}
if (response.status === 401) {
// Token expired, refresh and retry
await refreshToken();
options.headers['Authorization'] = `Bearer ${accessToken}`;
continue;
}
return response;
} catch (error) {
if (attempt === maxRetries - 1) throw error;
// Exponential backoff with jitter
const delay = Math.pow(2, attempt) * 1000 + Math.random() * 1000;
await sleep(delay);
}
}
}
async function batchProcess(items, batchSize = 25, delayMs = 2000) {
const results = [];
for (let i = 0; i < items.length; i += batchSize) {
const batch = items.slice(i, i + batchSize);
const batchResults = await Promise.all(
batch.map(item => processItem(item))
);
results.push(...batchResults);
// Delay between batches to avoid rate limits
if (i + batchSize < items.length) {
await sleep(delayMs);
}
}
return results;
}
POST /api/Tickets
Authorization: Bearer {token}
Content-Type: application/json
[
{
"summary": "New ticket summary",
"details": "Detailed description",
"client_id": 123,
"tickettype_id": 1,
"status_id": 1,
"priority_id": 2
}
]
Note: HaloPSA expects an array for POST operations, even for single items.
Single entity:
GET /api/Tickets/54321
List with filters:
GET /api/Tickets?client_id=123&status_id=1
POST /api/Tickets
Authorization: Bearer {token}
Content-Type: application/json
[
{
"id": 54321,
"summary": "Updated summary",
"status_id": 2
}
]
Note: Include the id field to update an existing record.
DELETE /api/Tickets/54321
Note: Not all entities support deletion. Check entity documentation.
| Code | Meaning | Action |
|---|---|---|
| 200 | Success | Process response |
| 201 | Created | Entity created |
| 400 | Bad Request | Check request format/values |
| 401 | Unauthorized | Refresh token or check credentials |
| 403 | Forbidden | Check permissions |
| 404 | Not Found | Entity doesn't exist |
| 429 | Rate Limited | Implement backoff |
| 500 | Server Error | Retry with backoff |
{
"error": "validation_error",
"message": "Invalid field value",
"details": [
{
"field": "status_id",
"message": "Status ID 999 does not exist"
}
]
}
function handleApiError(response, data) {
switch (response.status) {
case 400:
console.log('Validation Error:', data.message);
if (data.details) {
data.details.forEach(d => {
console.log(` Field: ${d.field} - ${d.message}`);
});
}
break;
case 401:
console.log('Authentication failed - refreshing token');
return refreshToken().then(() => retryRequest());
case 403:
console.log('Permission denied. Check API application permissions.');
break;
case 404:
console.log('Resource not found');
break;
case 429:
const retryAfter = response.headers.get('Retry-After') || 60;
console.log(`Rate limited. Retry after ${retryAfter} seconds`);
break;
default:
console.log('API Error:', data);
}
}
When creating an API application, configure these permissions:
| Scope | Description |
|---|---|
all | Full access to all entities |
read:tickets | Read ticket data |
edit:tickets | Create/update tickets |
read:customers | Read client data |
edit:customers | Create/update clients |
read:assets | Read asset data |
edit:assets | Create/update assets |
For typical MSP operations:
expires_in durationCause: Client credentials are incorrect or application is disabled.
Fix:
Cause: Incorrect or missing tenant parameter.
Fix:
Cause: Token used with wrong server URL.
Fix: Ensure Resource Server URL is correct (/api path).