Developer Platform

Integrations for casework, command systems, and event feeds

Connect Public Safety to CAD, RMS, evidence stores, watchlists, and external analytics without stripping away the case, entity, and evidence relationships operators rely on.

View API Documentation Contact Integration Team

Operational readout

query lane for case, entity, and evidence retrieval

GraphQL

sync lane for systems that need explicit contracts

REST

event lane for live alerts and command updates

WebSocket

identity patterns for partner and enterprise access

OAuth / JWT

Integration pressure

Connector projects drift when records, events, and identity models do not line up

Casework systems fail at the edges when the integration surface treats operational data like generic tables instead of a living record with policy, chronology, and evidence links.

CAD, RMS, watchlists, evidence stores, and partner systems need different interface patterns without breaking the shared data model.

Auth, tenancy, and export policy have to travel with the integration rather than being bolted on later.

Implementation teams need real schemas and payload examples early enough to avoid another brittle connector cycle.

The shortest path is to design around the operational record first, then choose the transport.

Operational contract

Integrations should preserve the case record, not flatten it into disconnected exports

The interface layer needs to move casework, evidence, and event history without stripping away the relationships operators rely on.

Delivery sequence

Map the case model, attach identity, then choose the lane that matches the job

A stable integration program starts with the record shape and policy boundaries before teams start arguing about transports.

Data fidelity

Evidence and document context should survive the handoff

Export, sync, and alert flows are only useful if the receiving system can still trace the material back to the originating case.

Record mapping

Start with cases, entities, evidence, and timelines as the shared contract

Align external systems to the operational record so identifiers, chronology, and related evidence remain intact across every connector.

Shared contract for case, entity, evidence, and event data

Identity and scope

Bind partner access to tenant, workflow, and review policy

Decide who can query, sync, or subscribe before credentials are issued so external systems stay inside the same governance model as operators.

Scoped credentials with tenant and workflow boundaries

Transport fit

Choose query, sync, or event delivery based on the operational need

Analyst lookups, backend synchronisation, and live operational updates should not be forced through the same shape or latency profile.

GraphQL, REST, or WebSocket applied where each one belongs

Implementation proof

Test with live payloads before the connector enters production

Use schema docs, SDK examples, and event traces that show what the real case and evidence model looks like in practice.

Connector validated against operational payloads, not guessed fields

Three Integration Lanes

Run query, synchronisation, identity, and delivery from one integration control plane

Query, sync, or subscribe depending on the operational job instead of forcing everything through one connector pattern.

GraphQL API

Query case, entity, evidence, and timeline data without over-fetching or flattening operational context.

Pull case, entity, evidence, and timeline fields without exporting the entire record.

Keep relationship context intact when dashboards and casework need the same underlying data.

Let analyst and developer teams inspect the same operational model during implementation.

REST API

Use predictable endpoints for system-to-system synchronisation, legacy connectors, and controlled data exchange.

Move predictable system-to-system jobs such as RMS sync, watchlist updates, and evidence indexing.

Version endpoints explicitly when partner environments cannot absorb constant schema churn.

Support staged rollout for legacy connectors while the operational model stays consistent.

WebSocket

Stream live case, alert, and command events into dashboards, notifications, and partner workflows as operations evolve.

Push alert, command, and case-state changes into live dashboards and partner workflows.

Keep notification and triage systems current without polling loops and fragile workarounds.

Surface operational change as it happens instead of after the next batch process completes.

Secure Authentication

Support API keys, JWT-based access, and OAuth 2.0 flows that fit enterprise identity, partner systems, and scoped operational access.

Support scoped service accounts, short-lived tokens, and enterprise identity handoff.

Tie integration credentials back to tenant, partner, and audit context.

Rotate and revoke access without guessing which downstream system is still using a key.

Interactive Documentation

Give engineers usable schemas, playgrounds, and request traces instead of leaving delivery teams to reverse-engineer the surface.

Publish usable schemas, examples, and request traces before connector work starts.

Give implementation teams enough detail to test mappings without vendor back-and-forth.

Keep operational payload examples close to the real case and evidence model.

Client SDKs

Accelerate delivery with client patterns that handle auth, retries, and structured error handling in the languages teams already use.

Cut time-to-first-request for internal teams and external partners.

Reduce boilerplate around auth, retries, and structured error handling.

Keep generated client behavior aligned with the live API contract.

Query lane

Query casework without over-fetching

The contract follows investigations, evidence, and operational events so delivery teams can pull what they need without rebuilding the domain model from scratch.

query CaseBoard($caseId: ID!) {
  investigation(id: $caseId) {
    id
    title
    status
    assignedTeam {
      name
      role
    }
    relatedEntities(limit: 6) {
      id
      displayName
      riskLevel
    }
    evidence(limit: 4) {
      id
      type
      chainOfCustody {
        timestamp
        action
        actor
      }
    }
    timeline(limit: 10) {
      timestamp
      description
      severity
    }
  }
}

Connector target

Connectors should preserve the record a reviewer expects to open

If the receiving system cannot tell which case, evidence item, and review history a payload came from, the integration is losing operational value.

Event lane

{
  "eventType": "case.alert.priority_raised",
  "caseId": "INV-2026-1847",
  "tenantId": "metro-major-crimes",
  "severity": "critical",
  "triggeredAt": "2026-03-17T21:14:22Z",
  "source": "watchlist-correlation",
  "entityIds": ["ENT-4491", "ENT-8712"],
  "reviewPath": "/cases/INV-2026-1847/alerts/critical"
}

Live events should still point the receiving system back to the case, tenant, entity set, and review surface that created the alert.

Inbound systems

CAD, RMS, evidence, and watchlist feeds

Use explicit sync contracts where source systems need durable resources and predictable retry behaviour.

Analyst surfaces

Search, dashboards, and investigative review

Use query-driven retrieval when operators need selective fields and relationship context without pulling the full record every time.

Outbound actions

Alerts, notifications, and workflow triggers

Use live event delivery when partner systems need to react to changing case state instead of waiting for the next batch cycle.

Implementation proof

Build against concrete operational patterns, not generic "API platform" claims

Integrations are credible when they show how cases, evidence, events, identity, and partner systems behave together in production.

Deployment patterns

Match the interface to the operational job instead of forcing every system through one connector

Use GraphQL for case review, search augmentation, and investigative dashboards that need selective fields.

Use REST for CAD, RMS, watchlist, and evidence synchronisation where explicit resources matter.

Use WebSocket delivery for live alerts, command updates, and workflow triggers during active operations.

Keep the same case, entity, and evidence identifiers across all three lanes so teams are not reconciling data by hand.

Security posture

Treat integrations like operational participants, not blind pipes

Scope credentials by tenant, partner, and workflow so the integration gets only what it should touch.

Audit token issuance, endpoint use, and export paths the same way you audit operator actions.

Keep partner traffic inside the same retention and review model used by the platform.

Preserve record-level boundaries instead of flattening protected material into generic payload dumps.

Implementation evidence

Give delivery teams something concrete to build against

Operational examples should show cases, evidence, entities, and event history in one contract.

Implementation teams need playgrounds, schema docs, and error traces early in the project.

Connector work should start with the live domain model, not a spreadsheet of guessed fields.

Testing should prove that the outbound event still ties back to the original operational record.

Review connector fit before the project turns into another spreadsheet exercise

Walk through your CAD, RMS, evidence, and event-stream requirements with the actual API surface and payload shapes in view.

View API Documentation Contact Integration Team