Getting Started

Worksection API introduction

API is an appli­ca­tion pro­gram inter­face for inte­grat­ing one soft­ware with anoth­er.

Work­sec­tion API allows you to access our ser­vice and request/​send data for simul­ta­ne­ous inter­ac­tion of the ser­vice with oth­er pro­grams.

Use­ful materials:
  1. SDK library to sim­pli­fy the work with our API.
  2. OAuth 2.0 library for easy work with the Work­sec­tion OAuth 2.0.
  3. Method col­lec­tions in Post­man.
Was this article helpful? Yes, thank you! No

Worksection API features

All the main fea­tures and func­tions, pre­sent­ed in the sys­tem itself, are avail­able through our API, namely:

For par­tic­i­pants and con­tacts:
  • cre­ate teams for mem­bers and fold­ers for contacts 
  • cre­ate contacts 
  • invite new account members
  • get a list of teams, mem­bers and contacts 
  • add and exclude project members
  • sub­scribe and unsub­scribe task members

For tasks and com­ments:
  • cre­ate, edit, close and reopen tasks
  • get task data 
  • get a list of: 
  • all tasks
  • tasks of a spe­cif­ic project 
  • tasks accord­ing to search parameters 
  • post and get task comments
  • cre­ate, set and remove task statuses/​labels

For projects:
  • cre­ate, edit, archive and acti­vate projects 
  • cre­ate folders 
  • get project data 
  • get a list of projects and folders 
  • cre­ate, set and remove project statuses/​tags

For entered costs and enabled timers:
  • cre­ate, update and delete time and finan­cial costs 
  • get par­tic­u­lar cost rows and total costs for projects and indi­vid­ual tasks 
  • get a list of enabled mem­ber timers 
  • stop enabled mem­ber timers 

For files:
  • the abil­i­ty to attach files to com­ments and project/​task descrip­tions dur­ing cre­ation as well as to get uploaded and attached files

Note! To pre­vent the loss, acci­den­tal dele­tion or inten­tion­al destruc­tion of cru­cial data, the abil­i­ty to delete most of the data was exclud­ed, namely:
  • projects/​tasks/​comments
  • account members/​contacts
  • project/​task statuses/​labels
  • uploaded and attached files
Was this article helpful? Yes, thank you! No

Worksection API authorization

To get access to Worksection API you can use:
  • admin token
    *grants highest rights
  • user token (oauth2 access token)
    *grants limited rights (according to user role and app permissions)

Admin token

Use next basic URL:
Admin token is generated in MD5 format from all request parameters and account administrative API key (example below).

Example for get_tasks method
Getting token (on PHP)
$query_params = 'action=get_tasks&id_project=26';
$api_key = '7776461cd931e7b1c8e9632ff8e979ce';

$hash = md5($query_params.$apikey);
Final request

User token

*oauth2 access token
​Use next basic URL:
Access token can be obtained by a special request (see details). It's valid for 24 hours. Then you need to refresh it with refresh_token or get a new one.

Example for get_tasks method
Final request
*with authorization header
curl -X GET -H "Authorization: Bearer <token_value>"
*with access_token parameter
Was this article helpful? Yes, thank you! No

Worksection administrative API key

Admin­is­tra­tive API key is used for access to Work­sec­tion API through the admin token.

AccountAPI → Show API key

Note! Only the account own­er has access to the admin­is­tra­tive API key!

Was this article helpful? Yes, thank you! No

Worksection OAuth 2.0 access token

Access data can be obtained by making a POST request to the URL of the token with the authorization code:
The POST request must contain the required parameters:

client_id, received when creating the application.
client_secret, received when creating the application.
Always specify the authorization_code.
The authorization code (see details).
URI where the response will be redirected. The URI must meet the requirements of the OAuth2 standard and use the HTTPS protocol.

CURL example:

curl -X POST -d "client_id=<client_id>&client_secret=<client_secret>&
Example response:

    "token_type": "bearer",
    "expires_in": 86400,
    "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJh...",
    "refresh_token": "def502005534a202e9e8effa05cdbad564015604f34...", "account_url": ""
The received access_token and refresh_token will be used in subsequent requests to access the API and update the access_token. The access_token is valid for 24 hours, the refresh_token is valid for 1 month.
Was this article helpful? Yes, thank you! No