Skip to main content
Trailflow Partner API is the canonical integration surface for approved partners.

What partners get

  • Stable REST + JSON contract with OpenAPI 3.1 source of truth
  • Scoped Partner API keys with server-side rate limiting and separate test and live access controls
  • Load sync, tracking visibility, customer and carrier lookups, and webhook subscriptions
  • Interactive API reference generated from the same canonical contract

What this portal is for

This portal is designed to help partner engineers, solution architects, and integration agents move from first read to implementation without guessing at payload shape, environment rules, or Trailflow-specific workflow assumptions. Use it to understand the operational model behind the API, not just the endpoint surface. The guides explain how load sync, tracking, customer and carrier lookups, webhook subscriptions, idempotent writes, and go-live coordination fit together in real Trailflow integrations.

Start here

  1. Read the overview.
  2. Review the API overview and the access and environments guide.
  3. Review authentication and request rules and errors and limits.
  4. Implement the load sync flow.
  5. Configure webhooks if the integration needs push delivery.
  6. Use the examples and payloads page for representative requests and responses.
  7. Review versioning and compatibility and SDK and tooling.
  8. Use the onboarding package for credential exchange and go-live guidance.
  9. Explore the interactive API reference for endpoint-level details.

Testing model

  • Trailflow uses one production host: https://api.trailflow.ai
  • New partners should start with test keys
  • Approved partner admins may self-serve additional test keys after test access is enabled
  • live keys remain Trailflow-managed and are reserved for approved production use
  • Trailflow does not currently provide a separate public sandbox host

Contract shape

Primary resources:
  • loads
  • tracking
  • customers
  • carriers
  • webhooks
Idempotency applies to POST /v1/loads, POST /v1/loads/upsert, POST /v1/loads/{id}/status, and POST /v1/webhooks. Rate limits are checked before replay lookup, so duplicate requests can still receive 429 rate_limited. For troubleshooting, include request timestamps and requestId. Never send raw API keys or webhook signing secrets over email or chat.