Authentication

All API requests must be authenticated. The Zeitstrom API supports multiple authentication methods depending on your use case.

HEADERAuthorization: Token ...

API Token

API tokens provide long-lived, scoped access to the API. Each token can be restricted to specific endpoints, giving you fine-grained control over what an integration is allowed to do.

API tokens require the Enterprise plan. To obtain a token, log in to your Zeitstrom account and contact support.

Include the token in the Authorization header of every request:

Authorization Header

curl -X GET "https://api.zeitstrom.com/api/v2/employees/employees/" \
  -H "Authorization: Token 9944b09199c62bcf9418ad846dd0e4bbdfc6ee4b"

Token Permissions

Each API token has a permissions field that controls which endpoints it can access. When a token does not have permission for a given endpoint, the API returns a 403 Forbidden response.

HEADERAuthorization: Bearer ...

OAuth2

OAuth2 is the standard authentication method used by the Zeitstrom mobile apps and can be used for integrations that act on behalf of a user.

The OAuth2 flow issues an access token via the token endpoint:

Request an Access Token

curl -X POST "https://api.zeitstrom.com/o/token/" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=password&username=user@example.com&password=yourpassword"

Use the returned access token in subsequent requests:

Authenticated Request

curl -X GET "https://api.zeitstrom.com/api/v2/employees/employees/" \
  -H "Authorization: Bearer your_access_token"

Was this page helpful?