Getting started

Authorization

In order to use the API you will need a user account on the MT1 platform. If you do not have one already, you can register one here. It is important that your user has enabled the Timekeeper feature. If you haven't enabled this feature during registration you can upgrade your account in the Account section.

Authorization REST API

To retrieve an authorization token you have to authenticate with your user credentials.
The REST endpoint /mt1/api/user/login takes a username and password as input (JSON format).
The successful result of the call will be the user's account data as payload, additionally, the authorization token is returned in the HTTP response header. Consider the following REST call as an example: This will result in the following HTTP response headers (shortened): The authorization token in this example is F62FABC2F1619F9B98821D91339C0483 and must be used for further REST calls, described below.
The response payload of the REST call will be: It is important, that the user's roles contain the entry TIMING_POINT_ACCOUNT (Timekeeper feature). If this is not the case you will have to upgrade the account in the Account section.

Using the Autorization Token

To use the authorization token you will have to provide the authorization HTTP request header field with your REST calls.
For example, if you would like to check if the authorization token is still valid, you could check the currently authenticated user (associated with the token).
This can be accomplished via the REST API /mt1/api/user/current: The authentication token is provided via the HTTP request header (curl option -H).
If the authentication token is not expired, the response will be successful, containing the user's account information.
However, if the authentication token is expired, the response will be as follows: If you use an expired or invalid authorization token for other REST API requests, the response will result in a HTTP status code 403, e.g.: In your application you can either: