Published: 7/5/2023 up Version >= 1

Save Access IDs

Once authorised, a client can save Access IDs to be used at sites via the TWeb Public API. Access IDs in T-WEB refer to any physical medium used to authorise a pump. This can include:

  • An account card, also known as a local card, white card and member number card.
  • A Hex iButton. This type of iButton has a preconfigured hexadecimal number that cannot be changed.
  • A Programmable iButton. The data on these iButtons can be updated.
  • An OTI Passive Tag on the fuel inlet.
  • A VID - an active RFID Vehicle ID Tag.
  • An EFTPOS card. Note that EFTPOS Access IDs cannot be stored in T-WEB.

Access IDs are saved in a JSON list. The process of saving Access IDs may involve two requests to the Public API:

  1. A request to obtain all Access ID Type Keys used when saving Access IDs (this is optional)
  2. Requests to save Access IDs

The client need only make one request to obtain all Access ID Types (Step 1) at the start of the session since this data does not change frequently. Once the client receives the list of Access ID Types, then it can use them to save a maximum of 10 Access IDs per request (Step 2).

Step 1 - Requesting Access ID Types

The endpoint depends on the server used by your company to login to TWeb:

T-WEB Server T-WEB Login URL API Endpoint
www https://www.tweb.com.au/v2/ https://publicapi.tweb.com.au/v1/GetAccessIDTypes
www2 https://www2.tweb.com.au/v2/ https://publicapi2.tweb.com.au/v1/GetAccessIDTypes
gt https://gt.tweb.ttfuel.com/v2/ https://publicapi.gt.tweb.ttfuel.com/v1/GetAccessIDTypes
uae https://uae.tweb.ttfuel.com/v2/ https://publicapi.uae.tweb.ttfuel.com/v1/GetAccessIDTypes

The endpoint only accepts HTTP POST requests. Note that the Access Token may be submitted as a POST parameter or as a HTTP Cookie.

The following POST parameters may optionally be submitted with the request:

targetID

For details regarding the Target ID, please refer to the following article: https://help.tweb.com.au/TWebPublicAPI/en/Authorisation/Execute#heading_request

Request Examples

A request for the Batch Number that includes the Access Token from the file where it was stored during authorisation:

curl -b cookiejar.txt -skX POST -d "targetID=abc123" https://publicapi.tweb.com.au/v1/GetAccessIDTypes

A request for the Batch Number that includes the Access Token as a POST parameter in the body:

curl -skX POST -d "accessToken=0123456789ABCDEF0123456789ABCDEF01234567&targetID=abc123" https://publicapi.tweb.com.au/v1/GetAccessIDTypes

Step 1 - Response

The response from the Access ID Types endpoint has the following JSON format:

{
    "Data": {
        "Meta": {
            "Title": "Public API: Get all Access ID Types",
            "Endpoint": "/v1/GetAccessIDTypes",
            "SubmittedFilters": {},
            "Hash": "7D0D60131DD9F7C9ECCCD8286C559AD8DA487412"
        },
        "Items": [
            {
                "Key": 99,
                "Description": "ACME Account Cards",
                "Prefix": 7777,
                "MapCode": 21
            },
            {
                "Key": 51,
                "Description": "ACME Hex iButtons",
                "Prefix": 0,
                "MapCode": 151
            }
        ]
    },
    "Error": {
        "Code": 0,
        "Status": "OK"
    }
}

The Access ID Type data is returned as a list of objects in Data.Items. Each of the properties of that object are described in the following table:

Property Description
Key The record key. An integer.
Description The human readable description of the Access ID Type.
Prefix The prefix for all Access IDs of this Type. Note that this is always an integer, even in the case of programmable iButtons. Note also that this field only has a value if the Access ID Type is for cards or programmable iButtons. Hex iButtons and tags have a value of 0 here.
MapCode The map code for all Access IDs of this Type. This is always an integer. Note that Hex iButtons always have a map code value of 151. Value 153 is reserved for EFTPOS cards, and since such Access IDs are not stored in T-WEB then this endpoint will never return a map code of 153. Note however that map code 153 may be returned by other T-WEB endpoints - for example EFTPOS transactions.

The Error JSON property is included in all responses from the TWeb Public API. The possible responses when requesting a Transactions Batch Number are:

Error Code Error Name Explanation
0 OK All known Access ID Types for this client have been returned.
1 Server Error This issue either does not fit any of the other codes or is due to a bug in the Public API code.
4000 Rate Limit Exceeded This is the second request within a 1 second period.
4002 Account Inactive Account Inactive.
4003 Session Expired Session Expired.
4008 Invalid Access Token The Access Token was not valid.
4104 Invalid Target ID The Target ID did not conform to the specifications.

