Programmatic API & Automation
Flask Track provides a fully supported, compliance-aware API that allows organizations to automate lab operations, integrate external systems, and enable intelligent agents β without bypassing governance or traceability.
The API supports both:
- Standard JSON-based REST usage
- Machine-Consumable Protocol (MCP) metadata for agent-based systems
All API actions are subject to the same compliance, authorization, and audit controls as the web application.
What the API Can Do
Using the API, authorized clients can programmatically:
Core Lab Operations
- Create and manage batches
- Create and manage samples
- Assign workflows to batches
- Query workflow schedules and execution state
Workflow Execution
- Mark workflow steps complete
- Revert or un-complete steps (where permitted)
- Record execution timestamps
- Attribute actions to authenticated users or service accounts
Compliance Operations
- Complete compliance checklists
- Submit checklist item status
- Upload evidence files for checklist items
- Create compliance events (incidents, deviations, notes)
Metadata & Discovery
- Query regulatory tags
- Inspect applicable checklists and scopes
- Retrieve audit history
- Enumerate catalog entities (species, ingredients, tools, etc.)
Compliance Is Always Enforced
The Flask Track API is not a backdoor.
Every API request is evaluated against:
- Regulatory tags
- Checklist requirements
- Authorization rules
- Approval gates
- Role-based access control
- Organization-level policy
If an action would be blocked in the UI, it is blocked via the API as well.
Audit Logging for API Actions
All API-driven actions are recorded in the immutable audit log with the same fidelity as UI actions.
Each log entry captures:
- Actor identity (user or service account)
- Authentication method
- Timestamp
- Entity affected
- Action performed
- Before/after state
- Reason or context (when provided)
Auditors cannot distinguish βAPI actionsβ from βUI actionsβ in terms of integrity β both are first-class.
Checklist Completion via API
The API supports structured checklist workflows, including:
- Querying applicable checklists for an entity
- Marking checklist items complete or incomplete
- Uploading evidence files (PDFs, images, documents)
- Associating evidence with specific checklist items
- Preserving submission timestamps and authorship
This enables:
- Automated instrumentation uploads
- Integration with LIMS or ELNs
- Batch evidence ingestion
- External QA system alignment
Evidence Uploads
Evidence files uploaded via the API:
- Are stored in the same file system as UI uploads
- Are linked to the same checklist items
- Appear in the File Explorer
- Are retained according to record retention policy
- Are immutable once submitted (unless policy allows removal)
MCP (Machine-Consumable Protocol) Support
Flask Track exposes rich metadata describing API capabilities to support MCP-compatible agents.
This enables:
- AI agents to discover allowed actions
- Safe automation within defined scopes
- Tool-aware execution planning
- Constraint-aware decision making
MCP metadata includes:
- Entity schemas
- Action definitions
- Required fields
- Permission requirements
- Compliance preconditions
- Side effects and state transitions
This allows autonomous or semi-autonomous agents to operate without violating compliance rules.
Typical API Use Cases
- Automated batch creation from upstream systems
- Robotic or instrument-driven step completion
- Environmental monitoring systems logging incidents
- ELN or LIMS synchronization
- AI-assisted protocol execution
- Regulatory reporting pipelines
- High-throughput production environments
Service Accounts & Authentication
API access supports:
- User-authenticated tokens
- Service accounts scoped to organizations
- Role-based permission enforcement
- Token rotation and revocation
Service accounts are visible in audit logs just like users.
Design Philosophy
The API is designed to be:
- Execution-aware β understands workflow state
- Compliance-native β enforces rules automatically
- Audit-first β nothing happens without a trace
- Agent-safe β suitable for AI and automation
- UI-equivalent β no special privileges
Automation should increase reliability, not risk.
Summary
| Capability | Supported |
|---|---|
| Batch & sample creation | β |
| Workflow execution | β |
| Checklist completion | β |
| Evidence upload | β |
| Compliance events | β |
| Audit logging | β |
| MCP metadata | β |
Flask Track's API allows labs to scale, automate, and innovate β without sacrificing control or compliance.