Welcome to the ALICE API

Build integrations with ALICE Visitor Management. Manage appointments, employees, companies, and real-time webhook notifications — all through a simple REST API.

Explore the API Reference

Quick Start

Get up and running in three steps. Get your credentials, authenticate, and create your first appointment.

Step 1 — Get your API credentials

Contact your ALICE account manager to register an API application. You'll receive a ClientLogin (numeric ID) and ClientSecret.

Step 2 — Authenticate

Send your ClientLogin and ClientSecret to get a JWT token:

curl 
curl -X POST https://your-api-url/api/login \
  -H "Content-Type: application/json" \
  -d '{
    "ClientLogin": 12345,
    "ClientSecret": "your-api-secret"
  }'

You'll receive a JWT token in the response:

Response 
{
  "Token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}

Step 3 — Create your first appointment

Use the token in the Authorization header to create a visitor appointment:

curl 
curl -X POST https://your-api-url/api/appointments \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..." \
  -H "Content-Type: application/json" \
  -d '{
    "FirstName": "Jane",
    "LastName": "Smith",
    "Email": "jane.smith@example.com",
    "EmployeeId": 100,
    "DirectoryId": 10,
    "ScheduledArrival": "2026-03-15T09:00:00"
  }'

C# Example

The same flow using HttpClient:

C# 
using var client = new HttpClient();

// Step 1: Authenticate
var loginResponse = await client.PostAsJsonAsync(
    "https://your-api-url/api/login",
    new { ClientLogin = 12345, ClientSecret = "your-api-secret" });

var token = (await loginResponse.Content
    .ReadFromJsonAsync<JsonElement>())
    .GetProperty("Token").GetString();

// Step 2: Create an appointment
client.DefaultRequestHeaders.Authorization =
    new AuthenticationHeaderValue("Bearer", token);

var appointment = await client.PostAsJsonAsync(
    "https://your-api-url/api/appointments",
    new {
        FirstName = "Jane",
        LastName = "Smith",
        Email = "jane.smith@example.com",
        EmployeeId = 100,
        DirectoryId = 10,
        ScheduledArrival = "2026-03-15T09:00:00"
    });

Replace your-api-url with your environment's base URL and use your real credentials. See Environments below.

Authentication

The ALICE API uses JWT bearer tokens for authentication. Here's how the flow works:

1
Get your credentials

Your ALICE account manager provides a ClientLogin (numeric ID) and ClientSecret when your API application is registered.

2
Request a token

Send a POST to /api/login with your credentials. The response contains a JWT token.

3
Use the token

Include the token in every request using the Authorization header:

Header 
Authorization: Bearer eyJhbGciOiJIUzI1NiIs...

Token Claims

Your JWT token contains these claims:

Claim Description
subYour application name
client_idYour numeric client identifier
scopeSpace-separated list of granted API scopes
app_idYour application's internal ID
expToken expiration timestamp (Unix epoch)

API Scopes

Access is controlled by scopes granted to your API application. Each endpoint requires a specific scope. Your token's scope claim lists what you can access.

Scope Resource Permission Endpoints
appointments.readAppointmentsReadGET /api/appointments, GET /api/appointments/{id}
appointments.writeAppointmentsWritePOST, PUT, PATCH, DELETE /api/appointments
employees.readEmployeesReadGET /api/employees, GET /api/employees/{id}
employees.writeEmployeesWritePOST, PUT, PATCH, DELETE /api/employees
companies.readCompaniesReadGET /api/companies, GET /api/companies/{id}
companies.writeCompaniesWritePOST, PUT, PATCH, DELETE /api/companies
locations.readLocationsReadGET /api/locations, GET /api/locations/{id}
locations.writeLocationsWritePOST, PUT, PATCH, DELETE /api/locations
directories.readDirectoriesReadGET /api/directories, GET /api/directories/{id}
directories.writeDirectoriesWritePOST, PUT, PATCH, DELETE /api/directories
departments.readDepartmentsReadGET /api/departments, GET /api/departments/{id}
departments.writeDepartmentsWritePOST, PUT, PATCH, DELETE /api/departments
positions.readPositionsReadGET /api/positions, GET /api/positions/{id}
positions.writePositionsWritePOST, PUT, PATCH, DELETE /api/positions
webhooks.manageWebhooksFullAll /api/webhooks endpoints
notifications.writeNotificationsWritePOST /api/notifications
visitors.readRestricted/Denied EventsReadGET /api/restricteddeniedevents

Reference data endpoints (Action Types, Call Types, Card States, Countries, Languages, States, Timezones, Notification Preferences) require authentication but no specific scope.

Rate Limits

The ALICE API enforces rate limits to ensure fair usage and system stability.

Limit

100 requests per minute per client. The limit is applied using a fixed window based on your client_id JWT claim. Unauthenticated requests are rate-limited by the request's Host header.

When you hit the limit

You'll receive a 429 Too Many Requests response. Requests exceeding the limit are immediately rejected — they are not queued.

Retry guidance

Wait until the current 1-minute window resets, then retry. For automated systems, implement exponential backoff starting at 1 second.

Webhook Events

Subscribe to real-time event notifications. When events occur in ALICE, we'll send an HTTP POST to your endpoint with event details.

Event Description Fires when
appointment.created New appointment created A visitor appointment is created via API or kiosk
appointment.checked_in Visitor checked in A visitor checks in at an ALICE kiosk or is checked in manually
appointment.checked_out Visitor checked out A visitor is checked out of the system

Payload Structure

Every webhook delivery includes this envelope:

JSON 
{
  "event": "appointment.created",
  "version": "1.0",
  "timestamp": "2026-03-12T14:30:00+00:00",
  "delivery_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
  "test": false,
  "clientId": 12345,
  "locationId": 1,
  "directoryId": 10,
  "data": { ... }
}

Manage your webhook subscriptions via the Webhooks API. Deliveries are signed with HMAC-SHA256 for verification. See the API Reference for full details.

Integration Guides

Step-by-step guides for connecting ALICE webhooks to popular workflow automation platforms.

Power Automate

Connect ALICE visitor events to Microsoft Power Automate flows. Trigger automated workflows when visitors check in, check out, or create appointments.

View Guide →

Zapier

Connect ALICE visitor events to thousands of apps through Zapier. Use Webhooks by Zapier to catch ALICE events and trigger actions.

View Guide →

Reference Data

These lookup endpoints provide reference data used throughout the API. They require authentication but no specific scope.

Resource Endpoint Description
Action Types GET /api/action-types Available action types for visitor workflows (e.g., Check In, Check Out, Deny Entry)
Call Types GET /api/call-types Notification methods used when alerting hosts about visitor arrivals
Card States GET /api/card-states Badge/card states that track visitor credential status
Countries GET /api/countries ISO country list with 2-letter codes, 3-letter codes, and telephone dialing codes
Languages GET /api/languages Supported languages with culture codes for localization settings
Notification Preferences GET /api/notification-preferences Delivery methods for host notifications (e.g., Email, SMS, Push Notification)
States / Provinces GET /api/states U.S. states and Canadian provinces with standard abbreviations
Timezones GET /api/timezones Supported timezones with UTC offsets and daylight saving indicators

These endpoints return the full list of available values. Use them to populate dropdowns or validate user input in your integration. See the API Reference for response schemas.

Environments

The ALICE API is available in the following environments.

Environment Purpose Base URL
Production Live integrations Provided by your account manager
Sandbox Coming Soon Integration development and testing

Contact your ALICE account manager for your production base URL and API credentials.