TATER Ops — Email-to-Ticket & Self-Service Portal

Two ways to take requests from outside the app: forward emails into Ops via Power Automate, or share a hosted self-service portal URL with end users. Both use the same token-gated public intake endpoint.

How it works

TATER Ops exposes a single anonymous endpoint POST /api/tasker/intake that accepts a JSON request body and creates a task in the target organization. Authentication is via a per-org intake token (a random secret you generate). The token, combined with the org and tenant IDs, scopes the submission to your organization.

Why a token?

The intake endpoint is anonymous (no Microsoft login required for the requester) — the token tells TATER which org the request belongs to and prevents random internet traffic from creating tasks in your tenant. Treat the token like a password.

Step 1 — Generate an intake token

Sign in to ops.tatersecurity.com as an OrgAdmin.
Open Settings → Public Intake.
Click ↻ Generate. A random 50-character token like tkn_a1b2c3d4... is created.
Click Save Intake Settings to persist.

You can regenerate the token at any time. Doing so immediately invalidates the old token — any Power Automate flow or self-service portal URL using the old token will start failing with 401 BAD_TOKEN.

Self-Service Portal

The portal is a hosted single-page form at https://ops.tatersecurity.com/request.html (or app.tatersecurity.com/request.html). The token, organization ID, and tenant ID are passed in the URL.

Getting your portal URL

In Settings → Public Intake, after generating a token, the portal URL appears in the second field.
Click 📋 to copy it.

The URL looks like:

https://ops.tatersecurity.com/request.html
  ?token=tkn_a1b2c3d4...
  &organizationId=org-abcdef1234
  &tenantId=00000000-0000-0000-0000-000000000000

Embed in your intranet under "Submit a Request" or "Helpdesk"
Add a link in your employee handbook
Bake into a SharePoint site
Distribute as a QR code (e.g. for facility issue reporting)

What requesters see

The form collects:

Subject (required)
Email (required) — used as the requester identity
Name (optional)
Category — pre-populated from a default list
Priority — Low / Normal / High / Critical
Details (required, max 10K chars)

On successful submission, the requester sees a confirmation with a short reference ID. The task lands in TATER Ops with via: 'self-service' and createdBy: 'intake:public'.

Email-to-Ticket via Power Automate

Use a Power Automate flow to convert each new email in a shared mailbox into a TATER Ops task. The flow is the bridge between Outlook and the intake endpoint.

Prerequisites

An Outlook/Exchange shared mailbox (e.g. helpdesk@yourcompany.com) that you own or have access to.
A Power Automate plan (included with most Microsoft 365 business plans).
An intake token from Step 1.

Building the flow

Sign in to Power Automate.
Click + Create → Automated cloud flow.
Trigger: "When a new email arrives in a shared mailbox (V2)". Set the mailbox to your helpdesk address.
Add an action: HTTP (Premium connector — included in many M365 plans, contact your tenant admin if missing).

Configure the HTTP action:

Method: POST
URI: https://api.tatersecurity.com/api/tasker/intake
Headers:
- Content-Type: application/json

Body (JSON):

{
  "token": "tkn_a1b2c3d4...",
  "organizationId": "org-abcdef1234",
  "tenantId": "00000000-0000-0000-0000-000000000000",
  "title": "@{triggerOutputs()?['body/Subject']}",
  "description": "@{triggerOutputs()?['body/Body']}",
  "requesterEmail": "@{triggerOutputs()?['body/From']}",
  "requesterName": "@{triggerOutputs()?['body/Sender/Name']}",
  "category": "IT",
  "priority": "Normal",
  "source": "email"
}

Save and turn on the flow.
Send a test email to the helpdesk address. You should see a new task appear in TATER Ops within ~30 seconds.

Stripping email signatures

Real-world emails come with quoted history, signatures, and disclaimers. Add a Power Automate Compose step before the HTTP action to clean the body — for example, split on common signature markers (--, "Sent from my iPhone", "From:") and keep only the first chunk.

Routing emails by mailbox

Run separate flows for each shared mailbox to route into different categories:

helpdesk@ → category: "IT"
hr@ → category: "HR"
ap@ → category: "AP"
facilities@ → category: "Operations"

Each flow uses the same intake token but a different default category and priority.

Security & Privacy

The intake token is the only secret. Anyone with it can post tasks to your org.
The endpoint is rate-limited (write tier — 30 req/min per IP) so flooding attempts trip the throttle.
Submissions write directly to your Cosmos DB partition with full tenant/org isolation.
Each task is audit-logged with via: 'self-service' or via: 'email-intake' for downstream filtering.
Rotate the token periodically. Update Power Automate flows and replace the portal URL where it's published.

API reference

Endpoint: POST /api/tasker/intake

Auth: intake token via ?token= query, x-tater-intake-token header, or token body field.

Body:

{
  "tenantId":      "00000000-0000-0000-0000-000000000000",
  "organizationId":"org-abcdef1234",
  "title":         "Subject of the request",
  "description":   "Full body / details",
  "requesterEmail":"requester@example.com",
  "requesterName": "Optional Display Name",
  "contactEmail":  "alt-contact@example.com",
  "category":      "IT",
  "priority":      "Normal",
  "source":        "email"  | "self-service"  | "public"
}

Returns:

201 Created
{ "ok": true, "ticketId": "<short-id>" }

Errors:

401 NO_TOKEN — token missing
401 NO_INTAKE — token doesn't match any org settings document
401 BAD_TOKEN — token doesn't match what's stored
400 BAD_REQUEST — missing required fields
429 RATE_LIMIT — too many requests in 60s