Documentation Index
Use the sidebar to jump to any endpoint, or scroll through the overview below to explore the Service Provider SDK by API group.Service Provider SDK Overview
The QuickMechs Service Provider SDK lets you integrate mobile mechanic services, towing, and appointment booking into your application through a single REST interface.
The Service Provider SDK is organized into five API groups: Authentication, Mobile Rides, Tow Rides, Services, and Webhooks. All endpoints share the same base URL and session token obtained through authentication.
- Authentication — How session tokens work
- Create Session — Token endpoint reference
Recommended partner flow: authenticate first, resolve the customer and mechanic, estimate or create the ride, then use the lifecycle endpoints or webhooks to follow the job through completion.
Introduction
The Service Provider SDK exposes mobile rides, tow rides, mechanics, customers, appointments, and webhooks through one REST surface. It is designed so a partner app can move from discovery to booking to job completion without switching APIs or authentication contexts.
Most integrations follow the same path: create a session, resolve a customer, discover a mechanic or estimate a ride, create the request, then poll or listen for progress updates until the job is complete.
The SDK is intentionally split into functional groups so you can integrate only the pieces you need. For example, a roadside assistance partner may only need mobile rides and webhooks, while a workshop partner may rely heavily on mechanics, customers, and appointments.
Because every request uses the same session token and the same base URL, you can build a single API client and reuse it across the entire partner workflow. That keeps authentication, error handling, and retry logic centralized in one place.
Quick Start
- 1. Obtain your Partner Public Key from the API Keys section.
- 2. Create a session to get your JWT token.
- 3. Send the token in the
Authorization: Bearer {token}header. - 4. Explore the endpoint groups below and choose the workflow you need.
Guide Links
- Authentication - Learn how the session token is issued and refreshed
- Errors - See response formats and common failure codes
- Rate Limits - Understand request limits and retry behavior
- Create Session - Jump straight to the token endpoint
- Create Ride - Start a mobile ride flow
- Create Tow - Start a tow flow
- Create Appointment - Book a service appointment
Authentication
Exchange your Partner Public Key for a JWT session token at POST /api/v1/partner/sdk/sessions. The token is short-lived, so it should be treated as a session credential rather than a permanent API key.
Send the token in the Authorization header as Bearer ... on every protected request. When the token expires, call the session endpoint again and replace the old token before continuing API work.
The session endpoint is the bridge between your long-lived partner credentials and the short-lived token used by the API. This is safer than putting a permanent secret in every client request, and it gives you a clean place to rotate credentials server-side.
In practice, your backend should request a session, cache the token until it is close to expiry, and then renew it proactively before users notice a failure. If you are building a server-to-server integration, keep the public key and any private credentials only on the server.
What To Send
| Header | Value | Required |
|---|---|---|
Authorization |
Bearer YOUR_SESSION_TOKEN |
Yes |
Content-Type |
application/json |
Yes for JSON requests |
Session Tips
- Create Session - Exchange your public key for a JWT token
- Invalid token errors - The most common auth-related failure mode
- Retry behavior - Token refresh and backoff strategy
Practical Guidance
Keep the token out of your frontend source code whenever possible. A browser app should talk to your backend, and your backend should talk to QuickMechs. That keeps the Partner Public Key and session logic under your control.
If your request starts failing with 401 errors, do not assume the whole integration is broken. The most common cause is simply that the token aged out and needs to be refreshed before retrying the original request.
Important Security Notice
Never expose your Partner Secret Key in client-side code. Always use the Public Key for session creation and keep your Secret Key secure on your backend server.
Use the Test environment during development, implement proper token refresh logic in your application, and validate all webhook signatures if you are consuming webhook events.
Errors
The API returns standard HTTP status codes with a JSON error payload. This gives you two signals at once: the HTTP status tells you the category of failure, and the error code tells you the specific reason.
For example, 400 usually means the payload needs to be corrected, 401 usually means the token is missing or expired, and 429 means you should slow down and retry later.
When an API call fails, inspect the HTTP status first, then read the error code and message to decide whether the request should be retried, corrected, or abandoned.
Most partner integrations benefit from a simple rule: treat 4xx responses as request or permission problems, and treat 5xx responses as transient platform issues unless the API tells you otherwise. That keeps retries from creating duplicate jobs or repeated cancellations.
