The LeaveWizard API for Partners
The LeaveWizard API for Partners
LeaveWizard provides a customer accessible public Application Programming Interface (API) to allow external applications to get information, such as a list of employee events (leave and absence requests), from LeaveWizard. This article explains how a LeaveWizard partner or third-party can setup and test the API.
Registering an Partner API Client
The LeaveWizard API using an OAuth2 authentication method utilization the Client Credentials flow.
Therefore, in order to access the API as a partner or third-party you will need to request an Client Id and Secret from our support team.
You should receive two sets of credentials, one for Beta and one for Production access, after you have received these you should be able to use them to access the API.
API Documentation
Documentation for the API is provided via Swagger and describes the API and lists endpoints (the point of contact between an application and the API).
Production: https://api.leavewizard.com/swagger/ui/index

Consuming the API
In order to consume the Beta API you will need an access token.
To get an access token using Postman:
Grant Type: Client Credentials
Access Token URL: https://beta-identity.leavewizard.com/connect/token
Client ID: <Your-Client-Id>
Client Secret: <Your-Client-Secret>
Client Secret: <Your-Client-Secret>
Scope: lw-public-api lw-public-api-write lw-company-api lw-company-api-write
Using Scopes
Scopes are used to restrict which endpoints are available to specific API clients. As a partner you will have access to the '/companies' endpoint which will enable you to perform CRUD actions for companies.
The scopes required for this are:
- lw-company-api
- lw-company-api-write
- lw-public-api
- lw-public-api-write
As a partner you would be given access to both the company-api and public-api scopes and you should specify the scope as:
lw-public-api lw-public-api-write lw-company-api lw-company-api-write
Additional Headers
As a partner you will be accessing the API on behalf of your organization and will therefore have control over all of the company accounts that you create via the API.
In order to determine which company you would like to access the API on behalf of it is necessary to provide a request header which includes the unique id of the company.
Required Request Headers (Name : Value):
- CompanyId : <company_uuid>
Authorization
When calling an API endpoint the access token must be sent as a bearer token using an HTTP Authorization header.
Testing with Postman
Generate a new authorization token

Registering a new company
The following shows an example of creating a new company by performing a post to the /companies endpoint. The response includes the company and administrator UUID values.

Passing in the company id as a header
The following shows a CompanyId request header containing the value of the company UUID being passed on a call to get event types:
