Skip to content

The LeaveWizard API for Partners

The LeaveWizard API for Partners

LeaveWizard provides a customer accessible public Application Programming Interface (API) to allow external applications to get information, such as a list of employee events (leave and absence requests), from LeaveWizard. This article explains how a LeaveWizard partner or third-party can setup and test the API.

Registering an Partner API Client 

The LeaveWizard API using an OAuth2 authentication method utilization the Client Credentials flow.

Therefore, in order to access the API as a partner or third-party you will need to request an Client Id and Secret from our support team.

You should receive two sets of credentials, one for Beta and one for Production access, after you have received these you should be able to use them to access the API.

API Documentation

Documentation for the API is provided via Swagger and describes the API and lists endpoints (the point of contact between an application and the API). 

The 'LeaveWizard Public API 1.0' Swagger specification can be found at:


Consuming the API

In order to consume the Beta API you will need an access token. 

To get an access token using Postman:

Grant Type: Client Credentials

Access Token URL:

Client ID: <Your-Client-Id>
Client Secret: <Your-Client-Secret>

Scope: lw-public-api lw-public-api-write lw-company-api lw-company-api-write

Using Scopes

Scopes are used to restrict which endpoints are available to specific API clients. As a partner you will have access to the '/companies' endpoint which will enable you to perform CRUD actions for companies.

The scopes required for this are:
  • lw-company-api
  • lw-company-api-write 
All of the other endpoints are made available via the public API scopes:
  • lw-public-api
  • lw-public-api-write
As a partner you would be given access to both the company-api and public-api scopes and you should specify the scope as:
lw-public-api lw-public-api-write lw-company-api lw-company-api-write

Additional Headers

As a partner you will be accessing the API on behalf of your organization and will therefore have control over all of the company accounts that you create via the API.

In order to determine which company you would like to access the API on behalf of it is necessary to provide a request header which includes the unique id of the company.

Required Request Headers (Name : Value):
  • CompanyId : <company_uuid>


When calling an API endpoint the access token must be sent as a bearer token using an HTTP Authorization header.

Testing with Postman

Generate a new authorization token

Registering a new company

The following shows an example of creating a new company by performing a post to the /companies endpoint. The response includes the company  and administrator UUID values. 

Passing in the company id as a header

The following shows a CompanyId request header containing the value of the company UUID being passed on a call to get event types:

Feedback and Knowledge Base