Error Response Format
{
"error": {
"message": "Invalid session token",
"code": "INVALID_TOKEN",
"details": {}
}
}
How To Handle Errors
- 400 - Fix the payload or required parameters before retrying
- 401 - Refresh the session token and retry the request
- 403 - Check account permissions and environment access
- 404 - Verify the resource reference or ID
- 429 - Back off and retry after the window resets
- 500 - Retry only if the operation is safe to repeat
When a request creates or mutates a ride, appointment, or webhook subscription, pair your retry policy with idempotency so the same action is not processed twice. That is especially important for create, cancel, and status-change requests.
For debugging, keep the raw error payload and the request context together. In practice, the combination of endpoint, status code, payload, and timestamp makes it much easier to spot whether the issue is validation, access, missing reference data, or rate limiting.
Common Error Codes
| Status Code | Error Code | Description |
|---|---|---|
| 400 | INVALID_REQUEST |
The request was malformed or missing required parameters |
| 401 | INVALID_TOKEN |
The session token is missing, invalid, or expired |
| 403 | FORBIDDEN |
You don't have permission to access this resource |
| 404 | NOT_FOUND |
The requested resource was not found |
| 429 | RATE_LIMIT_EXCEEDED |
Too many requests. Implement exponential backoff |
| 500 | INTERNAL_ERROR |
An unexpected error occurred on our servers |
Rate Limits
Rate limits are enforced per partner account and are meant to protect both your integration and the platform. The API surfaces quota details in response headers so you can adapt dynamically instead of guessing.
Watch the rate-limit headers, back off on 429, and refresh the session token before it expires. If your app polls status endpoints frequently, add caching or longer polling intervals to stay well within the limit.
The main goal is to make your integration predictable under load. Rather than sending bursts of polling requests or retrying aggressively, spread requests out and let the response headers tell you how close you are to the limit.
Rate Limit Headers
Each API response includes rate limit information in the HTTP headers:
| Header | Description |
|---|---|
X-RateLimit-Limit |
Maximum requests per time window |
X-RateLimit-Remaining |
Remaining requests in current window |
X-RateLimit-Reset |
Unix timestamp when the window resets |
Recommended Strategy
- Read operations - Cache list and status responses when possible
- Write operations - Use idempotency keys on create, update, cancel, and webhook calls
- Retries - Back off exponentially after a 429 or transient 5xx response
- Sessions - Refresh tokens before the 15-minute TTL expires
A good partner integration usually polls only when needed and prefers webhooks for asynchronous updates. That approach lowers traffic, reduces latency, and makes it much less likely that you will run into the limit during busy periods.
If you build a background worker or sync job, add jitter to retry timing and avoid retry storms. A few extra seconds between attempts is usually better than hammering the API with many requests that all fail the same way.
Default Limits
- Test Environment: 100 requests per minute
- Live Environment: 1000 requests per minute
If you exceed the rate limit, you'll receive a 429 status code. Implement exponential backoff and retry your request after the Retry-After header duration.
Authentication API
Path: POST /api/v1/partner/sdk/sessions
Exchange your Partner Public Key for a JWT session token. Tokens are valid for 15 minutes and must be sent as a Bearer token on all subsequent requests.
Session
Create and refresh partner sessions for API access.
- Create Session — Exchange public key for JWT token
Mobile Rides API
Path: /api/v1/partner/mobile-rides
Request roadside assistance, towing, and mobile mechanic rides. Estimate fares, create rides, match drivers, and track status.
Rides
List, estimate, create, and manage mobile ride requests.
- List Rides — Paginated ride history
- Estimate Price — Fare estimate before booking
- Create Ride — Submit a new ride request
- Interested Drivers — Drivers who accepted the ride
- Accept Offer — Confirm a driver and process payment
- Ride Status — Poll ride progress
Tow Rides API
Path: /api/v1/partner/tow-rides
Estimate and create dedicated tow service requests.
Towing
Get tow estimates and book tow trucks.
- Estimate Tow — Tow fare estimate
- Create Tow — Book a tow ride
Services API
Path: /api/v1/partner/mechanics, /customers, /appointments
Search mechanics, resolve customers, and book shop appointments.
Mechanics & Appointments
Find service providers and schedule appointments for customers.
