Skip to main content

Authentication

Our API is secured using standard two-legged OAuth2. Prepared will create application credentials with scopes for the APIs required for your integration.

Getting Started

  1. Prepared will provide a client_id, client_secret, and scope per dispatch center for your integration
  2. Before making API requests, obtain an access token using your credentials
  3. Include the access token in all subsequent requests

Obtaining an Access Token

Make a POST request to obtain an access token:

curl -X POST https://api.prepared911.com/oauth/token \
  -H "Content-Type: application/json" \
  -d '{
    "client_id": "YOUR_CLIENT_ID",
    "client_secret": "YOUR_CLIENT_SECRET",
    "grant_type": "client_credentials",
    "scope": "YOUR_SCOPE"
  }'

Response:

{
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "token_type": "Bearer",
  "expires_in": 7200
}

Scopes Reference

Your integration will be assigned one of the following scopes based on your use case:

ScopeUse CaseAPIs Enabled
cad_incidentsCAD providers integrating with PreparedCAD Incidents API, CAD Webhooks
incident_eventsFirst responder applications accessing incident dataIncident Events API, Incident Events Webhooks
tip

Contact your Prepared integration team if you're unsure which scope you need.

Using Your Access Token

HTTPS Requests

Include the access token as a Bearer token in the Authorization header:

Authorization: Bearer <ACCESS_TOKEN>

Example:

curl -X GET https://api.prepared911.com/v1/incident_events \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN"

WebSocket Connections

For real-time data streaming, include the access token in the query parameters:

const socket = new WebSocket(`${API_WEBSOCKET_URL}?token=${accessToken}`);
info

WebSocket connections are primarily used for real-time incident event streaming.

WebRTC (Live Audio)

Live audio streams require a separate JWT token specific to:

  • A Prepared incident ID
  • A participant ID

Retrieve a stream token using the POST /v1/incident_events/{id}/stream_token endpoint, then connect using LiveKit:

import { Room } from 'livekit-client';

const room = new Room();
await room.connect(API_STREAM_URL, streamToken);

See LiveKit's documentation for more details.

info

WebRTC authentication is used for live audio streaming capabilities. See the Live Audio guide for more information.

Token Expiration

Access tokens expire after 2 hours (7200 seconds). Your application should:

  1. Store the token and reuse it for multiple requests
  2. Track the expires_in value and refresh before expiration
  3. Handle 401 Unauthorized responses by obtaining a new token