API ReferenceAnalytics Data DictionaryBYOBI Data DictionaryBack to main website
Guides
Start typing to search…

Overview

Welcome! 👋

This is the official developer documentation for Lookout. Lookout is an end-to-end care management platform for Aged Care and NDIS service providers, their clients, and their workers.

The API for Lookout is based on HTTP and REST principles. This means you can use any HTTP client or programming language to interoperate with Lookout.

JSON will be returned in the body of all responses.

HTTPS only

Only requests made over HTTPS will be responded to. HTTP is not supported.

Base URL

The base URL is https://api.thelookoutapp.com/api/<company_id>/.

You can find your base URL by going to Settings > Manage API keys and looking inside the API Details panel. Your user will need the Technical role enabled to access this section.

Authentication

How to manage API keys

You can manage API keys by going to Settings > Manage API keys > New Platform API Auth. Your user will need the Technical role enabled to access this section.

When creating an API key you can specify the model authorisations it has access to and when it expires. As a rule of thumb you should prefer one API key per use case per environment with the least number of model authorisations.

You can run multiple API keys in parallel to safely rotate them without disrupting your integration.

How to format a request

The token is constructed from the API Identifier and the API Secret and is accepted through the Authorization Header.

Authorization: Bearer <IDENTIFIER>:<SECRET>

Rate limiting

To ensure fair use and optimal performance, we enforce rate limits based on the number of requests and the total duration of requests within any 1 minute interval. This means clients can sustain higher throughput for fast requests without being affected by other clients making a batch of slow requests.

Number of requests

The number of requests sent within any 1 minute interval must not exceed 1,000 requests per company across all clients.

Total duration of requests

The combined compute time of all requests sent within any 1 minute interval must not exceed 5 minutes per company across all clients.

Limit variations

These limits may be temporarily reduced during periods of high system load.

Scope

Rate limits are measured and applied company-wide. All of the API keys from a company share the same rate limit.

Handling rate limiting

Clients can detect if their company has been rate limited by checking if the response status code is 429 - Too many requests.

The Lookout API will append a retry-after header which specifies the number of seconds the client should wait before re-attempting the request.

When performing a high-volume of API requests, we recommend that you intentionally leave some headroom to avoid impacting other API usage within your company.

Updated 4 months ago

What’s Next