TrackRoad API Reference Overview

Q: How do I authenticate with the TrackRoad REST API?

Send your API key (TrackServiceKey) in the X-API-Key header on every REST request.

Q: How do I authenticate with the TrackRoad SOAP API?

Include SessionIDHeader in SOAP requests and set SessionID to your API key (TrackServiceKey). Login and Logout are legacy and not required for new integrations.

TrackRoad provides REST and SOAP APIs to help you build applications for route optimization, multi-vehicle dispatch, geocoding, routing, and ETA and distance calculations.

Use this API hub to find authentication, service base URLs, and the list of available REST endpoints and SOAP operations for TrackRoad routing and dispatch integrations.

API reference overview: REST endpoints, SOAP operations, and authentication using TrackServiceKey.

Before you begin

Generate your API Key (TrackServiceKey) in your TrackRoad account. See API authentication .
For route optimization workflows, start with Route Optimization API Guide .

Need the full REST contract?

Swagger provides the complete list of REST endpoints, parameters, request models, and response models for faster TrackRoad API integration.

View Swagger UI Dispatch API

REST and SOAP base URLs
REST API endpoints
SOAP API operations
REST authentication (X-API-Key)
SOAP authentication (SessionIDHeader)
Login / Logout (legacy)
Security best practices
Common authentication errors
FAQ

REST and SOAP base URLs#

TrackRoad provides two API styles: REST and SOAP. All endpoints are rooted at the same service host.

API	URL
Base URL	https://trackservice.trackroad.com
REST base URL	https://trackservice.trackroad.com/rest
SOAP service endpoint	https://trackservice.trackroad.com/TrackService.asmx

REST API endpoints#

REST calls are defined by HTTP method + endpoint. This overview helps developers quickly find TrackRoad dispatch, geocoding, routing, credit, and legacy authentication endpoints.

HTTP Method	Endpoint	Operation	Description
POST	`/rest/dispatch`	Dispatch	Optimize and dispatch stops across multiple vehicles, including stop order, ETA, distance, duration, and skipped or unassigned stops. Docs: Dispatch API
POST	`/rest/geocode`	Geocode	Convert addresses into latitude and longitude coordinates, optionally with match confidence scoring. Docs: Geocoding API
POST	`/rest/route`	Route	Calculate a route from a sequence of locations for routing, navigation, and travel-time use cases. Docs: Route API
POST	`/rest/routes`	Routes	Calculate multiple routes in one request for batch routing and fleet planning workflows. Docs: Routes API
POST	`/rest/credit`	Credit	Return the remaining credit count available to the TrackRoad account or integration. Docs: Credit API
POST	`/rest/login`	Login (legacy)	Legacy endpoint that returns an API key for older integrations. New implementations should use API key authentication directly. Docs: API Authentication
POST	`/rest/logout`	Logout (legacy)	Legacy endpoint that ends a legacy session.

Use Swagger UI for the complete REST contract, including parameters, models, and current request and response schema details.

SOAP API operations#

SOAP calls are defined by service endpoint + operation + SOAPAction. All operations are invoked via HTTP POST on the TrackRoad SOAP service endpoint.

Authentication: For SOAP requests, include SessionIDHeader and set SessionID to your API Key (TrackServiceKey). Login and Logout are legacy and not required for new integrations.

