ETO Software's API allows social impact organizations to create functional applications or integrations through remote execution. Authentication is performed by making REST-based web service requests with an active ETO account. Your ETO solution will need the API feature enabled.

Please go to and you will find the available methods for each functional area of ETO. If you are interested in using our test environment or would like more information on how to access your API, please contact your Account Manager.

Note: Australian users should go to

To log into the API there are three main methods that are used. The first two are required. These methods can be found and executed on the API docs link above.


  • This POST method will authenticate the user account and requires the user email address and password
  • The Response will provide SSOAuthToken which will be used in the next method
  • Example of SSOAuthenticateWrapper used in this method
  "security": {
    "Email": "",
    "Password": "ExamplePassword1!",


  • This GET method logs you into the site and requires your Site ID, EnterpriseGuid , SSOAuthToken (from previous call) and a CurrentTimeZoneOffset
  • To access your EnterpriseGuid, log into ETO and on the navigation bar go to Marketplace > View Marketplace. Click on Free Add-Ons and then click on 'View Details' next to Barcode Sync. The Validation Code on this page is your Enterprise Guid.
  • The Response will have a SecurityToken that you will need for all other calls


  • This will log you into a specific program and needs EnterpriseGuid, SecurityToken, and UpdateCurrentProgramWrapper

The SSOAuthToken and SecurityToken will no longer be valid (will expire) if one of the following happens:

  • The account you are using to authenticate within the API then logs directly into the ETO UI. This is considered a concurrent log in and the first log in (the API authentication) will be kicked off
  • You are idle for the amount of time that is set as the session time out limit, which is set on a site by site basis with the 'security token recycle interval' setting in ETO.

If either of the above happens you will get an authentication error the next time you go to do something with the API. At that point you will need to start from the beginning of this article in order to start a new session with new tokens.

Did this answer your question?