Skip to content
See the Magic
  • There are no suggestions because the search field is empty.

REST API

TMS.ai provides a REST API for programmatic access to your transportation data. The API uses standard HTTP methods with JSON request and response formats, making it straightforward to integrate with custom applications, reporting tools, and external systems.

The API supports OAuth 2.0 authentication to secure all requests. After obtaining client credentials, you generate access tokens that authenticate your API calls. The API is organized around resources like customers, orders, invoices, bills, and documents, with endpoints for creating, reading, updating, and deleting these resources.

What you can access through the API:

  • Orders: Create, search, and update order information
  • Customers: Manage customer records and retrieve customer data
  • Invoices: Generate invoices and update invoice status
  • Bills: Create and manage carrier bills
  • Documents: Access uploaded documents and system-generated PDFs (BOLs, PODs, rate confirmations)
  • Quotes: Create and retrieve quote information
  • Manifests: Manage manifest data
  • Partners: Work with carrier and partner information

Setting it up:

  1. Sign up on the developer portal (contact your TMS.ai account team for access)
  2. Navigate to Settings and go to the Applications section
  3. Create a new OAuth Application tied to your organization
  4. This generates a Client ID and Client Secret for your application
  5. Set up your Callback URIs (redirect URIs) where TMS.ai will send the authorization code after user consent
  6. Create a Service Account under Accounts section - this will reside under your Users with the access granted under your Application
  7. Review the complete API documentation at roserocket.readme.io for endpoint details

Base URLs:

  • API: https://network.roserocket.com/api/v2/ (current version)
  • API: https://platform.roserocket.com/api/v1/ (legacy v1)
  • Authentication: https://a.roserocket.com/

Authentication flow:

TMS.ai uses OAuth 2.0 with the Authorization Code Grant Type flow. Here's how it works:

  1. Construct the authorization request - Redirect users to TMS.ai's authorization endpoint:
 
 
   https://a.roserocket.com/authorize?
   audience=https://roserocket.com&
   scope=offline_access email profile&
   response_type=code&
   client_id={CLIENT_ID}&
   redirect_uri={REDIRECT_URI}&
   state={generated_state_value}
  1. User authorizes your application - The user logs in and grants permission
  2. Receive authorization code - TMS.ai redirects to your callback URI with an authorization code
  3. Exchange code for access token - Make a POST request to get your access token:
 
 
   POST https://a.roserocket.com/oauth/token
   Content-Type: application/x-www-form-urlencoded
   
   grant_type=authorization_code
   client_id={CLIENT_ID}
   client_secret={CLIENT_SECRET}
   code={authorization_code}
   redirect_uri={REDIRECT_URI}
  1. Use the access token - Include it in the Authorization header for all API requests:
 
 
   Authorization: Bearer {access_token}

For server-to-server integrations (service accounts):

Use the client credentials flow instead:

 
 
POST https://a.roserocket.com/oauth/token
Content-Type: application/json

{
  "grant_type": "client_credentials",
  "client_id": "{client_id}",
  "client_secret": "{client_secret}",
  "audience": "https://roserocket.com",
  "org_id": "{org_id}",
  "user_id": "{service_account_user_id}"
}

Refreshing tokens:

Access tokens are short-lived for security. Use your refresh token to get a new access token:

 
 
POST https://a.roserocket.com/oauth/token
Content-Type: application/x-www-form-urlencoded

grant_type=refresh_token
refresh_token={REFRESH_TOKEN}
client_id={CLIENT_ID}
client_secret={CLIENT_SECRET}
org_id={TargetOrgID}

Making API requests:

Once authenticated, make requests to API endpoints. For example, to create a new customer:

 
 
PATCH https://network.roserocket.com/api/v2/platformModel/objects
Content-Type: application/json
Authorization: Bearer {access_token}

{
  "boardId": "af1c0e83-5253-517d-aeff-e25a37f59beb",
  "objectKey": "customer",
  "json": {
    "name": "XYZ Freight Corp",
    "address": "123 Main St",
    "city": "New York",
    "state": "New York",
    "postal": "10001",
    "currency": "usd"
  }
}

To retrieve a specific customer by ID:

 
 
GET https://network.roserocket.com/api/v2/platformModel/objects/{objectId}
Authorization: Bearer {access_token}

Accessing documents:

Documents (BOLs, PODs, rate confirmations, uploaded files) are available through the API. To view all documents for an object (order, invoice, manifest, customer, partner):

 
 
GET https://network.roserocket.com/api/v2/platformModel/objects/{objectId}?paths=documents.file,documents.externalUrl

Supported objects for document retrieval: Quotes, Orders, Manifests, Customers, Partners, Invoices

The response includes an array of documents with two access methods:

  1. File API: Use the document ID to get a presigned URL
  2. External URL: Use the externalUrl value directly from the response

ProofOfPickup and ProofOfDropoff documents uploaded through the driver mobile app are also accessible via the API using the same document retrieval methods.

Troubleshooting:

If you encounter authentication issues, verify:

  • ✅ All required parameters are correctly specified in your request
  • ✅ The client_id and client_secret are accurate
  • ✅ Your application has been provisioned correctly
  • ✅ Callback URLs or redirect URIs are correctly configured

The complete API reference documentation includes detailed endpoint descriptions, request/response examples, and code samples in multiple languages at roserocket.readme.io and platform.roserocket.com/docs/.