ACCESS API

Overview
Exploring with Postman
Common to all API Calls
Log In, Security JWT
Student Match
Student Assign State-ID
Student Get Application Data
Student Get Transcript PDF
Student Send Transcript to College
Get State-IDs for Administrator
Manage Notice Emails
Get API Activity Log
List Private Schools
Dashboard: Students Information
Dashboard: Due for Graduation Summary by District LEA
Dashboard: Due for Graduation for District LEA

Account Management

Forgot Password
Sign Up
Invite a Friend

Account Owners

Permissions
Messages

Arkansas Civics Test

Student - Registration
Student - Taking Test
Test - Accommodations
Exam - Rostering
Transcript - Met Civics
Viewing Reports

Community Service Learning

Overview
Data Entry
Data File - Download
Data File - Upload

Data Services Agreements

Overview

Online Testing

Test - Accommodations

Private Schools

Managing TIDE DTCs
File Upload Specification
DTC User Instructions

Home Schools

Managing TIDE DTCs
File Upload Specification
DTC User Instructions

Smart Core

Student View
Teachers

Student Transcripts

Searching
Sections
Training Mode
Immunizations
State IDs
Copy student immunization records
Copy Course History
Send a Transcript to a College
Smart Core Reports for Students
View Student Records and Request Transcripts

Advanced Searching

Students
Staff
Schedules
Tests
Users

OneRoster API

Overview
Sample District
Best Practices
Data Dictionary

Student Data API

Overview
Getting Started
Authentication
Login Endpoint
Search Students
Get Sections by State IDs
Search Staff Catalog
Search Schedules
Error Handling
Rate Limits and Quotas

Log In, Security JWT

To inhibit brute-force attacks, the ACCESS API requires a Proof-of-Work (POW) challenge to be solved before a JWT token is issued. The Proof-of-Work challenge is a SHA256 hash that must be solved by the client before the JWT token can be obtained.

The POW challenge is obtained by calling the following URL:

GET - https://rest.triand.com/Session/powChallenge

curl -X GET https://rest.triand.com/Session/powChallenge  \
     -H "Accept: application/json"

 &#123"challenge":"eyJjb2InR...really long string...iYjdmZDcyxZiJ9"}

The response contains a challenge string that must be solved by the client. The client must solve the challenge by finding a solution that, when hashed with the challenge string, produces a hash that starts with a certain number of leading zeros. The POW challenge expires in two minutes.

Triand uses the NPM Javascript Package "hashcash" to implement POW. The Postman collection supplied above uses the following to solve the POW challenge:

Depending upon the speed of your system generating the response will take between 1 and 6 seconds. Once you are logged in you will not need to repeat the POW solution again.

The client must then send the solution to the following URL to log in and obtain a JWT token:

POST - https://rest.triand.com/Session/login

The request body must contain the following parameters:

Example post and response:

curl -X POST https://rest.triand.com/Session/login  \
     -H "Accept: application/json" \
     -H "Content-Type: application/json" \
     -d '&#123   \
      "email": "&#123your email or ActiveDirectoryId}",   \
      "password": "&#123your password}",   \
      "powChallenge": "eyJjb2InR...really long string...iYjdmZDcyxZiJ9",   \
      "powSolution": "eyJjb23er...really long string...iawei"   \
    &#125'

&#123
  "params": &#123
    "actionOk":true,
    "error":[]
  },
  "timing":&#123
    "srvStart":"2025-06-14 01:24:11.372",
    "srvEnd":"2025-06-14 01:24:11.527",
    "srvMills":155
  },
  "jwt":"eyJ0eX...valid JWT token...sZNSf6Eitg",
  "frtTkn":"eyJ0eXAiO1QiLC...ignore this string...MSwianRpIJEK1nA"
}

The jwt in the response is used in following calls as the header "Authorization: Bearer ....."

ß