Base URL
http://api.example.comIndex
For partner integration use (25.01.00)
Getting Started
Getting a JWT Access Token
POST https://authentication.api.lwolf.com/v1/login
All APIs require an Authorization HTTP Header that contains a Bearer {token} as its value. The token is a JSON Web Token (JWT) and can be generated as needed from the Authentication API using a POST request to the /v1/login endpoint with your provided credentials / secrets.
This will provide a JWT token in the response which can then be used as your Bearer token in your Authorization header when making API calls.
Request Example
{
"emailAddress": "api-aaaa111@apps.lwolf.com",
"password": "AAAA111",
"clientId": "GgP8g-zksBgWuXum!DbXh*qASYCsfNZF"
}
cURL
curl --location --request POST 'https://authentication.api.lwolf.com/v1/login' \
--header 'Content-Type: application/json' \
--data-raw '{
"emailAddress": "api-aaa111@apps.lwolf.com",
"clientId": "AAAA111",
"password": "GgP8g-zksBgWuXum!DbXh*qASYCsfNZF"
}'
Response Example (200 OK)
{
"token": "<JWT string>",
"expiresIn": 86400
}
Searching Deals
Using Field Search on Summaries
GET https://deals.api.lwolf.com/v1/search
The Deals API supports searching deal summaries, compact and heavily indexed versions of deals, by a single field and value.
Example
https://deals.api.lwolf.com/v1/deals/search?entityPath=deal&fieldName=bwId&searchText=12345
Using OData on Full Details
GET https://deals.api.lwolf.com/v1/deals
The Deals API supports searching deals using a subset of OData queries ($filter, $top, $skip, $limit). Any top-level field can be used in a query however at the current time fields from nested objects is not supported. As well the use of the IN operator is not supported, however multiple OR operators can be used instead.
Example
https://deals.api.lwolf.com/v1/deals?$filter=addressStreetNumber%20eq%20%27263%27%20and%20%20addressStreetName%20eq%20%27Wellington%20St%27%20and%20addressUnitNumber%20eq%20%27701%27
API for managing deals, commissions, conditions, and client contacts.
Roster API
Lone Wolf Technologies Roster API
API Endpoint: https://roster.api.lwolf.com/v1
Schemes: https
Version: 1.0.0
Authentication
Bearer Token
Use the Authentication API to retrieve the JSON Web Token for all calls to this API. Pass the token as Authorization: Bearer {token} in the request header.
Members
Add new member
POST /members
If the 'id' is passed in this object, the API will attempt to use that for its member id. If 'id' is null or undefined, the API will generate one.
Request Example
{
"id": "string (UUID)",
"bwId": "number (int32)",
"firstName": "string",
"middleName": "string",
"lastName": "string",
"number": "string",
"officeId": "string (UUID)",
"bwOfficeId": "number (int32)",
"inactiveDate": "string (date)",
"legalName": "string",
"primaryEmailAddress": "string",
"addressLine1": "string",
"addressLine2": "string",
"addressCity": "string",
"addressPostalCode": "string",
"addressProvinceCode": "string",
"addressCountryCode": "string",
"birthDate": "string (date)",
"typeId": "string",
"lwaId": "string (UUID)",
"memberTypeCode": {
"createdTimestamp": "string (date-time)",
"modifiedTimestamp": "string (date-time)",
"id": "string (UUID)",
"code": "string",
"name": "string"
}
}
| Response | Description |
|---|---|
| 201 Created | Member created |
| 400 Bad Request | Invalid request. See response body for details. |
| 401 Unauthorized | Unauthorized request. See response body for details. |
| 403 Forbidden | Permission denied. See response body for details. |
| 409 Conflict | Member already exists. |
| 500 Internal Server Error | Unknown error. See response body for details. |
Response Example (201 Created)
{
"createdTimestamp": "string (date-time)",
"modifiedTimestamp": "string (date-time)",
"id": "string (UUID)",
"version": "number (int32)",
"bwId": "number (int32)",
"firstName": "string",
"middleName": "string",
"lastName": "string",
"number": "string",
"officeId": "string (UUID)",
"bwOfficeId": "number (int32)",
"inactiveDate": "string (date)",
"legalName": "string",
"primaryEmailAddress": "string",
"addressLine1": "string",
"addressLine2": "string",
"addressCity": "string",
"addressPostalCode": "string",
"addressProvinceCode": "string",
"addressCountryCode": "string",
"birthDate": "string (date)",
"typeId": "string",
"lwaId": "string (UUID)",
"memberTypeCode": {
"createdTimestamp": "string (date-time)",
"modifiedTimestamp": "string (date-time)",
