User API

Uppdaterad 3/9/20 av Johannes Nordman

User API

We have opened up parts of our User API for our external partners and customers to be able to integrate with. The user API will continue to evolve and the base of the actions done by the employees in the mobile application.

We allow for the following data to be available:

  • Shift data
    • employees upcoming 20 shifts (nothing beyond published date).
    • Unassigned 20 upcoming shifts(nothing beyond published date).
      Info returned:
      • Employee name
      • Date and from and to time
      • Unit name and Shift type name
      • Break(s) from and to time.
      • Total break duration in minutes 
      • Section name
      • Shift Id (hashed for security reasons)
  • Leave applications
    • All historic leave app
    • All upcoming leave app
      Info returned:
      • Leave reason name
      • Employee name
      • From date & time - to date and time.
      • Date & time when the leave applications was sent
      • Status of the leave application (denied, pending or approved)
      • Employee’s comment in leave application
      • All-day True or False, the flag shows whether the leave application has been created for part of the day or the whole day
      • Leave application Id (hashed for security reasons)

Technical description

The user API will be exposed on following URLs: user-api-rc.quinyx.com and user-api.quinyx.com each reflecting RC and production environment.

Current API version is v2 so all routes will have v2 prefix in front of them. Swagger documentation is available and can be accessed here user-api-rc.quinyx.com/v2/docs and user-api.quinyx.com/v2/docs.

We currently have 3 endpoints in the User API:
POST /oauth/token

This will be used to get access token (which is used to access other endpoints that are secured) and refresh token (which is used to generate new access tokens). Default life time for the access token is 15 minutes, and for the refresh token is 30 days.

To get tokens using employee login credentials grantType needs to be set to password and sent together with the username and password. Content-Type header should be set to application/json and request body can look like this:

{"grantType": "password","username": "empployeeEmailInTheQuinyxApp","password": "empployeePasswordInTheQuinyxApp"}

To get new tokens using existing refresh token grantType needs to be set to refresh_token and sent together with the refreshToken. Refresh token can be used only once so it must be replaced by newly received refresh token. Content-Type header should be set to application/json and request body can look like this:

{"grantType": "refresh_token","refreshToken": "receivedRefreshToken"}

Received access token obtained above should be passed with each call - this should be done in the form of request header, such as: header 'Authorization: Bearer <token>'.

GET /users/leave-applications

This endpoint will return all upcoming leave applications, starting from today, or historical applications, ending today or earlier. To show upcoming leave applications filter parameter in query string should be set to upcoming (?filter=upcoming), and to show historical leave applications filter parameter in query string should be set to historical (?filter=historical).

GET /users/shifts

This endpoint will return employee upcoming or unassigned shifts. Number of shifts in the response is limited to 20 shifts, and search will be performed only in published period, up to 90 days in the future. To show upcoming shifts filter parameter in query string should be set to upcoming (?filter=upcoming), and to show unassigned shifts filter parameter in query string should be set to unassigned (?


Fick du hjälp?