Step 2 - Saving Access IDs

Once the client has the Access ID Type Keys, these can be used to save Access IDs. The endpoint used for this depends on the server used by your company to login to TWeb:

T-WEB Server T-WEB Login URL API Endpoint
www https://www.tweb.com.au/v2/ https://publicapi.tweb.com.au/v1/SaveAccessIDs
www2 https://www2.tweb.com.au/v2/ https://publicapi2.tweb.com.au/v1/SaveAccessIDs
gt https://gt.tweb.ttfuel.com/v2/ https://publicapi.gt.tweb.ttfuel.com/v1/SaveAccessIDs
uae https://uae.tweb.ttfuel.com/v2/ https://publicapi.uae.tweb.ttfuel.com/v1/SaveAccessIDs

The endpoint only accepts HTTP POST requests. The following POST parameters must be included with the request:

accessToken
accessIDs

Note that the Access Token may be submitted as a POST parameter or as a HTTP Cookie.

accessIDs is a mandatory POST parameter with the following JSON format:

[
    {
        "Number": "7777000034752",
        "Type": {
            "Key": 99
        },
        "Name": "Fred's card",
        "Status_": 0,
        "Account": {
            "Number": "00009999"
        },
        "PIN": 1234,
        "SubAccountNumber": "80wYFiF5cX",
        "Grades": [{
            "Number": 1,
            "Status_": 0
        }, {
            "Number": 2,
            "Status_": 0
        }],
        "OdometerPrompt": true,
        "Department": {
            "Name": "Landscape"
        },
        "CostCentre": {
            "Code": "Concrete"
        },
        "Phone": "+77 00 1895 12 34534",
        "Mobile": "1234 765 234",
        "Fax": "+44 1234 345 567",
        "Email": "bob@bob.bob",
        "Street1": "3-45 September Rd",
        "Street2": "",
        "City": "Liverpool",
        "State": "Merseyside",
        "PostCode": "L6 4DG",
        "Country": "United Kingdom",
        "Notes": "Blah",
        "LiveDate": "2020-12-29T23:59:59",
        "Expires": "2022-12-29T23:59:59",
        "UserIDPrompt": true
    },
    ...
]

I.e. a list of Access ID objects. A maximum of 10 objects is permitted in the list.

Table 1 desribes these fields:

Property Mandatory when creating a new Access ID Mandatory when updating an Access ID Description Format
Number Yes Yes The full PAN of the Access ID number. A string of between 15 and 19 characters. The minimum length of the string is 15 characters. Only the following characters are valid: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, F. If the Id type has a BIN (i.e. if it is a magnetic stripe card or a programmed iButton) you need to supply the full PAN (the full card number, typically a 16 character number), otherwise you need to pad the Id number with leading zeros to make it 15 characters in length (i.e. in the case of iButton serial numbers, Tag Ids, HIDs, etc.)
Type.Key Yes Yes The Access ID type Key as given by the v1/GetAccessIDTypes response. Integer
Name Yes
At least one of these fields is mandatory
 The name of the Access ID owner A string of between 1 and 30 characters.
Status_ Yes The activity status of the Access ID. This determines if the Access ID can be used to withdraw fuel. -1 = active
0 = inactive (warm). This is usually used for pre-issue. i.e. a newly added Access ID, waiting on some confirmation from recipient that ID has been received before activating.
1 = inactive (hot listed). Reported lost or stolen, but can be re-activated if customer 'finds' Access ID again.
2 = inactive (closed). End of life of ID, i.e. not to be re-opened / re-issued.
Account.Number Yes The account number for this Access ID A string of between 1 and 20 characters.
PIN Yes The secret code associated with this Access ID, entered at the controller PINPad to authorise. Integer between 0 and 9999.
SubAccountNumber Yes The sub account for this Access ID. A string of between 0 and 20 characters.
Grades[i].Number No The grade number. This references a product type available at the site. Integer between 1 and 48.
Grades[i].Satus_ No The status of the specified grade number. An integer value between 0 and 1:
0 = active
1 = inactive
OdometerPrompt No Specifies whether the Access ID should prompt for the driver to enter their odometer at site. Boolean: truefalse.
Department.Name No This field is used in companies with multiple departments. It is useful for reporting but is not used at site. A string of between 0 and 30 characters.
CostCentre.Code No This field is used in companies with multiple cost centres. It is useful for reporting but is not used at site. A string of between 0 and 40 characters.
Phone No The Access ID owner's landline number. It is useful for reporting but is not used at site. A string of between 0 and 20 characters.
Mobile No The Access ID owner's mobile number. It is useful for reporting but is not used at site. A string of between 0 and 20 characters.
Fax No The Access ID owner's fax. It is useful for reporting but is not used at site. A string of between 0 and 20 characters.
Email No The Access ID owner's email. It is useful for reporting but is not used at site. A string of between 0 and 40 characters.
Street1 No The Access ID owner's street. It is useful for reporting but is not used at site. A string of between 0 and 30 characters.
Street2 No The Access ID owner's second street. It is useful for reporting but is not used at site. A string of between 0 and 30 characters.
City No The Access ID owner's city. It is useful for reporting but is not used at site. A string of between 0 and 30 characters.
State No The Access ID owner's state. It is useful for reporting but is not used at site. A string of between 0 and 10 characters.
PostCode No The Access ID owner's postcode. It is useful for reporting but is not used at site. A string of between 0 and 10 characters.
Country No The Access ID owner's country. It is useful for reporting but is not used at site. A string of between 0 and 30 characters.
Notes No Any notes associated with the Access ID. A string of between 0 and 1000 characters.
LiveDate No The date when the Access ID becomes active. Note that this field is purely used for reporting - it has no effect upon Access ID authorisations at site. A date in the format YYYY-MM-DDTHH:mm:ss. For example 6:15:45PM on 20 Jan 2052 would be represented as 2052-01-20T18:15:45.
Expires No The date when the Access ID becomes inactive. Note that this field is purely used for reporting - it has no effect upon Access ID authorisations at site. A date in the format YYYY-MM-DDTHH:mm:ss. For example 6:15:45PM on 20 Jan 2052 would be represented as 2052-01-20T18:15:45.
UserIDPrompt No Specifies whether the Access ID should prompt for the driver to enter their User ID at site. Boolean: truefalse.