"id": "string (UUID)",
"code": "string",
"name": "string"
}
}
Response Example (409 Conflict)
{
"code": "integer (int32)",
"message": "string",
"details": ["string"]
}
Get list of members
GET /members
| Response | Description |
|---|---|
| 200 OK | Success |
| 400 Bad Request | Invalid request. See response body for details. |
| 401 Unauthorized | Unauthorized request. See response body for details. |
| 403 Forbidden | Permission denied. See response body for details. |
| 500 Internal Server Error | Unknown error. See response body for details. |
Response Example (200 OK)
[
{
"createdTimestamp": "string (date-time)",
"modifiedTimestamp": "string (date-time)",
"id": "string (UUID)",
"version": "number (int32)",
"bwId": "number (int32)",
"firstName": "string",
"middleName": "string",
"lastName": "string",
"number": "string",
"officeId": "string (UUID)",
"bwOfficeId": "number (int32)",
"inactiveDate": "string (date)",
"legalName": "string",
"primaryEmailAddress": "string",
"addressLine1": "string",
"addressLine2": "string",
"addressCity": "string",
"addressPostalCode": "string",
"addressProvinceCode": "string",
"addressCountryCode": "string",
"birthDate": "string (date)",
"typeId": "string",
"lwaId": "string (UUID)",
"memberTypeCode": {
"createdTimestamp": "string (date-time)",
"modifiedTimestamp": "string (date-time)",
"id": "string (UUID)",
"code": "string",
"name": "string"
}
}
]
Delete a specific member
DELETE /members/{memberId}
Path Parameters
| Parameter | Type | Description |
|---|---|---|
| memberId | string (UUID) |
| Response | Description |
|---|---|
| 200 OK | Member deleted. |
| 400 Bad Request | Invalid request. See response body for details. |
| 401 Unauthorized | Unauthorized request. See response body for details. |
| 403 Forbidden | Permission denied. See response body for details. |
| 404 Not Found | Member not found. |
| 500 Internal Server Error | Unknown error. See response body for details. |
Response Example (404 Not Found)
{
"code": "integer (int32)",
"message": "string",
"details": ["string"]
}
Get a specific member
GET /members/{memberId}
Path Parameters
| Parameter | Type | Description |
|---|---|---|
| memberId | string (UUID) |
Query Parameters
| Parameter | Type | Description |
|---|---|---|
| isBwId | boolean | Indicates whether the passed 'memberId' should be treated as the brokerWOLF id |
| Response | Description |
|---|---|
| 200 OK | Member found. |
| 400 Bad Request | Invalid request. See response body for details. |
| 401 Unauthorized | Unauthorized request. See response body for details. |
| 403 Forbidden | Permission denied. See response body for details. |
| 404 Not Found | Member not found. |
| 500 Internal Server Error | Unknown error. See response body for details. |
Update a member property
PATCH /members/{memberId}
Updates properties on the member entity. None of its child collections can be updated with this route.
Path Parameters
| Parameter | Type | Description |
|---|---|---|
| memberId | string (UUID) |
Request Example
{
"bwId": "number (int32)",
"firstName": "string",
"middleName": "string",
"lastName": "string",
"number": "string",
"officeId": "string (UUID)",
"bwOfficeId": "number (int32)",
"inactiveDate": "string (date)",
"legalName": "string",
"primaryEmailAddress": "string",
"addressLine1": "string",
"addressLine2": "string",
"addressCity": "string",
"addressPostalCode": "string",
"addressProvinceCode": "string",
"addressCountryCode": "string",
"birthDate": "string (date)",
"typeId": "string",
"lwaId": "string (UUID)",
"memberTypeCode": {
"createdTimestamp": "string (date-time)",
"modifiedTimestamp": "string (date-time)",
"id": "string (UUID)",
"code": "string",
"name": "string"
}
}
| Response | Description |
|---|---|
| 200 OK | Member updated. |
| 400 Bad Request | Invalid request. See response body for details. |
| 401 Unauthorized | Unauthorized request. See response body for details. |
| 403 Forbidden | Permission denied. See response body for details. |
| 404 Not Found | Member not found. |
| 412 Precondition Failed | Optimistic concurrency check failed. The If-Match header is missing or it does not contain the version currently in the database. |
| 500 Internal Server Error | Unknown error. See response body for details. |
Offices
Add new office
POST /offices
If the 'id' is passed in this object, the API will attempt to use that for its office id. If 'id' is null or undefined, the API will generate one.
