API & Webhooks
RESTful API and webhook notifications for custom integrations and automation.
What you get
Included in every plan, no extra cost.
RESTful API with JWT authentication and rate limiting (100 req/hour)
Webhook events: shift.assigned, shift.completed, invoice.approved, and more
HMAC-SHA256 signed webhooks for secure payload verification
CSV import/export: bulk import staff, events, shifts from spreadsheets
OpenAPI documentation with interactive Swagger UI
How it works
Three simple steps to get started.
Generate API Key
Admin creates API key in settings. System generates JWT token with org-scoped permissions.
Configure Webhooks
Add webhook endpoint URL. Choose events to subscribe to (shift updates, approvals, etc.).
Integrate & Automate
Use API to read/write data. Receive webhook notifications when events occur. Build custom workflows.
Security & Compliance
Enterprise-grade protection built in
- API keys scoped per org (can't access other tenants' data)
- JWT tokens expire after 24 hours (refresh tokens available)
- Webhook signatures verified (HMAC-SHA256 prevents replay attacks)
- Rate limits: 100 API requests per hour per tenant (upgradable on request)
- Audit trail: every API call logged with endpoint, status, and timestamp
Plan Availability
API access and webhooks included in all plans. Enterprise customers can request higher rate limits.
Frequently asked questions
Everything you need to know about API & Webhooks.
Full CRUD for staff, events, shifts, clients, invoices, and more. See OpenAPI docs for complete endpoint list.
Yes. Use CSV import endpoints for bulk staff/event creation. API also supports batch operations (up to 100 records).
Compute HMAC-SHA256 of payload using your webhook secret. Compare to X-EventOn-Signature header. Code examples in docs.
Yes. Enable 'Test mode' in settings. API keys created in test mode access test data only (doesn't affect production).
Ready to get started?
Book a demo to see how this feature can transform your staffing operations.