Creating API keys for external systems

Creating API keys for external systems

With API keys, external systems β€” such as your POS system, a BI tool, or your own script β€” can access Shiftdesk data. Each key receives precisely defined scopes, so you can keep access as narrow as possible.

Creating a new API key

  1. Go to Settings β†’ API keys.
  2. Click Add API key.
  3. Enter a name (e.g. "POS Cologne branch").
  4. Choose the required scopes:
- employees:read β€” read employee data - shifts:read / shifts:write β€” read/write shifts - time-entries:read β€” read clock-ins - absences:read β€” read absences
  1. Click Create.

Important: shown only once

The full key (sklive...) is shown only once β€” right after creation. Copy it immediately into a secure password manager. After that, the dashboard only shows the last 4 characters for identification.

> If you lose the key, you have to create a new one β€” Shiftdesk cannot recover it.

Sample request

The API base URL is https://api.shiftdesk.app/v1. Authentication is done via the Authorization header:

bash
curl -H "Authorization: Bearer sklivexxxxxxxxxxxxxxxxxxxxxxxx" \
     -H "Content-Type: application/json" \
     https://api.shiftdesk.app/v1/employees

Rotation and revocation

For security reasons, you should rotate API keys at least once a year:

  1. Create a new key with identical scopes.
  2. Store it in the target system.
  3. Verify that everything works.
  4. Revoke the old key via the trash icon in the list.
Revoked keys become invalid immediately β€” ongoing requests fail with 401 Unauthorized.

Audit log

Every API access is logged with a timestamp, IP, and endpoint in the audit log. You'll find the logs under Settings β†’ Security β†’ API activity.

Rate limits

Shiftdesk throttles to 120 requests/minute per key. If you need more, contact support.

Previous article

Configuring time tracking (modes, snap, breaks, GPS)

Next article

Setting up two-factor authentication (MFA)

Related articles

Setting up two-factor authentication (MFA)

MFA (multi-factor authentication) protects your Shiftdesk account even if your password ever falls into the wrong hands. At login, Shiftdesk additionally asks for a **one-time code** from your authenticator app.

Managing locations

Locations are the top level of your organization structure in Shiftdesk. Each location has its own address, time zone, and a country and state β€” these values affect clock-in/out times, reports, and the automatic public holiday import.

Setting up departments and teams

Shiftdesk structures your organization into three levels: **Location β†’ Department β†’ Team**. This hierarchy helps you plan shifts clearly, assign permissions cleanly, and run targeted reports.

Importing and managing public holidays

Public holidays serve two important functions in Shiftdesk: by default they block scheduling (in line with **ArbZG Β§ 9**, rest on Sundays and public holidays) and they activate **public holiday surcharges** via the rate cards.

Still have questions?

Can't find what you're looking for? Get in touch β€” we're happy to help personally.

Try Shiftdesk for free
Creating API keys for external systems Β· Knowledge base | Shiftdesk