Authentication Overview

Our APIs are using OpenID Connect & OAuth 2.0 for authentication and authorization. OpenID Connect extends OAuth 2.0. The OAuth 2.0 protocol provides API security via scoped access tokens, and OpenID Connect provides user authentication and single sign-on (SSO) functionality.

Your application will be given an API key and secret which are necessary for the making the authentication call. Please contact your sales representative if you do not have your API key and secret.

Warning: Treat your secret API keys as you would any other password. Grant access only to those who need it. Your client credentials carry many privileges, so be sure to keep them secure!

Using your Key and Secret

Request a bearer token that will be used as an access token when making calls to resources.

This is done by making a POST to the token_endpoint to retrieve the access_token.

Request body schema: application/x-www-form-urlencoded
grant_type: client_credentials
client_id: API key
client_secret: API secret
tenantid: Tenant Id
scope: hrp.admin schp.admin cfgp.admin top.admin tap.admin dvp.admin

Response Schema: application/json
token_type: Bearer
access_token: The token which will be used for making future calls
expires_in: Number of seconds remaining before the token expires
scope: cfgp.admin dvp.admin hrp.admin schp.admin tap.admin top.admin

Security Definitions

Token endpoint

Security flow
– client_credentials: The client credentials flow is a server to server flow. There is no user authentication involved in the process

Security scopes
– tap.admin: Time and Attendance management
– schp.admin: Schedules management
– top.admin: Time Off management
– hrp.admin: Human Resources management
– dvp.admin: Device management
– cfgp.admin: Configuration

Access token
– JWT token

Making API Requests

To make an API request using the access_token you just need to send it in the Authorization header like this:

Authorization: Bearer access_token

Public API URL: