API authentication in Staffjoy are currently tied to a user account.

We offer both permanent api keys and time-based tokens.

API Keys

Issue an API key while logged in through API Keys on the My Account page.

Assign a label while issuing the token in order to keep track of what it is being used for. The key will be shown once, after which it will never be shown again. You will receive an email that the key has been issued.

Through this page, you may also view issued keys, see the last time they were used, and revoke them.

API keys do not expire. API keys may be revoked. The API key has the permissions of the associated user, and actions appear as if they were that user. If the associated user has its permissions changed, such as being removed from an organization, then the functionality of the key will change.

We recommend that different systems have different API keys for security purposes.

Time-Based Tokens

Staffjoy supports time-based tokens that expire after a set amount of time. These tokens are tied to the user session, and used primarily in our applications. If you require access to this method of authentication, please contact support.