API Endpoints
The api resources are exposed over two possible domains, as described below:
Type | Description | Value |
Tenant URL | This will be the url of your AgyleTime tennant - ie the same domain as you use to login in to Agyle Tim - for example https://acme.cloud.agyletime.io. All resource endpoints are prefixed with /api - for example https://acme.cloud.agyletime.io/api/authorisation/token | <tenant">https:// subdomain.cloud.agyletime.io</tenant"> |
Regional URL |
The regional domains are based on the location that your tenant has been provisioned in. This may be one of EU, APAC (AU), US. API's exposed on the regional domains do not have the /api prefix. For example: https://api-us.cloud.agyletime.io/metrics/schedule |
One of:
|
The default currently is the tenant based url, and all apis that are exposed on the regional endpoints are explicitly called out in the documentation. If it is not explicitly mentioned as the regional endpoint, it will be the tenant based one.
Authentication and Authorisation
Access to the apis is controlled through an oAuth2 style client flow. The client application needs to make a request to be issued a token that will provide controlled access the API endpoints. See the diagram below:
The initial request to receive a token has your access key id and access key secret in the format : which is then base64 encoded and passed in the authorisation header (ie. HTTP basic).
Once this request is validated, a Bearer token will be returned which should be used in all subsequent requests to api protected resources.
We currently support the JWT Bearer token authorisation grant type for OAuth 2.0. In order to access resources you need an access token. The Bearer flow involves the following steps:
- Create an identifier and secret following the instructions here. Make note of the identifier and secret.
- The application makes a request for an oAuth token by accessing the {{host}}/api/authority/token endpoint. This is secured using HTTP basic authentication, using the identifier (username) and secret (password) previously created.
- Agyle Tiime validates the signatures and issues a bearer token, that is a JWT token HMAC SHA256 signed with some additional claims in the payload.
- organisation_id
- iat - issued at time
- exp - expiry time
- All subsequent access to the API's should include the access token in the Authorization header in the format 'Bearer '
Token Expiry
The access token expiry time is included in the access token. You should be prepared to handle expiry, and it is better to anticipate token expiry rather than react to it.
Reference: Authority
Data Formats and JSON Structures
We make use of the Google style guide for JSON, which may be found here. Of particular note is the format of dates / times which should be passed in an ISO8601 / RFC 3339 ie. 2007-11-06T16:34:41.000Z
API Response
The response is formed from the combination of the HTTP status code, to indicate overall success of the request, and the returned JSON payload, which contains any application specific response information.
Success response
A success response will normally make use of HTTP 201 / 200, and the response body. Some requests may return a 204 response with no body - typically used for indication that a resource has been successfully deleted. The response body is based on the JSend format, and will normally contain the following fields
Field Name
|
Value
|
Description / Comments
|
---|---|---|
status | success | This indicates success, although this is a little unneccessary, as the HTTP response code indicates success (ie. 200 / 201). |
Result | 0 | An application result code for the request. This is a an optional field and may not be provided. |
Message | Success | Human readable string representation of the result. This is optional |
data | Any data returned by the specific API endpoint. This may be a JSON representation of a resource or a reference to it. |
An example success response is shown below
{
"status": "success",
"result": 0,
"data": {
"identifier": "id-00111",
"type": "Workstream",
"location": "/api/workactivity/workstreams/id-00111"
}
}
Pagination
API endpoints that return large amounts of data will make use of pagination to restrict the size of a single response. When using an API that uses pagination the following applies:
1. Additional query parameters
The following additional query parameters may be passed to make use of pagination:
- pageLimit - an integer value that indicates the maximum number of data elements to include in the response
- nextPageToken - for every page subsequent to the first one, the next page token should be provided to indicate the starting position for the results.
For example:
GET {{regionalhost}}/organisation/users?pageLimit=10&nextPageToken=606ea7753a071700083f4993
2. Query Results
The query results will include the following fields:
- itemsCount - the number of items returned in this page
- nextPageToken - the next page token if there are remaining pages of data that match the query
- pageLimit - the pageLimit (as passed in through the query parameters, or as defaulted / constrained by the API)
For example:
{
"result": 0,
"message": "Success",
"status": "success",
"data": [...
],
"itemsCount": 10,
"nextPageToken": "607542ffdb7711000870ff0f",
"pageLimit": 10
}
Failure Response
Normal HTTP failure responses may be received, and the application will also return the following status codes:
- 401 - If not authorised access to the API or resource
- 404 - If the specified resource does not exist.
- 400 or 409 - If some of the data provided to the API is not valid or missing.
- 422 - in the event of a business pre-condition or rule not being complied with.
- 500 - If Agyle time failed to process the request.
The body of the response will normally include the following:
Field Name
|
Value
|
Description / Comments
|
---|---|---|
status | error | An indication that the request failed. |
Result | 0 |
An optional error code for the result. Authorisation related responses common across all services include:
|
message | A reason for the failure. | |
data | An optional additional data section to include any information pertinent to the error. |
In the event of missing or invalid API parameters, the API response will be a 400 / 409 response with a response body similar to:
{
"status": "error",
"message": "identifier (MISSING): Field is required, type (MISSING): Field is required",
"code": "BadRequest",
"result": "BadRequest"
}
The message will contain a human readable description of the error, which will highlight either:
- fields that need to be supplied (MISSING)
- Additional fields that should not have been supplied (UNDEFINED)
- Incorrect formats for fields (INVALID)
A 500 response will attempt to include information in the response body that indicates the cause of the fault. For example:
{
"status": "error",
"message": "INTERNAL ERROR",
"code": "InternalError",
"result": "InternalError"
}
Available Resources
The api is broken up by resource made up of a number of endpoints and sub-resources. The key resources are summarised in the following table:
Resource | Path | Description |
Organisation |
/api/organisation/ /organisation |
Access to resources that describe the organisation, structure, and tenant. Sub-resources include:
|
Schedule |
/api/schedule/ /schedule/ |
Resources for scheduling and leave management
|
Authority | /api/authority/ |
Create / manage credentials and tokens. |
Forecast |
/forecast |
Forecast related resources. Sub resources include
|
Workactivity |
/api/workactivity /workactivity |
Resources related to the capture of work related activities such as inbound volume or agent status changes. Sub-resources include:
|
Metrics |
/api/schedule /api/workactivity |
|
More details of each resource and endpoint can be found in the detailed endpoint sections.
API v2
As of October 2020, some of these endpoints are now available under in the alternative locations, which make use of shared, regional endpoints. You should choose to use this location if the resource you are interested in is available.
Use the endpoint for the region that your Agyle Time tenant is location in, as described below:
Region | URL Base Path |
Europe | https://api-eu.cloud.agyletime.io |
US | https://api-us.cloud.agyletime.io |
Australia / New Zealand | https://api-au.cloud.agyletime.io |
The following resources are currently available through these URL's:
Service | Resource | Endpoint base path |
organisation |
users business-role system-role |
/organisation/users /organisation/business-roles /organisation/system-roles |
workactivity |
workstreams contacts interactions |
/workactivity/workstreams /workactivity/contacts /workactivity/interactions |
schedule |
shifts |
/schedule/shifts/published |