API Authentication

All APIs use a common authentication method, exchanging the normal username and password required to access the system with a refresh token and access token.

Refresh tokens expire every 6 months, access tokens expire every 30 minutes.

Retrieve a Refresh Token:

GET https://api.hrapi.co.uk/api/token/

Using username and password basic authentication, alongside a grant_type header of password, the API returns the following:

{
"refresh_token": "new token",
"access_token": "new token"
}

Retrieve an Access token:

GET https://api.hrapi.co.uk/api/token/

The refresh token retrieved above can now be used for Bearer token based authentication. Alongside a grant_type header of refresh_token the API returns the following:

{
"refresh_token": "refresh token used in the request",
"access_token": "new token"
}

The access token can now be used for Bearer token based authentication on all subsequent API end points.

Related topics:

Create an API User

API Custom Fields endpoint