REST API • OAuth 2.0 • JSON

Build on Sit(x)

Integrate external data sources, build custom applications, and extend your situational awareness platform with the Sit(x) API.

Bridge Adapter API Device / External API

Two Integration Paths

Sit(x) provides two distinct API authentication mechanisms, each designed for different integration scenarios.

Bridge Adapter API

OAuth 2.0 Client Credential Grant

System-to-system integration for flowing Cursor on Target (CoT) data in and out of Sit(x) TAK groups. No user interaction required.

ADS-B aircraft feeds
IoT sensor data
Vehicle telematics
External system integration
Cross-platform CoT routing

Learn more

Device / External API

OAuth 2.0 Device Authorization Grant

User-authenticated access for TAK devices, mobile apps, and external applications that need to operate on behalf of a specific Sit(x) user.

Custom TAK client apps
Mission management tools
GeoChat integrations
Dashboard & analytics apps
Content & file management

Learn more

Bridge Adapter API

OAuth 2.0 Client Credential Grant

Bridge Adapters provide a means to flow authorized Cursor on Target (CoT) traffic to and from your TAK groups. They enable machine-to-machine integration without requiring a user to be logged in. Common use cases include ingesting local aircraft ADS-B data, vehicle sensor telemetry, weather station data, or custom data that your organization gathers through other systems.

How It Works

Create Credentials

Generate an Access Key ID and Secret Key in the Sit(x) admin dashboard.

Define Scopes

Authorize access to specific organizations and TAK groups with granular scopes.

Request Token

POST credentials + scope URI to receive a short-lived JWT bearer token.

Stream Data

Use the token to publish/subscribe CoT data to authorized TAK groups.

Authentication

POST /api/v1/auth/token

{
  "client_id":     "your_access_key_id",
  "client_secret": "your_secret_key",
  "scope":         "{org}.takserver.{host}/{tak-group-tag}/.bridge-both"
}

Response (200 OK)

{
  "token_type":   "Bearer",
  "access_token": "eyJhbGciOiJIUzI1NiJ9...",
  "expires_in":   120
}

Scope Types

Scope	Direction	Description
.bridge-both	Bidirectional	Send and receive CoT data to/from the TAK group
.bridge-out	Outbound only	Receive CoT data from the TAK group (read-only)
.bridge-in	Inbound only	Send CoT data into the TAK group (write-only)

Credential Configuration

Persist CoT

When enabled, CoT messages published through this bridge adapter are persisted to the Sit(x) database and available for historical queries. Disable for transient data like real-time sensor readings.

P2P Bridge

Enables peer-to-peer bridge mode for direct point-to-point CoT routing. The bridge adapter acts as a dedicated transport between systems rather than publishing to all group members.

Store & Forward Source

Designates this bridge adapter as a store-and-forward source, enabling offline devices to receive data published during their disconnect period when they reconnect.

Concurrent Connection Limits

Control the maximum number of simultaneous connections a bridge adapter can maintain to the TAK server. Set to -1 for unlimited connections.

How Bridge Data Flows

After authenticating at app-api.{host}/api/v1/auth/token, bridge adapters establish a CoT connection to the authorized TAK group. Data flows as standard Cursor on Target XML messages over the bridge connection.

Inbound (bridge-in)

Your system publishes CoT messages into the TAK group. All connected TAK clients receive the data.

Outbound (bridge-out)

Your system subscribes to CoT messages from the TAK group. Receive operator positions, markers, and alerts.

Bidirectional (bridge-both)

Full two-way CoT data exchange between your system and the TAK group.

What You Can Build

ADS-B Aircraft Tracking

Ingest live aircraft position data from ADS-B receivers and display on TAK clients as CoT markers. Give your operators real-time airspace awareness.

Vehicle Telematics

Stream GPS positions from fleet vehicles, drones, or autonomous systems into the common operating picture. Track every asset in real time.

Weather & Environmental

Publish weather station data, air quality readings, or CBRN sensor data as CoT markers on the map. Overlay environmental context on operations.