Table 1

The following POST parameters may optionally be submitted with the request:

targetID

For details regarding the Target ID, please refer to the following article: https://help.tweb.com.au/TWebPublicAPI/en/Authorisation/Execute#heading_request

Step 2 - Response

The response after submitting an Access ID has the following JSON format:

{
    "Error": {
        "Code": 4502,
        "Status": "Invalid Access ID Details",
        "Field": "[1].Type.Key"
    },
    "Data": {
        "Meta": {
            "Title": "Public API: Save Access ID",
            "Endpoint": "/v1/SaveAccessIDs",
            "Hash": "34F788074917B802E6D9A133EF1B2F7A6FEC7F94"
        },
        "Items": [{
            "Number": "7777000034752",
            "Type": {
                "Key": 99
            },
            "Error": {
                "Code": 0,
                "Status": "OK"
            },
            "UserAction": 1
        }, {
            "Number": "7777000094256",
            "Type": {
                "Key": 99
            },
            "Error": {
                "Code": 4502,
                "Status": "Invalid Access ID Details",
                "Field": "Type.Key"
            },
            "UserAction": 0
        }]
    }
}

As with other endpoints, the Error object has a Code and a Status property. It also has a Field property that describes which field was at fault using a JavaScript style reference. So for example, if the first Access ID submitted in the list has an error in the account number field then Error.Field will have value [0].Account.Number. Or if the PIN in the 7th Access ID in the list has an error then Error.Field will have value [6].PIN. I.e. the list item index is addressed with square brackets starting from 0 and the property of the Access ID object with the error follows. The T-WEB Public API exits at the first error it encounters, so even if a submission has multiple errors, only the first will appear in the response.

Each submitted Access ID that was successfully processed is returned in the response under the Data.Items list. The first Access ID to be submitted that could not be successfully processed is also returned in the list. Each returned Access ID can be uniquely identified by its Number and Type.Key field. The UserAction field has the following definitions:

UserAction Code Description
1 Create new Access ID
2 Update existing Access ID

The Error JSON property is included in all responses from the TWeb Public API - both for the overall response and for each of the Access IDs submitted. The overall response Error property The possible responses when submitting an Access ID are:

Error Code Error Name Explanation
0 OK An Access ID was successfully added or updated.
1 Server Error This issue either does not fit any of the other codes or is due to a bug in the Public API code.
4000 Rate Limit Exceeded This is the second request within a 1 second period.
4002 Account Inactive Account Inactive.
4003 Session Expired Session Expired.
4008 Invalid Access Token The Access Token was not valid.
4104 Invalid Target ID The Target ID did not conform to the specifications.
4105 Invalid Filter One of the submitted filters was invalid. The Error.Status JSON property will specify which filter was incorrect.
4500 Invalid Access ID Insufficient Data None of the mandatory fields were submitted in the Access ID object.
4501 Access ID Field Not Allowed A field that is not allowed was submitted as part of the Access ID object.
4502 Invalid Access ID Details Either the Access ID has an invalid JSON structure, or else the Number or Type.Key fields are missing.
4503 Invalid Access ID Data One of the Access ID fields did not fit the format described in Table 1.
4504 Access ID Count Exceeded More than 10 Access IDs were submitted in a single request.
4505 Invalid Access ID No Changes The submitted Access ID already exists in the database with all properties matching.
4506 Invalid Access ID Ownership The Access ID exists but is owned by someone else.
4507 Invalid Access ID Account Ownership The specified Account either does not exist, is inactive, or belongs to a different site operator.

 

card fob ibutton tag
card fob ibutton tag