Authentication

Last Modified on 11/02/2023 3:33 pm CDT

TempWorks API supports three forms of authentication:

  • OAuth2
  • Basic Authentication
  • Header or Query string Token

OAuth

TempWorks supports OAuth for four different user types:

Service Rep

A Service Rep is a user who works directly for the staffing agency. To authenticate as a Service Rep using OAuth, your application will need to use the “code flow”, which redirects the user to the TempWorks Login Server to sign in, and then back to your application with a bearer token for the TempWorks Open API. This requires that your application has a web server to handle the backchannel communication with the TempWorks Login Server.

OAuth with the code flow is generally well supported in a wide range of application frameworks. Here are a couple example projects that can help you get started:

Web User Employee

A Web User Employee is a user who is placed at another firm by the staffing agency. To authenticate as a Web User Employee your application will need to allow the user to enter their username and password. Your application can then make a request to the TempWorks Login Server to get a bearer token.

curl --location 'https://login.ontempworks.com/connect/token' \                    --header 'Content-Type: application/x-www-form-urlencoded' \                    --data-urlencode 'grant_type=tw_vendor_webuser' \                    --data-urlencode 'usertype=WebUserEmployee' \                    --data-urlencode 'client_id=your-client-id-here' \                    --data-urlencode 'client_secret=your-client-secret-here' \                    --data-urlencode 'acr_values=tenant:example-tenant pid:4E7A875D-36AD-4F27-891A-A20E8F57FB90' \                    --data-urlencode 'username=example-username' \                    --data-urlencode 'password=example-password'

Your application will need to vary the 'acr_values' provided based on the customer. The 'tenant' value represents one of TempWorks' customers, while the 'pid' (short for product instance id) represents an instance of your application for that customer.

Web User Contact

A Web User Contact is a user who works at a firm that is contracting with the staffing agency. To authenticate as a Web User Contact your application will need to allow the user to enter their username and password. Your application can then make a request to the TempWorks Login Server to get a bearer token.

curl --location 'https://login.ontempworks.com/connect/token' \                    --header 'Content-Type: application/x-www-form-urlencoded' \                    --data-urlencode 'grant_type=tw_vendor_webuser' \                    --data-urlencode 'usertype=WebUserContact' \                    --data-urlencode 'client_id=your-client-id-here' \                    --data-urlencode 'client_secret=your-client-secret-here' \                    --data-urlencode 'acr_values=tenant:example-tenant pid:4E7A875D-36AD-4F27-891A-A20E8F57FB90' \                    --data-urlencode 'username=example-username' \                    --data-urlencode 'password=example-password'

Your application will need to vary the 'acr_values' provided based on the customer. The 'tenant' value represents one of TempWorks' customers, while the 'pid' (short for product instance id) represents an instance of your application for that customer.

Service

A Service is a user that represents your application. Connecting as a service may be appropriate if your application performs automated tasks or allows anonymous users. Your application can make a request to the TempWorks Login Server to get a bearer token without any user interaction.

curl --location 'https://login.ontempworks.com/connect/token' \                    --header 'Content-Type: application/x-www-form-urlencoded' \                    --data-urlencode 'grant_type=tw_vendor_service_credentials' \                    --data-urlencode 'client_id=your-client-id-here' \                    --data-urlencode 'client_secret=your-client-secret-here' \                    --data-urlencode 'acr_values=tenant:example-tenant pid:4E7A875D-36AD-4F27-891A-A20E8F57FB90'

Your application will need to vary the 'acr_values' provided based on the customer. The 'tenant' value represents one of TempWorks' customers, while the 'pid' (short for product instance id) represents an instance of your application for that customer.

What to do with your bearer token

Once you have a bearer token from any of the above methods, you can use it to authenticate to the Open API:

curl --location 'https://api.ontempworks.com/datalists/branches?skip=0&take=1000' \                    --header 'Authorization: Bearer token-goes-here'

Basic Authentication

Your AccountSid and AuthToken are the “master keys” to your account. To authenticate using these “master keys,” use HTTP basic auth with the username set to your AccountSid and the password set to your AuthToken.

TempWorks uses HTTP basic auth because it is well supported with web development tools. Most HTTP clients (including web-browsers) present a dialog or prompt for you to provide a username and password for HTTP basic auth. Most clients will also allow you to provide credentials in the URL itself. For example:

https://{AccountSid}:{AuthToken}@api.ontempworks.com/subresource

Token

To authenticate using a Token, use a HTTP Header x-tw-token or query string parameter tw-token

Note It is not recommended to use a query string token because it can leak your token to server logs.

x-tw-token: {TOKEN}

or

https://api.ontempworks.com/subresource?tw-token={TOKEN}

where the {TOKEN} is the base 64 of the AccountSID and AuthToken separated by a colon. In pseudo-code, it would

base64(AccountSID+ ':' + AuthToken)

Related Articles

  • None
Copyright © TempWorks Software Inc. All rights reserved.