IoT Sensor Networks

Bridge data from LoRaWAN, Zigbee, or MQTT sensor networks into TAK. Turn any sensor into a map marker visible to all operators.

System-to-System Bridge

Connect Sit(x) to external C2 systems, CAD platforms, or other TAK servers. Bidirectional CoT routing between ecosystems.

SIGINT & ELINT Feeds

Ingest signal intelligence or electronic intelligence data as geo-referenced CoT markers for real-time spectrum awareness.

Device / External API

OAuth 2.0 Device Authorization & SSO Integration

The Device API enables TAK client applications, mobile apps, and external tools to authenticate as a specific Sit(x) user and access the full range of organizational resources — missions, GeoChat, fileshares, notifications, content, and more.

Authentication Flows

Device Authorization Grant

For input-constrained devices (TAK clients, IoT devices) that can't easily handle a browser-based login.

Device requests a device authorization code from POST /api/v1/device/authorization/code
User enters the code on the Sit(x) web dashboard to authorize the device
Device polls POST /api/v1/device/authorization/token until authorized
Sit(x) returns an access token and refresh token

SSO Token Grant (SAML, OIDC, OAuth)

For organizations using enterprise identity providers. Sit(x) supports SAML 2.0, OpenID Connect (OIDC), and OAuth 2.0 SSO providers including Microsoft Entra ID, Okta, Google Workspace, Ping Identity, and others.

User authenticates through their organization's identity provider (browser redirect)
The SSO assertion or token is exchanged with Sit(x) for platform access tokens
Sit(x) validates the identity, maps the user to the correct organization, and returns access + refresh tokens

SAML 2.0 OpenID Connect OAuth 2.0 Entra ID Okta Google Workspace Ping Identity

Token Lifecycle

Token Refresh

Use the refresh token at /refresh/token to obtain a new access token without re-authenticating. Tokens support rotation for replay attack protection.

Re-Authentication PIN

Devices can set a re-authentication PIN for quick token renewal during extended sessions via /reauth/pin and /reauth/token.

Token Rotation

Sit(x) implements token family tracking with automatic rotation. If a previously used refresh token is presented, the entire token family is invalidated to prevent replay attacks.

Available Endpoints

Authenticated devices access these endpoints at {org}.{host}/api/v1/

Category	Endpoints	Description
Missions	/missions, /mission_packages	List, create, update, and manage missions and mission packages
GeoChat	/messages	Read, list, and mark messages as read
Fileshares	/fileshares, /fileshare/cache/upload	Browse and upload file attachments and data packages
Video	/video_feeds, /video_servers	List available video feeds and streaming servers
Content	/content, /content_labels	Manage and browse organizational content and labels
Users & Groups	/users, /tak_servers	Query users, TAK server connections, and group membership
Notifications	/notifications	List and acknowledge user notifications
Profile	/myinfo, /org_settings	Get current user info and organization settings
SOS	/sos_incidents	List emergency SOS incidents
Admin	/admin/sos_incidents, /admin/video_feeds	Admin-scoped endpoints for creating incidents and managing video feeds

What You Can Build

Custom TAK Clients

Build TAK client applications on any platform with full auth, messaging, missions, and location sharing.

Chat Integrations

Bridge Sit(x) GeoChat into Slack, Teams, or custom chat platforms with read/reply capability.

Custom Dashboards

Build operational dashboards with live connection status, group membership, and mission tracking.

Alert Systems

Monitor notifications and SOS incidents to trigger automated alerts, pager integrations, or escalation workflows.

Content Management

Automate content distribution — push SOPs, field manuals, and reference materials to users through the API.

Security by Design

Short-Lived Tokens

Bridge tokens expire in minutes. Device tokens are time-bounded with configurable expiration.

Login Origin Restrictions

API tokens are validated against country-based IP restrictions. Unauthorized origins are blocked and logged.

Granular Scopes

Bridge adapters are authorized per organization, per TAK group, per direction. No broad access.

Full Audit Trail

Every token grant, API call, and failed attempt is logged with IP, timestamp, and client identifier.

Ready to Integrate?

Contact our team to discuss your integration requirements and get started with API access.