Service endpoint	Operation	SOAPAction	Description
`/TrackService.asmx`	Dispatch	http://TrackService.TrackRoad.com/Dispatch	Dispatch and optimize large stop lists across multiple vehicles for route optimization workflows. Docs: Dispatch API
`/TrackService.asmx`	Geocode	http://TrackService.TrackRoad.com/Geocode	Accept a list of addresses or locations and return geocoded stops with latitude, longitude, and optional match codes. Docs: Geocoding API
`/TrackService.asmx`	CalculateRoute	http://TrackService.TrackRoad.com/CalculateRoute	Generate turn-by-turn directions and route maps for a single route. Docs: Route API
`/TrackService.asmx`	CalculateRoutes	http://TrackService.TrackRoad.com/CalculateRoutes	Generate directions and maps for multiple routes, including an overall map for all routes. Docs: Routes API
`/TrackService.asmx`	CalculateDistance	http://TrackService.TrackRoad.com/CalculateDistance	Return driving distance and travel time from point A to point B.
`/TrackService.asmx`	CreditRemaining	http://TrackService.TrackRoad.com/CreditRemaining	Return the remaining credit count for the account. Docs: Credit API
`/TrackService.asmx`	GetRouteList	http://TrackService.TrackRoad.com/GetRouteList	Return a list of routes created in an account, with filters such as date range, owner, and route name.
`/TrackService.asmx`	GetRoute	http://TrackService.TrackRoad.com/GetRoute	Return a route by RouteID.
`/TrackService.asmx`	GetTrack	http://TrackService.TrackRoad.com/GetTrack	Accept FromDate and ToDate in UTC and return GPS coordinates with UTC timestamps for the selected period.
`/TrackService.asmx`	Login	http://TrackService.TrackRoad.com/Login	Legacy session-based authentication. New integrations should send TrackServiceKey as SessionIDHeader and SessionID. Docs: API Authentication
`/TrackService.asmx`	Logout	http://TrackService.TrackRoad.com/Logout	End a legacy SOAP session.

WSDL: https://trackservice.trackroad.com/TrackService.asmx?WSDL

REST authentication (X-API-Key)#

For REST requests, send your API Key (TrackServiceKey) in the X-API-Key header on every request.

curl -X POST "https://trackservice.trackroad.com/rest/dispatch" \
  -H "Content-Type: application/json" \
  -H "X-API-Key: YOUR_TRACKSERVICEKEY" \
  -d '{ }'

using System.Net.Http;
using System.Net.Http.Headers;
using System.Text;

var url = "https://trackservice.trackroad.com/rest/dispatch";
using var http = new HttpClient();

http.DefaultRequestHeaders.Add("X-API-Key", "YOUR_TRACKSERVICEKEY");

var json = "{ }";
using var content = new StringContent(json, Encoding.UTF8, "application/json");

var resp = await http.PostAsync(url, content);
var body = await resp.Content.ReadAsStringAsync();
Console.WriteLine(body);

const url = "https://trackservice.trackroad.com/rest/dispatch";

const res = await fetch(url, {
  method: "POST",
  headers: {
    "Content-Type": "application/json",
    "X-API-Key": "YOUR_TRACKSERVICEKEY"
  },
  body: JSON.stringify({})
});

console.log(await res.text());

import okhttp3.*;

public class Main {
  public static void main(String[] args) throws Exception {
    OkHttpClient client = new OkHttpClient();

    RequestBody body = RequestBody.create("{}", MediaType.parse("application/json"));
    Request request = new Request.Builder()
      .url("https://trackservice.trackroad.com/rest/dispatch")
      .post(body)
      .addHeader("Content-Type", "application/json")
      .addHeader("X-API-Key", "YOUR_TRACKSERVICEKEY")
      .build();

    try (Response response = client.newCall(request).execute()) {
      System.out.println(response.body().string());
    }
  }
}

import requests

url = "https://trackservice.trackroad.com/rest/dispatch"
headers = {
  "Content-Type": "application/json",
  "X-API-Key": "YOUR_TRACKSERVICEKEY"
}

r = requests.post(url, headers=headers, json={})
print(r.text)

<?php
$url = "https://trackservice.trackroad.com/rest/dispatch";

$ch = curl_init($url);
curl_setopt_array($ch, [
  CURLOPT_POST => true,
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_HTTPHEADER => [
    "Content-Type: application/json",
    "X-API-Key: YOUR_TRACKSERVICEKEY"
  ],
  CURLOPT_POSTFIELDS => "{}"
]);