- Search Mechanics — Find mechanics by state and service
- Resolve Customer — Look up or create a customer
- Create Appointment — Book with a mechanic
Webhooks API
Path: /api/v1/partner/webhooks
Register webhook endpoints so your application can receive partner events without polling every status endpoint.
Subscriptions
Manage webhook delivery targets for partner events.
- Manage Webhooks — List, create, update, and delete subscriptions
Create SDK Session
Exchange your partner public key for a JWT session token (15 min TTL). This token is used as the Bearer header for all subsequent requests.
Token Expiration
The session token expires after 15 minutes. Implement automatic token refresh logic in your application to maintain uninterrupted API access.
Request Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
public_key |
string | Yes | Your Partner Public Key |
sdk_version |
string | No | SDK version (default: "1.0.0") |
Example Request
curl -X POST https://api.quickmechs.com/api/v1/partner/sdk/sessions \
-H "Content-Type: application/json" \
-d '{
"public_key": "pk_test_...",
"sdk_version": "1.0.0"
}'
// Enter your public key above and click Create Session
Mobile Rides — Estimate Price
Get a fare estimate before creating a ride. Returns base fare, distance fare, and total.
Request Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
pickup_latitude |
float | Yes | Pickup location latitude |
pickup_longitude |
float | Yes | Pickup location longitude |
dropoff_latitude |
float | Yes | Dropoff location latitude |
dropoff_longitude |
float | Yes | Dropoff location longitude |
service_type |
string | Yes | Type of service (towing, roadside_assistance, battery_jump_start, tire_change, fuel_delivery, lockout_assistance) |
Example Request
curl -X POST https://api.quickmechs.com/api/v1/partner/mobile-rides/estimate-price \
-H "Authorization: Bearer YOUR_SESSION_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"pickup_latitude": 40.7128,
"pickup_longitude": -74.0060,
"dropoff_latitude": 40.7589,
"dropoff_longitude": -73.9851,
"service_type": "towing"
}'
// Fill in coords and click Estimate
Mobile Rides — Interested Drivers
List drivers who have expressed interest in a pending ride. Poll this after creating a ride.
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
ref |
string | Yes | The ride reference from Create Ride |
Example Request
curl -X GET https://api.quickmechs.com/api/v1/partner/mobile-rides/{ref}/interested-drivers \
-H "Authorization: Bearer YOUR_SESSION_TOKEN"
// Click to fetch interested drivers
Mobile Rides — Accept Driver Offer
Accept a driver's offer. This processes payment and assigns the driver to the ride.
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
ref |
string | Yes | The ride reference from Create Ride |
Request Body
| Parameter | Type | Required | Description |
|---|---|---|---|
driver_ref |
string | Yes | The driver reference from Interested Drivers |
Example Request
curl -X POST https://api.quickmechs.com/api/v1/partner/mobile-rides/{ref}/accept-offer \
-H "Authorization: Bearer YOUR_SESSION_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"driver_ref": "driver_abc123"
}'
// Accept a driver offer to process payment
Mobile Rides — Get Status
Get a compact status payload. Use this to poll ride progress.
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
ref |
string | Yes | The ride reference from Create Ride |
Example Request
curl -X GET https://api.quickmechs.com/api/v1/partner/mobile-rides/{ref}/status \
-H "Authorization: Bearer YOUR_SESSION_TOKEN"
// Click to fetch current ride status
Mobile Rides — Lifecycle & Details
Use these endpoints after a ride is created to inspect the ride record and move it through the remaining lifecycle actions.
| Method | Path | Purpose | Notes |
|---|---|---|---|
GET |
/api/v1/partner/mobile-rides/{mobileRide} |
Fetch the full ride record. | Read-only detail view for the ride resource. |
PATCH |
/api/v1/partner/mobile-rides/{mobileRide} |
Update ride details before completion. | Uses partner.idempotency. |
POST |
/api/v1/partner/mobile-rides/{mobileRide}/cancel |
Cancel an open ride. | Uses partner.idempotency. |
POST |
/api/v1/partner/mobile-rides/{mobileRide}/decline-offer |
Reject the current driver offer. | Uses partner.idempotency. |
PATCH |
/api/v1/partner/mobile-rides/{mobileRide}/cancel-accepted |
Cancel after an offer was accepted. | Uses partner.idempotency. |
POST |
/api/v1/partner/mobile-rides/{mobileRide}/driver-arrived |
Mark the driver as arrived. | Uses partner.idempotency. |
POST |
/api/v1/partner/mobile-rides/{mobileRide}/start |
Start the ride. | Uses partner.idempotency. |
POST |
/api/v1/partner/mobile-rides/{mobileRide}/complete |
Complete the ride. | Uses partner.idempotency. |
POST |
/api/v1/partner/mobile-rides/{mobileRide}/rate-driver |
Submit driver feedback and rating. | Uses partner.idempotency. |
Tow Rides — Estimate Price
Get a price estimate for towing services before creating a tow ride.
