WorkPulse

WorkPulse API

This guide shows how to integrate WorkPulse from a mobile app using API keys.

Base URL

https://workpulse.weststar-dev.com/api/

Authentication

Send your API key in one of these headers:

X-API-Key: YOUR_API_KEY
Authorization: Bearer YOUR_API_KEY

Generate keys in the web app under API Keys.

Resources

Postman collection
OpenAPI spec (YAML)

Quickstart

  1. Login to the web app and go to API Keys.
  2. Create a key (e.g., “My Phone”) and copy it once.
  3. Call the API with the key in a header.

Verify your key

curl -H "Authorization: Bearer YOUR_API_KEY" \
  https://workpulse.weststar-dev.com/api/auth_me.php

Mobile usage examples

JavaScript (React Native / Expo)

async function api(path, opts={}){
  const base = 'https://workpulse.weststar-dev.com/api/';
  const apiKey = 'YOUR_API_KEY';
  const res = await fetch(base + path, {
    ...opts,
    headers: { 'Authorization': `Bearer ${apiKey}`, ...(opts.headers||{}) }
  });
  const data = await res.json();
  if(!res.ok || data.ok === false) throw new Error(data.error||'Request failed');
  return data;
}

// Current user
const me = await api('auth_me.php');
console.log(me.user);

Kotlin (Android)

val client = OkHttpClient()
val req = Request.Builder()
  .url("https://workpulse.weststar-dev.com/api/auth_me.php")
  .addHeader("Authorization", "Bearer YOUR_API_KEY")
  .build()
val res = client.newCall(req).execute()
println(res.body!!.string())

Swift (iOS)

var req = URLRequest(url: URL(string: "https://workpulse.weststar-dev.com/api/auth_me.php")!)
req.addValue("Bearer YOUR_API_KEY", forHTTPHeaderField: "Authorization")
let (data, _) = try await URLSession.shared.data(for: req)
print(String(data: data, encoding: .utf8)!)

Endpoints

Auth

  • POST /api/auth_register.php — Disabled. Returns 403 because accounts are managed centrally by Auth2 admin.
  • POST /api/auth_login.php — Start web session (for browser flows).
  • GET /api/auth_me.php — Current user (API key or session).

Attendance

These endpoints accept API key authentication (or a web session).

  • GET /api/dashboard_overview.php?date=YYYY-MM-DD — Today summary, timeline, recent activity, team attendance rate.
  • GET /api/report_series.php?range=30d — Chart series for worked hours and break minutes (supports start/end).
  • GET /api/team_my.php — My teams and members (param autocreate=1 to create default team).
  • GET /api/attendance_report_list.php?date=YYYY-MM-DD — Daily attendance for all users. Requires admin role.

API Keys

  • POST /api/api_keys_create.php — Create key (session). Body JSON { name }. Returns api_key once.
  • GET /api/api_keys_list.php — List my keys (session).
  • POST /api/api_keys_revoke.php — Revoke key (session). Body JSON { id }.

Headers

// API Key (preferred for mobile)
Authorization: Bearer YOUR_API_KEY
// or
X-API-Key: YOUR_API_KEY

// JSON requests
Content-Type: application/json

Errors

{ "ok": false, "error": "Unauthorized" }
{ "ok": false, "error": "Forbidden" }
{ "ok": false, "error": "Invalid date" }