$response = curl_exec($ch);
curl_close($ch);

echo $response;

require "net/http"
require "uri"
require "json"

uri = URI.parse("https://trackservice.trackroad.com/rest/dispatch")
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true

req = Net::HTTP::Post.new(uri.request_uri)
req["Content-Type"] = "application/json"
req["X-API-Key"] = "YOUR_TRACKSERVICEKEY"
req.body = {}.to_json

res = http.request(req)
puts res.body

package main

import (
  "bytes"
  "fmt"
  "net/http"
  "io"
)

func main() {
  url := "https://trackservice.trackroad.com/rest/dispatch"
  payload := []byte(`{}`)

  req, _ := http.NewRequest("POST", url, bytes.NewBuffer(payload))
  req.Header.Set("Content-Type", "application/json")
  req.Header.Set("X-API-Key", "YOUR_TRACKSERVICEKEY")

  client := &http.Client{}
  resp, err := client.Do(req)
  if err != nil { panic(err) }
  defer resp.Body.Close()

  b, _ := io.ReadAll(resp.Body)
  fmt.Println(string(b))
}

import okhttp3.MediaType.Companion.toMediaType
import okhttp3.OkHttpClient
import okhttp3.Request
import okhttp3.RequestBody.Companion.toRequestBody

fun main() {
  val client = OkHttpClient()
  val mediaType = "application/json".toMediaType()
  val body = "{}".toRequestBody(mediaType)

  val request = Request.Builder()
    .url("https://trackservice.trackroad.com/rest/dispatch")
    .post(body)
    .addHeader("Content-Type", "application/json")
    .addHeader("X-API-Key", "YOUR_TRACKSERVICEKEY")
    .build()

  client.newCall(request).execute().use { response ->
    println(response.body?.string())
  }
}

#include <stdio.h>
#include <curl/curl.h>

int main(void) {
  CURL *curl = curl_easy_init();
  if (!curl) return 1;

  struct curl_slist *headers = NULL;
  headers = curl_slist_append(headers, "Content-Type: application/json");
  headers = curl_slist_append(headers, "X-API-Key: YOUR_TRACKSERVICEKEY");

  curl_easy_setopt(curl, CURLOPT_URL, "https://trackservice.trackroad.com/rest/dispatch");
  curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers);
  curl_easy_setopt(curl, CURLOPT_POSTFIELDS, "{}");

  CURLcode res = curl_easy_perform(curl);

  curl_slist_free_all(headers);
  curl_easy_cleanup(curl);

  return (res == CURLE_OK) ? 0 : 1;
}

#include <curl/curl.h>

int main() {
  CURL* curl = curl_easy_init();
  if (!curl) return 1;

  struct curl_slist* headers = nullptr;
  headers = curl_slist_append(headers, "Content-Type: application/json");
  headers = curl_slist_append(headers, "X-API-Key: YOUR_TRACKSERVICEKEY");

  curl_easy_setopt(curl, CURLOPT_URL, "https://trackservice.trackroad.com/rest/dispatch");
  curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers);
  curl_easy_setopt(curl, CURLOPT_POSTFIELDS, "{}");

  CURLcode res = curl_easy_perform(curl);

  curl_slist_free_all(headers);
  curl_easy_cleanup(curl);

  return (res == CURLE_OK) ? 0 : 1;
}

@import Foundation;

int main() {
  @autoreleasepool {
    NSURL *url = [NSURL URLWithString:@"https://trackservice.trackroad.com/rest/dispatch"];
    NSMutableURLRequest *req = [NSMutableURLRequest requestWithURL:url];
    req.HTTPMethod = @"POST";
    [req setValue:@"application/json" forHTTPHeaderField:@"Content-Type"];
    [req setValue:@"YOUR_TRACKSERVICEKEY" forHTTPHeaderField:@"X-API-Key"];
    req.HTTPBody = [@"{}" dataUsingEncoding:NSUTF8StringEncoding];

    dispatch_semaphore_t sema = dispatch_semaphore_create(0);

    NSURLSessionDataTask *task =
      [[NSURLSession sharedSession] dataTaskWithRequest:req
      completionHandler:^(NSData *data, NSURLResponse *resp, NSError *err) {
        if (data) {
          NSString *s = [[NSString alloc] initWithData:data encoding:NSUTF8StringEncoding];
          NSLog(@"%@", s);
        }
        dispatch_semaphore_signal(sema);
      }];

