Download OpenAPI specification:Download
timehseet.io provides a REST API that can be accessed directly from another web application or from within a Javascript single page application. The API can be used from any programming language.
This API should be used if you want to create new data in Timesheet or extract data from Timesheet.
Please email support@timesheet.io if you have questions or need help while using the API.
timesheet.io uses the OAuth 2.0 protocol for authentication and authorization. Oauth2 allows authorization without the external application getting the user's email address or password. Instead, the external application gets a token that authorizes access to the user's account. The user can revoke the token for one application without affecting access by any other application.
An external application must be registered with timesheet.io before it can use Oauth2 to authenticate users. A registered application can be used by all users of timesheet.io, not just the users of the account of the person registering the application. However, registered applications are not discoverable—simply registering your application does not make it visible to any other timesheet.io users.
Once an application is registered you can use the client_id
, client_secret
and redirect_url
in the authorization flow.
To authorize an external application to authenticate as a user, the application uses browser redirects to send the user to timesheet.io.
The user should be redirected in their browser to the Ouath2 authorize URL, passing the application specific parameters:
GET https://api.timesheet.io/oauth2/auth
access_token
. Using a value of code
will use the authorization code flow.Once the user authorizes the application their browser will be redirected back to the redirect_uri
.
timehseet.io will include a parameter in the URL named code
which must be exchanged for the access token by making another request to timesheet.io in the next step.
The application exchanges the code from the previous step for an access token. In this step the application uses its secret which provides an additional level of security since timesheet.io can be sure that it is an authorized application that is making the request on behalf of the user.
POST https://api.timesheet.io/oauth2/token
authorization_code
.The response to this POST will be a JSON string containing the access token and refresh token that can then be used to access the API.
The Client Credentials grant is used when applications request an access token to access their own resources, not on behalf of a user.
The application uses its secret to request an access token.
POST https://api.timesheet.io/oauth2/token
client_credentials
.The response to this POST will be a JSON string containing the access token and refresh token that can then be used to access the API.
When you're making calls to the API, there'll be a lot of results to return. For that reason, we paginate the results to make sure responses are easier to handle. We recommend you to set the limit
parameter in every request to ensure you know how many results per page you'll get.
The default limit
is 100 items per page. You can paginate through the results with the page
parameter, starting with 1
.
If you set the limit
to 10
and page
to 1
you will get the results from 1-10
. If you set the limit
to 10
and page
to 2
, you'll get the results from 11-20
.
List webhooks.
sort | string |
order | string |
page | integer <int32> |
limit | integer <int32> |
{- "items": [
- {
- "id": "string",
- "target": "string",
- "event": "string",
- "user": "string",
- "deleted": true,
- "lastUpdate": 0,
- "created": 0
}
], - "params": {
- "search": "string",
- "sort": "string",
- "order": "string",
- "count": 0,
- "page": 0,
- "limit": 0,
- "offset": 0
}
}