API Key Management
Create and manage authenticated access credentials
elk_k8x2...f9m1
READ
elk_p4n7...a2v6
READ
WRITE
Each API key has named permissions (read, write) and can be revoked instantly. Keys are scoped to the organisation tenant.
Query Access Control
Enable or disable data endpoints per organisation
Reports
List and retrieve incident reports
Report (Single)
Retrieve individual report by identifier
Field-Level Visibility
Granular control over which data fields are exposed
Report Fields
Report ID
Codename
Created Date
Status
Report Type
Activities
Tags
Contacts
Custom Fields
Responses
Deny-by-default model. No data is shared until explicitly enabled by an administrator. Disabled fields are completely hidden from the API - they do not appear in the schema or responses.
Webhook / Event Configuration
Configure outbound event notifications
Case Management Webhook
https://client.example.com/api/elker-events
Analytics Pipeline
https://analytics.example.com/ingest
Consent & Preference Management
Data sharing respects reporter consent choices
Consent-aware API filtering
Only share data where reporter consent has been granted
Data retention enforcement
Automatically exclude expired or deleted records from API
Deletion propagation
Notify subscribers when data is deleted (right to erasure)
| Capability | How Elker Addresses It |
|---|---|
| Full Stack API | Tiered architecture: Gateway → Experience API → Business Logic → Data Store |
| Front End Integration | Any frontend queries the External API directly via HTTPS/JSON |
| API ↔ Database | Full CRUD operations. Two-way including delete. |
| ETL Extraction | Scheduled API extraction. Paginated bulk queries with field controls. |
| Secure Transfer | TLS 1.2+ in transit. AES-256 at rest. API key authentication. |
| Pub/Sub Events | Configurable webhooks with retry logic, custom headers, active/inactive control. |
| Data Warehouse | API-based extraction for BI tools. Field-scoped data, tenant-isolated. |
| Consent & Preferences | Consent tracking, retention policies, deletion propagation via API & webhooks. |
All controls are admin-configurable through the Elker platform UI. No code changes or vendor involvement required to adjust data sharing settings.