Introduction

Green Check Trace APIs (Application Programming Interfaces) power our platform for following the cannabis life cycle from seed to sale; simplifying and enhancing compliance along the entire value chain. Our API is based on REST (Representational State Transfer) principles.

Our API is optimized to accelerate developers ability to keep their customers compliant in highly regulated environments. The API supports a broad set of operations for integration with state contracted track and trace systems. Green Check is continuously adding new functionality to make developer’s lives easier and more productive.

Green Check loves feedback! Send your comments and requests to feedback@greencheckverified.com

Writing style

Contents: The left side pane is the navigation bar through the contents of the documentation, equipped with the additional search field to facilitate the exploration of the document.
Details: The middle pane contains all the explanations related to the API usage and how it maps to the track-and-trace platforms. Each header is referenced in the contents section of the left side pane.
Examples: The right side pane contains examples of request and response messages to fulfill the comprehension of the explanations given and guide the reader in the testing process during the integration process.

Authentication

Green Check Trace requires two forms of authentication:

API Key - to access Green Check Access APIs
Custom Auth - for integrating with state contracted track and trace systems

Trace API key (x-api-key)

Each client application will be issued a Green Check API key to be authenticated against and authorized to use the API. The Green Check API key should be provided as a value of the x-api-key header in every request to the API.

Track and trace system authentication

A second required header in each request to the Trace APIs is the Authorization header.

KMP-JSON token=ewogICAgInZlbmRvci1rZXkiOiAiIiwKICAgICJhcGkta2V5IjogIlt1c2VyX2FwaV9rZXldIgp9

This header provides the Trace API with the encoded string of credentials(keys) to authenticate the company and authorize the user in the track and trace systems.
The authorization string contains a Base64 encoded json object containing the user's credentials. See track and trace systems specific formats below:

Metrc

Value	Description
api_key	User API key obtained from metrc User Interface that is associated with an individual Metrc user and copies their permissions.
vendor_key	Vendor API key provided by metrc to third party integrators after passing certification(s).
JSON	`{"vendor-key":"[vendor_api_key]","api-key":"[user_api_key]"}`
Base64 encoded	eyJ2ZW5kb3Ita2V5IjoiW3ZlbmRvcl9hcGlfa2V5XSIsImFwaS1rZXkiOiJbdXNlcl9hcGlfa2V5XSJ9
headers: 'Authorization'	`KMP-JSON token=eyJ2ZW5kb3Ita2V5IjoiW3ZlbmRvcl9hcGlfa2V5XSIsImFwaS1rZXkiOiJbdXNlcl9hcGlfa2V5XSJ9`

The Trace API provides the ability to use a customer’s Metrc vendor key, or Green Check's vendor key.

Using Green Checks vendor API key for Metrc

To use Green Check2s key, use the following format (passing an empty string as the vendor_api_key):

{
  "vendor-key": "",
  "api-key": "[api_key]"
}

Using your vendor API key for Metrc

To use your key, use the following format:

{
  "vendor-key": "[vendor_key]",
  "api-key": "[api_key]"
}

BioTrackTHC

Value	Description
Username	Username assigned to the user through the BioTrackTHC Track and Trace interface.
Password	Password assigned to the user through the BioTrackTHC Track and Trace interface.
ubi	UBI or Universal Business Identifier provided to your customer by BioTrackTHC.
Plain text	`{"username": "user@domain.com", "password": "password", "ubi": "ABCD1234"}`
Base64 encoded	eyJ1c2VybmFtZSI6ICJ1c2VyQGRvbWFpbi5jb20iLCAicGFzc3dvcmQiOiAicGFzc3dvcmQiLCAidWJpIjogIkFCQ0QxMjM0In0=
headers: 'Authorization'	`KMP-JSON token=eyJ1c2VybmFtZSI6ICJ1c2VyQGRvbWFpbi5jb20iLCAicGFzc3dvcmQiOiAicGFzc3dvcmQiLCAidWJpIjogIkFCQ0QxMjM0In0=`