Request Example
{
"id": "string (UUID)",
"bwId": "number (int32)",
"name": "string",
"shortName": "string",
"inactiveDate": "string (date)"
}
| Response | Description |
|---|---|
| 201 Created | Office created |
| 400 Bad Request | Invalid request. See response body for details. |
| 401 Unauthorized | Unauthorized request. See response body for details. |
| 403 Forbidden | Permission denied. See response body for details. |
| 409 Conflict | Office already exists. |
| 500 Internal Server Error | Unknown error. See response body for details. |
Response Example (201 Created)
{
"createdTimestamp": "string (date-time)",
"modifiedTimestamp": "string (date-time)",
"id": "string (UUID)",
"version": "number (int32)",
"bwId": "number (int32)",
"name": "string",
"shortName": "string",
"inactiveDate": "string (date)"
}
Get list of offices
GET /offices
| Response | Description |
|---|---|
| 200 OK | Success |
| 400 Bad Request | Invalid request. See response body for details. |
| 401 Unauthorized | Unauthorized request. See response body for details. |
| 403 Forbidden | Permission denied. See response body for details. |
| 500 Internal Server Error | Unknown error. See response body for details. |
Response Example (200 OK)
[
{
"createdTimestamp": "string (date-time)",
"modifiedTimestamp": "string (date-time)",
"version": "number (int32)",
"id": "string (UUID)",
"bwId": "number (int32)",
"name": "string",
"shortName": "string",
"inactiveDate": "string (date)"
}
]
Delete a specific office
DELETE /offices/{officeId}
Path Parameters
| Parameter | Type | Description |
|---|---|---|
| officeId | string (UUID) |
| Response | Description |
|---|---|
| 200 OK | Office deleted. |
| 400 Bad Request | Invalid request. See response body for details. |
| 401 Unauthorized | Unauthorized request. See response body for details. |
| 403 Forbidden | Permission denied. See response body for details. |
| 404 Not Found | Office not found. |
| 500 Internal Server Error | Unknown error. See response body for details. |
Get a specific office
GET /offices/{officeId}
Path Parameters
| Parameter | Type | Description |
|---|---|---|
| officeId | string (UUID) |
Query Parameters
| Parameter | Type | Description |
|---|---|---|
| isBwId | boolean | Indicates whether the passed 'officeId' should be treated as the brokerWOLF id |
| Response | Description |
|---|---|
| 200 OK | Office found. |
| 400 Bad Request | Invalid request. See response body for details. |
| 401 Unauthorized | Unauthorized request. See response body for details. |
| 403 Forbidden | Permission denied. See response body for details. |
| 404 Not Found | Office not found. |
| 500 Internal Server Error | Unknown error. See response body for details. |
Update an office property
PATCH /offices/{officeId}
Path Parameters
| Parameter | Type | Description |
|---|---|---|
| officeId | string (UUID) |
| Response | Description |
|---|---|
| 200 OK | Office updated. |
| 400 Bad Request | Invalid request. See response body for details. |
| 401 Unauthorized | Unauthorized request. See response body for details. |
| 403 Forbidden | Permission denied. See response body for details. |
| 404 Not Found | Office not found. |
| 412 Precondition Failed | Optimistic concurrency check failed. The If-Match header is missing or it does not contain the version currently in the database. |
| 500 Internal Server Error | Unknown error. See response body for details. |
Get list of office summaries
GET /offices/summary
| Response | Description |
|---|---|
| 200 OK | Success |
| 400 Bad Request | Invalid request. See response body for details. |
| 401 Unauthorized | Unauthorized request. See response body for details. |
| 403 Forbidden | Permission denied. See response body for details. |
| 500 Internal Server Error | Unknown error. See response body for details. |
Response Example (200 OK)
[
{
"id": "string (UUID)",
"name": "string",
"shortName": "string",
"inactiveDate": "string (date)"
}
]
Brokerages
Add new brokerage
POST /brokerages
If the 'id' is passed in this object, the API will attempt to use that for its brokerage id. If 'id' is null or undefined, the API will generate one. An internal token is needed to access this endpoint.