    [task resume];
    dispatch_semaphore_wait(sema, DISPATCH_TIME_FOREVER);
  }
  return 0;
}

import Foundation

let url = URL(string: "https://trackservice.trackroad.com/rest/dispatch")!
var req = URLRequest(url: url)
req.httpMethod = "POST"
req.setValue("application/json", forHTTPHeaderField: "Content-Type")
req.setValue("YOUR_TRACKSERVICEKEY", forHTTPHeaderField: "X-API-Key")
req.httpBody = "{}".data(using: .utf8)

let task = URLSession.shared.dataTask(with: req) { data, _, error in
  if let data = data {
    print(String(data: data, encoding: .utf8) ?? "")
  } else if let error = error {
    print(error)
  }
}
task.resume()

Keep API keys server-side. Do not embed keys in browser or mobile client code.

SOAP authentication (SessionIDHeader)#

For SOAP requests, include SessionIDHeader and set SessionID to your API Key (TrackServiceKey).

<soap:Header>
  <SessionIDHeader xmlns="http://TrackService.TrackRoad.com/">
    <SessionID>YOUR_TRACKSERVICEKEY</SessionID>
  </SessionIDHeader>
</soap:Header>

Example SOAP call (Dispatch)

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
  <soap:Header>
    <SessionIDHeader xmlns="http://TrackService.TrackRoad.com/">
      <SessionID>YOUR_TRACKSERVICEKEY</SessionID>
    </SessionIDHeader>
  </soap:Header>
  <soap:Body>
    <Dispatch xmlns="http://TrackService.TrackRoad.com/">
      <specification>
        <RoutingService>NetRoad</RoutingService>
        <DistanceUnit>Mile</DistanceUnit>
        <RouteOptimize>MinimizeTime</RouteOptimize>
        <Vehicles>
          <Vehicle><Name>Truck 1</Name></Vehicle>
        </Vehicles>
        <Locations>
          <Location>
            <Address>
              <Street>1 Market St</Street>
              <City>San Francisco</City>
              <State>CA</State>
              <PostalCode>94105</PostalCode>
              <Country>USA</Country>
            </Address>
          </Location>
        </Locations>
      </specification>
    </Dispatch>
  </soap:Body>
</soap:Envelope>

Set the correct SOAPAction HTTP header for each SOAP operation when calling the TrackRoad SOAP API.

Legacy notice: Login and Logout remain documented for older integrations, but they are not required for new implementations. New integrations should use an API Key (TrackServiceKey) generated in the TrackRoad account.

Preferred: API key authentication — API Authentication
Legacy: REST /rest/login, /rest/logout and SOAP Login / Logout.

Security best practices#

Never embed API keys in client-side code such as browser or mobile apps. Keep keys server-side.
Use HTTPS only for all TrackRoad API requests.
Rotate keys if exposed and limit who has access to production credentials.
Avoid logging secrets such as headers, API keys, or full payloads containing sensitive data.

Common authentication errors#

401 / Unauthorized: Missing or invalid X-API-Key for REST, or missing or invalid SessionIDHeader for SOAP.
403 / Forbidden: The key is valid but blocked, expired, or out of credit.

FAQ#

How do I authenticate with the TrackRoad REST API?

Send your API key (TrackServiceKey) in the X-API-Key header on every REST request.

How do I authenticate with the TrackRoad SOAP API?

Include SessionIDHeader in SOAP requests and set SessionID to your API key (TrackServiceKey). Login and Logout are legacy and not required for new integrations.

Do I still need Login and Logout?

No for new integrations. Modern TrackRoad integrations should use API key authentication. Login and Logout remain for backward compatibility with older implementations.

Where can I find the complete REST API contract?

Use Swagger UI to browse the full list of REST endpoints, parameters, request models, and response models.

Ready to build with TrackRoad?

Generate your API Key (TrackServiceKey), then explore the full REST contract in Swagger or continue with Dispatch API documentation.

Get API Key View Swagger UI

Table of Contents