Request Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
pickup_latitude |
float | Yes | Pickup location latitude |
pickup_longitude |
float | Yes | Pickup location longitude |
dropoff_latitude |
float | Yes | Dropoff location latitude |
dropoff_longitude |
float | Yes | Dropoff location longitude |
ride_type |
string | Yes | Type of tow (Wheel-Lift, Flatbed, Hook) |
Example Request
curl -X POST https://api.quickmechs.com/api/v1/partner/tow-rides/estimate-price \
-H "Authorization: Bearer YOUR_SESSION_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"pickup_latitude": 40.7128,
"pickup_longitude": -74.0060,
"dropoff_latitude": 40.7589,
"dropoff_longitude": -73.9851,
"ride_type": "Wheel-Lift"
}'
// Click to estimate tow price
Tow Rides — Create
Create a new tow ride. Towing businesses will submit offers.
Request Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
passenger_id |
integer | Yes | Passenger ID |
partner_reference |
string | No | Your internal reference |
pickup_latitude |
float | Yes | Pickup location latitude |
pickup_longitude |
float | Yes | Pickup location longitude |
dropoff_latitude |
float | Yes | Dropoff location latitude |
dropoff_longitude |
float | Yes | Dropoff location longitude |
ride_type |
string | Yes | Type of tow (Wheel-Lift, Flatbed, Hook) |
reason_for_tow |
string | No | Reason for tow |
vehicle_make |
string | No | Vehicle make |
vehicle_model |
string | No | Vehicle model |
vehicle_year |
string | No | Vehicle year |
Example Request
curl -X POST https://api.quickmechs.com/api/v1/partner/tow-rides \
-H "Authorization: Bearer YOUR_SESSION_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"passenger_id": 123,
"partner_reference": "TOW-REF-001",
"pickup_latitude": 40.7128,
"pickup_longitude": -74.0060,
"dropoff_latitude": 40.7589,
"dropoff_longitude": -73.9851,
"ride_type": "Wheel-Lift",
"reason_for_tow": "Vehicle breakdown",
"vehicle_make": "Toyota",
"vehicle_model": "Camry",
"vehicle_year": "2022"
}'
// Fill in details and click Create Tow Ride
Tow Rides — Lifecycle & Offers
Use these endpoints after a tow is created to inspect the ride, advance its status, and accept business offers.
| Method | Path | Purpose | Notes |
|---|---|---|---|
GET |
/api/v1/partner/tow-rides/{towRide} |
Fetch the full tow ride record. | Read-only detail view for the tow resource. |
PATCH |
/api/v1/partner/tow-rides/{towRide} |
Update tow request details. | Uses partner.idempotency. |
POST |
/api/v1/partner/tow-rides/{towRide}/cancel |
Cancel an open tow request. | Uses partner.idempotency. |
GET |
/api/v1/partner/tow-rides/{towRide}/status |
Poll the current tow status. | Read-only status snapshot. |
PATCH |
/api/v1/partner/tow-rides/{towRide}/cancel-accepted |
Cancel after an offer was accepted. | Uses partner.idempotency. |
POST |
/api/v1/partner/tow-rides/{towRide}/driver-arrived |
Mark the tow provider as arrived. | Uses partner.idempotency. |
POST |
/api/v1/partner/tow-rides/{towRide}/start |
Start the tow. | Uses partner.idempotency. |
POST |
/api/v1/partner/tow-rides/{towRide}/complete |
Complete the tow. | Uses partner.idempotency. |
GET |
/api/v1/partner/tow-rides/{towRide}/business-offers |
List available business offers for the tow. | Use this before accepting an offer. |
POST |
/api/v1/partner/tow-rides/{towRide}/business-offers/{towBusinessId}/accept |
Accept a business offer. | Uses partner.idempotency. |
Mechanics — Search
Find available mechanics by state and service type.
