Skip to content

API

Jump to bottom
Bizley edited this page Jan 2, 2020 · 2 revisions

TimeClock offers API access for every registered user

To grant yourself API access go to Profile section and click blue Grant yourself API access at the bottom of page.

From that point you will see your API identifier and access key there together with yellow Change API key and red Revoke API access buttons on the right side and blue How to use API? button that redirect to API documentation.

Changing API key

In case you believe your API access has been compromised you can always change your API key to the new one (randomly generated) by clicking yellow Change API key button. Previous API key is not valid anymore in that case.

Revoking API access

If you don't need API access anymore you can always revoke it by clicking red Revoke API access button. API access will not be available anymore and API key will be removed.

How to use API?

API documentation at this page presents the way to use TimeClock API.

Authentication

Every request made to API must be authenticated with Bearer token sent in Authorization header.

Bearer token must be made like following:

API identifier:UNIX timestamp:checksum

where:

  • API identifier is integer provided at this page and not changing.
  • UNIX timestamp is integer with number of seconds since the beginning of Unix Epoch on January 1st, 1970 at UTC. You must provide current timestamp with every action. API will reject all requests older or younger by 1 minute from current time.
  • checksum is SHA1 hash that takes as input UNIX timestamp described above concatenated with your API access key.

Authenticating header would look like that for example:

Authorization Bearer 1:1547212119:75cd5237e42e6848f068e98acc9cacda6f6f4fcc

Available endpoints

Request and response examples are provided at API documentation page.

/api/sessions

  • View Session (GET, HEAD),
  • Sessions Index (GET, HEAD),
  • Create Session (POST),
  • Update Session (PUT, PATCH),
  • Delete Session (DELETE).

/api/off-times

  • View Off-Time (GET, HEAD),
  • Off-Times Index (GET, HEAD),
  • Create Off-Time (POST),
  • Update Off-Time (PUT, PATCH),
  • Delete Off-Time (DELETE).

/api/holidays

  • Holidays Index (GET, HEAD),
  • Fetch Holidays (POST).

/api/profile

  • View Profile (GET, HEAD),
  • Update Profile (PUT, PATCH).

/api/projects

  • View Project (GET, HEAD),
  • Projects Index (GET, HEAD).

/api/key

This request does not require authentication token.

With this POST request you can receive user ID and API key by providing user's PIN (PIN must be first generated at Profile page).

This action is provided in case you would like to create service app that allows employees to clock in and out using device (like tablet) so they can quickly sign in using their PIN and from that point API takes care of rest.

Clone this wiki locally