Request Example
{
"createdTimestamp": "string (date-time)",
"modifiedTimestamp": "string (date-time)",
"name": "string",
"shortName": "string",
"id": "string",
"companyTypeCode": "string",
"addressPostalCode": "string",
"addressCountryCode": "string"
}
| Response | Description |
|---|---|
| 201 Created | Brokerage created |
| 400 Bad Request | Invalid request. See response body for details. |
| 401 Unauthorized | Unauthorized request. See response body for details. |
| 403 Forbidden | Permission denied. See response body for details. |
| 409 Conflict | Brokerage already exists. |
| 500 Internal Server Error | Unknown error. See response body for details. |
Response Example (201 Created)
{
"createdTimestamp": "string (date-time)",
"modifiedTimestamp": "string (date-time)",
"name": "string",
"shortName": "string",
"id": "string",
"companyTypeCode": "string",
"addressPostalCode": "string",
"addressCountryCode": "string"
}
Retrieve all brokerages
GET /brokerages
This endpoint is internal only and requires an internal token. The response will be all brokerages in the database.
Query Parameters
| Parameter | Type | Description |
|---|---|---|
| filter | string | Filter that will be used to query the database. |
| Response | Description |
|---|---|
| 200 OK | Success |
| 400 Bad Request | Invalid request. See response body for details. |
| 401 Unauthorized | Unauthorized request. See response body for details. |
| 500 Internal Server Error | Unknown error. See response body for details. |
Delete a specific brokerage
DELETE /brokerages/{clientId}
Path Parameters
| Parameter | Type | Description |
|---|---|---|
| clientId | string (UUID) |
| Response | Description |
|---|---|
| 200 OK | Brokerage deleted. |
| 400 Bad Request | Invalid request. See response body for details. |
| 401 Unauthorized | Unauthorized request. See response body for details. |
| 403 Forbidden | Permission denied. See response body for details. |
| 404 Not Found | Brokerage not found. |
| 500 Internal Server Error | Unknown error. See response body for details. |
Get a specific brokerage
GET /brokerages/{clientId}
Path Parameters
| Parameter | Type | Description |
|---|---|---|
| clientId | string |
| Response | Description |
|---|---|
| 200 OK | Brokerage found. |
| 400 Bad Request | Invalid request. See response body for details. |
| 401 Unauthorized | Unauthorized request. See response body for details. |
| 403 Forbidden | Permission denied. See response body for details. |
| 404 Not Found | Brokerage not found. |
| 500 Internal Server Error | Unknown error. See response body for details. |
Member Types
Get a specific Member Type
GET /member-types
Path Parameters
| Parameter | Type | Description |
|---|---|---|
| id | string (UUID) |
| Response | Description |
|---|---|
| 200 OK | Member Type found. |
| 400 Bad Request | Invalid request. See response body for details. |
| 401 Unauthorized | Unauthorized request. See response body for details. |
| 403 Forbidden | Permission denied. See response body for details. |
| 404 Not Found | Brokerage not found. |
| 500 Internal Server Error | Unknown error. See response body for details. |
Response Example (200 OK)
{
"id": "string (UUID)",
"createdTimestamp": "string (date-time)",
"modifiedTimestamp": "string (date-time)",
"version": "number (int32)",
"code": "string",
"name": "string"
}
Retrieve all Member Types
GET /member-types
This endpoint is internal only and requires an internal token. The response will be all brokerages in the database.
Query Parameters
| Parameter | Type | Description |
|---|---|---|
| filter | string | Filter that will be used to query the database. |
| Response | Description |
|---|---|
| 200 OK | Success |
| 400 Bad Request | Invalid request. See response body for details. |
| 401 Unauthorized | Unauthorized request. See response body for details. |
| 500 Internal Server Error | Unknown error. See response body for details. |
Schema Definitions
HttpStatus400
Invalid request. See response body for details.
{
"code": "integer (int32)",
"message": "string",
"details": ["string"]
}
HttpStatus401
Unauthorized request. See response body for details.
{
"code": "integer (int32)",
"message": "string",
"details": ["string"]
}
HttpStatus403
Permission denied. See response body for details.
{
"code": "integer (int32)",
"message": "string",
"details": ["string"]
}
HttpStatus412
Optimistic concurrency check failed. The If-Match header is missing or it does not contain the version currently in the database.
{
"code": "integer (int32)",
"message": "string",
"details": ["string"]
}
HttpStatus500
Unknown error. See response body for details.
{
"code": "integer (int32)",
"message": "string",
"details": ["string"]
}
ApiError
| Field | Type | Description |
|---|---|---|
| code | integer (int32) | An error code. This is typically the same as the http status code but can be different in some cases. |
| message | string | Simple message about the error. |
| details | string[] | An array of strings holding more details about the error. |
{
"code": "integer (int32)",
"message": "string",
"details": ["string"]
}
Member
| Field | Type | Description |
|---|---|---|
| createdTimestamp | string (date-time) | |
| modifiedTimestamp | string (date-time) | |
| id | string (UUID) | |
| bwId | number (int32) | The brokerWOLF Id of the member. This should not be used by third party systems as this value could go away in the future. |
| version | number (int32) | The version of the member in the database. Used for optimistic concurrency checking. |
| firstName | string | |
| middleName | string | |
| lastName | string | |
| number | string | The brokerage specified number. |
| officeId | string (UUID) | |
| bwOfficeId | number (int32) | The brokerWOLF Id of the office. This should not be used by third party systems as this value could go away in the future. |
| inactiveDate | string (date) | The date the member went inactive. If this is null, the member is active. |
| legalName | string | The legal name of member. |
| primaryEmailAddress | string | The primary email address of a member. |
| addressLine1 | string | The address of a member. |
| addressLine2 | string | The second address of a member. |
| addressCity | string | The city of a member. |
| addressPostalCode | string | The postal code of a member. |
| addressProvinceCode | string | The province code of a member. |
| addressCountryCode | string | The country code of a member. |
| birthDate | string | The birth date of a member. |
| typeId | string | The type id of a member. |
| lwaId | string | The lwaId of a member. |
| memberTypeCode | string | The member type of a member. |
Office
| Field | Type | Description |
|---|---|---|
| createdTimestamp | string (date-time) | |
| modifiedTimestamp | string (date-time) | |
| id | string (UUID) | |
| version | number (int32) | The version of the office in the database. Used for optimistic concurrency checking. |
| bwId | number (int32) | The brokerWOLF Id of the office. This should not be used by third party systems as this value could go away in the future. |
| name | string | Main name of the office. |
| shortName | string | Short name for the office. |
| inactiveDate | string (date) | The date the office went inactive. If this is null, the office is active. |
Brokerage
| Field | Type | Description |
|---|---|---|
| createdTimestamp | string (date-time) | |
| modifiedTimestamp | string (date-time) | |
| version | number (int32) | The version of the brokerage in the database. Used for optimistic concurrency checking. |
| name | string | Main name of the brokerage. |
| shortName | string | Short name for the brokerage. |
| id | string | |
| companyTypeCode | string | Company Type Code for the brokerage. |
| addressPostalCode | string | Address Postal Code for the brokerage. |
| addressCountryCode | string | Country Code for the brokerage. |
Member Type
| Field | Type | Description |
|---|---|---|
| createdTimestamp | string (date-time) | |
| modifiedTimestamp | string (date-time) | |
| id | string | |
| version | number (int32) | The version of the brokerage in the database. Used for optimistic concurrency checking. |
| code | string | Member type code. |
| name | string | Name of the member type. |
Office Summary
| Field | Type | Description |
|---|---|---|
| id | string (UUID) | |
| name | string | Main name of the office. |
| shortName | string | Short name for the office. |
| inactiveDate | string (date) | The date the office went inactive. If this is null, the office is active. |
This is version 1.0.0 of this API documentation. Last update on Jun 23, 2026.