Query Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
state |
string | Yes | State to search in |
service |
string | No | Filter by service type |
per_page |
integer | No | Results per page (default: 15, max: 50) |
Example Request
curl -X GET "https://api.quickmechs.com/api/v1/partner/mechanics?state=Texas&service=engine+diagnostics&per_page=15" \
-H "Authorization: Bearer YOUR_SESSION_TOKEN"
// Enter a state and click Search
Mechanics — Profile & Schedule
Use the mechanic reference returned by search to inspect profile details and available work schedules.
| Method | Path | Purpose | Notes |
|---|---|---|---|
GET |
/api/v1/partner/mechanics/{reference} |
Fetch mechanic profile details. | Use the reference returned by Search Mechanics. |
GET |
/api/v1/partner/mechanics/{mechanic}/work-schedule |
Return the current work schedule. | Read-only schedule view. |
GET |
/api/v1/partner/mechanics/{mechanic}/new-work-schedule |
Return the alternate schedule payload. | Use this if your integration expects the newer schedule shape. |
Customers — Resolve or Create
Find an existing customer by email or phone, or create a new one. Returns an external_ref used as passenger_ref in ride creation.
Request Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
first_name |
string | Yes | Customer first name |
last_name |
string | Yes | Customer last name |
email |
string | Yes | Customer email |
phone |
string | Yes | Customer phone |
address |
string | No | Customer address |
Example Request
curl -X POST https://api.quickmechs.com/api/v1/partner/customers \
-H "Authorization: Bearer YOUR_SESSION_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"first_name": "John",
"last_name": "Doe",
"email": "john.doe@example.com",
"phone": "+1234567890",
"address": "123 Main St"
}'
// Fill in customer details and click Resolve
Appointments — Create
Book a new appointment with a mechanic for a customer.
Request Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
mechanic_ref |
string | Yes | Mechanic reference from Search Mechanics |
customer_ref |
string | Yes | Customer reference from Resolve Customer |
date |
string | Yes | Appointment date (YYYY-MM-DD) |
time |
string | Yes | Appointment time (HH:MM) |
description |
string | No | Appointment description |
partner_reference |
string | No | Your internal reference |
Example Request
curl -X POST https://api.quickmechs.com/api/v1/partner/appointments \
-H "Authorization: Bearer YOUR_SESSION_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"mechanic_ref": "mech_abc123",
"customer_ref": "user_xyz789",
"date": "2024-01-15",
"time": "10:00",
"description": "Oil change and brake inspection",
"partner_reference": "APT-REF-001"
}'
Appointments — Manage
After creating an appointment, use these routes to inspect it, update it, cancel it, or track pickup progress.
| Method | Path | Purpose | Notes |
|---|---|---|---|
GET |
/api/v1/partner/appointments/{appointment} |
Fetch the full appointment record. | Read-only detail view for the appointment resource. |
PATCH |
/api/v1/partner/appointments/{appointment} |
Update appointment details. | Uses partner.idempotency. |
POST |
/api/v1/partner/appointments/{appointment}/cancel |
Cancel an appointment. | Uses partner.idempotency. |
POST |
/api/v1/partner/appointments/{appointment}/reschedule |
Reschedule an appointment. | Uses partner.idempotency. |
GET |
/api/v1/partner/appointments/{appointment}/status |
Poll the current appointment status. | Read-only status snapshot. |
GET |
/api/v1/partner/appointments/{appointment}/pickup-progress |
Read the pickup progress state. | Useful when a pickup is part of the appointment workflow. |
GET |
/api/v1/partner/appointments/{appointment}/notify-pickup-progress |
Trigger pickup progress notification delivery. | Read this as a notification action, not a silent status fetch. |
Webhooks — CRUD
Register webhook endpoints so your application can receive partner events without polling the ride and appointment status routes.
| Method | Path | Purpose | Notes |
|---|---|---|---|
GET |
/api/v1/partner/webhooks |
List webhook subscriptions. | Read-only. |
POST |
/api/v1/partner/webhooks |
Create a webhook subscription. | Uses partner.idempotency. |
PATCH |
/api/v1/partner/webhooks/{webhook} |
Update a webhook subscription. | Uses partner.idempotency. |
DELETE |
/api/v1/partner/webhooks/{webhook} |
Delete a webhook subscription. | Uses partner.idempotency. |