LeafData

Value	Description
x-mjf-key	API key provided by LeafData.
x-mjf-mme-code	Licensee/MME code provided to the license holder
Plain text	`{"x-mjf-mme-code":"L314", "x-mjf-key":"ExLHpsH5FwGp7GpDqJ7z"}`
Base64 encoded	eyJ4LW1qZi1tbWUtY29kZSI6IkwzMTQiLCAieC1tamYta2V5IjoiRXhMSHBzSDVGd0dwN0dwRHFKN3oifQ==
headers: 'Authorization'	`KMP-JSON token=eyJ4LW1qZi1tbWUtY29kZSI6IkwzMTQiLCAieC1tamYta2V5IjoiRXhMSHBzSDVGd0dwN0dwRHFKN3oifQ==`

For any additional authorization requirements in the track and trace systems, the clients may need to provide the facility or location(room) depending on the case. See the FAQ for more information.

Errors

Trace uses Guard Rails and rules engines to validate requests prior to sending to track and trace systems. There are two distinct error scenarios

Trace caught the error and nothing was sent to track and trace systems
Trace did not catch the error and returns a Trace error along with the original error response from the track and trace system

a. we are returning this error verbatim

The body of the error response will be JSON

Trace uses HTTP response codes to indicate the success or failure of an API request.

Codes in the 2xx range indicate success.
Codes in the 4xx range indicate an error that failed given the information provided (e.g., a required parameter was omitted, etc.).
Codes in the 5xx range indicate an error with our servers (these are rare).

The body of the response will be JSON in the following format:

Example error handled by Trace

{
  "errors": [
    {
      "status": "400",
      "title": "Bad Request",
      "detail": "license_number is missing and or invalid and required for this operation.",
      "source": "https://demo.greencheckverified.com/il/v1/strains"
      }
  ]
}

Example error not handled by Trace

{
  "errors": [
    {
      "status": "422",
      "title": "Unprocessable Entity",
      "detail": "Unprocessable Entity",
      "source": "https://demo.greencheckverified.com/wa/v1/transfers",
      "origin-status": "422"
      "origin-title": "Unprocessable Entity",
      "origin-detail": {
            "error": true,
            "error_message": "",
            "validation_messages": {
                "to_mme_id": [
                    "To MME not found"
                ]
            }
        },
      "origin-source": "https://watest.leafdatazone.com/api/v1/inventory_transfers",
      "origin-payload": null
    }
  ]
}

Error Code  | Text | Details
  ----------------|-------------|---------
  200 | OK | Successful Response
  201 | Created | Successful response for object creation
  204 | No Content | Successful response, no body
  400 | Bad Request | Invalid request, often due to missing a required parameter.
  401 | Unauthorized | Invalid or no authentication provided
  403 | Forbidden | Authenticated user does not have access to this resource
  404 | Not Found | Not Found,no longer available
  405 | Method Not Allowed | The provided http method is not authorized with the provided x-api-key
  429 | Too Many Requests | Too many requests hit the API too quickly. We recommend an exponential backoff of your requests
  500, 502, 503, 504 | Server Errors | Something went wrong on Trace's end.

Pagination

In many cases, the amount of data for certain endpoints is too much to consume or process in a given request. In instances where the amount of data returned in a get request exceeds limits that may prevent processing, requests will be limited to the first 100 results. A new records object will be added to the top of the response providing you with information about the total number of results and urls to access the next and previous set of results.

Results in paginated endpoints will be returned starting with the most recently updated records. Support will be added in the future to control sorting behavior.

"records": {
  "count": "100 - 200",
  "total": 1288,
  "previous": "https://api.greencheckverified.com/ca/v1/lots?license_number=MB12-0015-LIC&limit=100&offset=0",
  "next": "https://api.greencheckverified.com/ca/v1/lots?license_number=MB12-0015-LIC&limit=100&offset=200"
}

Query String Parameters

Parameter	Example	Details
limit	25	The number of results that the response will be limited to. Default is 100, maximum for most endpoints is 100.
offset	0	The starting record number for the filtered set of results. 0 would return the first set, where passing a number would start the result set at that record.