Available Data and Options
Our Open API provides access to receive and update key information from the system. It also allows third party systems or providers to interact with the data.
Below is a summary of the current options:
- Access, create and update account information
- Access, create and update shifts
- Access, create and update time entries
- Access, create and update absence periods
- Access roles, venues, shift tasks and pay elements
- Access shifts assigned to my account, accept/reject them (if allowed) and provide an external worker name (useful for agency integrations)
API Access & configuration
To use the API, you must have an active account within the system. If you intend to have a separate system access the API then you may wish to create a dedicated account to do this.
For a dedicated account, we recommend setting up an API access level ( System > Levels & Permissions > Manage Levels). Note that within a level, you can set the account type to API only. This will block them logging in to the main interface and only give the user access via the API.
For any level, you can now add which API permissions you want to grant to them. These are all within the manage permissions page (System > Levels & Permissions > Manage Permissions).
Once the account has general permission to access the API, they will have access to a new page under My Account called API Access. For accounts that do now allow them to log into the normal interface, this can also be accessed under their profile page.
You will be able to view and replace your API User and API key from this page.
When replacing an API key, the system will allow both keys to be used for 14 days to allow a smooth migration. You can cancel the old key instantly on this management page too.
This page also allows you to restrict the use of the API User and Key to specific IP addresses.
On the right hand side of the page will also be a log of all authorisation requests for this API user.
Once you have your API User and API Key then you can access the API.
Using the API
The API endpoint is [your instant url]/api/v1/
The API uses an authorization bearer token to give you access to the data. To generate a token, you need to request it via the /auth endpoint passing in the following variables. They can be passed in the GET, POST or REQUEST HEADER.
X-user: your API User ID
X-key: your API Key
You will be returned a token. This then must be passed with any request within the Authorization Header to allow access to the endpoint.
The tokens will expire after a period of inactivity and you will receive an authorised response.
Responses & Errors
The API will return standard HTTP response codes for all requests. In addition, further details of the error may be included in the response.
All responses will be in a JSON format with standardised formatting across the API version.
The latest documentation is available at https://api.staffsavvy.com/
This provides example code and details on the various API methods and options.