Timesheet API (1.0)

Download OpenAPI specification:Download

timehseet.io provides a REST API that can be accessed directly from another web application or from within a Javascript single page application. The API can be used from any programming language.

This API should be used if you want to create new data in Timesheet or extract data from Timesheet.

Please email support@timesheet.io if you have questions or need help while using the API.

Oauth2 Authentication

timesheet.io uses the OAuth 2.0 protocol for authentication and authorization. Oauth2 allows authorization without the external application getting the user's email address or password. Instead, the external application gets a token that authorizes access to the user's account. The user can revoke the token for one application without affecting access by any other application.

Registering an Application

An external application must be registered with timesheet.io before it can use Oauth2 to authenticate users. A registered application can be used by all users of timesheet.io, not just the users of the account of the person registering the application. However, registered applications are not discoverable—simply registering your application does not make it visible to any other timesheet.io users.

Register your application

Once an application is registered you can use the client_id, client_secret and redirect_url in the authorization flow.

Authorization Flow

To authorize an external application to authenticate as a user, the application uses browser redirects to send the user to timesheet.io.

1. Redirect user to request access

The user should be redirected in their browser to the Ouath2 authorize URL, passing the application specific parameters:

GET https://api.timesheet.io/oauth2/auth

Parameters

  • client_id: Required. The client ID created when the application was registered.
  • redirect_uri: Required. The URL where the user will be redirected after they have authorized the application. This must be the same as the redirect URL provided when the application was registered.
  • response_type: Required. Controls which flow will be used to return the access_token. Using a value of code will use the authorization code flow.

2. timesheet.io redirects user back to application

Once the user authorizes the application their browser will be redirected back to the redirect_uri. timehseet.io will include a parameter in the URL named code which must be exchanged for the access token by making another request to timesheet.io in the next step.

3. Request access token

The application exchanges the code from the previous step for an access token. In this step the application uses its secret which provides an additional level of security since timesheet.io can be sure that it is an authorized application that is making the request on behalf of the user.

POST https://api.timesheet.io/oauth2/token

Parameters

  • code: Required. The code value that was returned by the previous step in the flow.
  • client_id: Required. The client ID created when the application was registered.
  • client_secret: Required. The client secret that was created when the application was registered.
  • grant_type: Required. Must contain the value authorization_code.
  • redirect_uri: Required. This must be the same as the redirect URL provided when the application was registered.

The response to this POST will be a JSON string containing the access token and refresh token that can then be used to access the API.

Pagination

When you're making calls to the API, there'll be a lot of results to return. For that reason, we paginate the results to make sure responses are easier to handle. We recommend you to set the limit parameter in every request to ensure you know how many results per page you'll get. The default limit is 100 items per page. You can paginate through the results with the page parameter, starting with 1. If you set the limit to 10 and page to 1 you will get the results from 1-10. If you set the limit to 10 and page to 2, you'll get the results from 11-20.

Webhook

Endpoint to retrieve and manage webhooks.

List webhooks

List webhooks.

query Parameters
sort
string
order
string
page
integer <int32>
limit
integer <int32>

Responses

200

List of webhooks

401

Not authorized

get /v1/webhooks

Production Server

https://api.timesheet.io/v1/webhooks

Response samples

Copy
Expand all Collapse all
{
  • "items":
    [
    ],
  • "params":
    {
    }
}

Create webhook

Create a new webhook

Request Body schema:
target
string
event
string

Responses

200

Webhook

401

Not authorized

post /v1/webhooks

Production Server

https://api.timesheet.io/v1/webhooks

Request samples

Copy
Expand all Collapse all
{
  • "target": "string",
  • "event": "string"
}

Response samples

Copy
Expand all Collapse all
{
  • "id": "string",
  • "target": "string",
  • "event": "string",
  • "user": "string",
  • "deleted": true,
  • "lastUpdate": 0,
  • "created": 0
}

Get webhook

Get webhook by id.

path Parameters
id
required
string

Responses

200

Webhook

401

Not authorized

get /v1/webhooks/{id}

Production Server

https://api.timesheet.io/v1/webhooks/{id}

Response samples

Copy
Expand all Collapse all
{
  • "id": "string",
  • "target": "string",
  • "event": "string",
  • "user": "string",
  • "deleted": true,
  • "lastUpdate": 0,
  • "created": 0
}

Update webhook

Update webhook by id.

path Parameters
id
required
string
Request Body schema:
target
string
event
string
deleted
boolean

Responses

200

Webhook

401

Not authorized

put /v1/webhooks/{id}

Production Server

https://api.timesheet.io/v1/webhooks/{id}

Request samples

Copy
Expand all Collapse all
{
  • "target": "string",
  • "event": "string",
  • "deleted": true
}

Response samples

Copy
Expand all Collapse all
{
  • "id": "string",
  • "target": "string",
  • "event": "string",
  • "user": "string",
  • "deleted": true,
  • "lastUpdate": 0,
  • "created": 0
}

Remove webhook

Remove webhook by id.

path Parameters
id
required
string

Responses

200

Entry deleted

401

Not authorized

delete /v1/webhooks/{id}

Production Server

https://api.timesheet.io/v1/webhooks/{id}

Search webhooks

Search webhooks by the given parameters.

Request Body schema:
search
string
sort
string
order
string
count
integer <int32>
page
integer <int32>
limit
integer <int32>
event
string
offset
integer <int32>

Responses

200

List of webhooks

401

Not authorized

post /v1/webhooks/search

Production Server

https://api.timesheet.io/v1/webhooks/search

Request samples

Copy
Expand all Collapse all
{
  • "search": "string",
  • "sort": "string",
  • "order": "string",
  • "count": 0,
  • "page": 0,
  • "limit": 0,
  • "event": "string",
  • "offset": 0
}

Response samples

Copy
Expand all Collapse all
{
  • "items":
    [
    ],
  • "params":
    {
    }
}

Profile

Endpoint to retrieve and manage the current user.

Delete profiles data

Delete data of the user

Responses

200

Entry deleted

401

Not authorized

delete /v1/profiles/deleteData

Production Server

https://api.timesheet.io/v1/profiles/deleteData

Get profile

Retrieves the profile of the current user.

Responses

200

Profile

401

Not authorized

get /v1/profiles/me

Production Server

https://api.timesheet.io/v1/profiles/me

Response samples

Copy
Expand all Collapse all
{
  • "expires": 0,
  • "permission": 0,
  • "status": 0,
  • "plan": 0,
  • "members": 0,
  • "email": "string",
  • "paymentOption": "string",
  • "imageUrl": "string",
  • "business": "string",
  • "taxId": "string",
  • "firstname": "string",
  • "lastname": "string",
  • "street": "string",
  • "city": "string",
  • "state": "string",
  • "zip": "string",
  • "country": "string",
  • "countryName": "string",
  • "language": "string",
  • "includeTaxForBusiness": true,
  • "newsletter": true,
  • "gdprConsent": true,
  • "invited": true,