All API calls require a valid access token to be provided in the Authorization field
...
Table of Contents | ||||
---|---|---|---|---|
|
Common Responses
401 Authorization header not present or token expired or invalid
500 Unexpected server error
Organization Teams Controller
This controller allows for creating org chart teams entries and assigning their hierarchy. Changes are only allowed if the authenticated user is an administrator or is a member of an ancestor (parent, parent of parent, etc) team of the team being updated. If the parent is being changed then the authenticated user needs to belong to the new parent team (or an ancestor) as well. Otherwise 400 is returned.
GET /odata/OrganizationTeamHierarchies(id)
Retrieve the Organization Team with the given id
Returns:
200: success, response body is an Organization Team in JSON format
404: team not found
GET /odata/OrganizationTeamHierarchies
Get a list of all teams defined. The output can be filtered using OData parameters.
Returns:
200: success, response body is an OData list of all matching Organization Team objects in JSON format
POST /odata/OrganizationTeamHierarchies
Create a new Organization Team entity in the system. Request body is expected to be an Organization Team object in JSON format.
Returns:
200: success, response body is the resulting Organization Team (with Id populated).
400: invalid request: format error, CompanyId of team doesn't match id of authenticated user making the request or authenticated user doesn't have access to create
PATCH /odata/OrganizationTeamHierarchies(id)
PUT /odata/OrganizationTeamHierarchies(id)
Update the existing entry for the team with key id.
Returns:
204: success
400: invalid request: format error or CompanyId of team doesn't match id of authenticated user making the request
404: no such team found
DELETE /odata/OrganizationTeamHierarchies(id)
Remove the team from the system. Authenticated user must be an administrator or a member of a team that's an ancestor of the team being updated.
Returns:
204: success
400: invalid request: CompanyId of team doesn't match id of authenticated user making the request
404: no such team found
Organization Team Members Controller
This controller allows for assigning/removing users to/from org chart teams. Changes are only allowed if the authenticated user is an administrator or belongs to the team identified by the OrganizationTeamHierarchyId property of the request or a team that is a parent of it.
GET /odata/OrganizationTeamMemberHierarchies(id)
Retrieve the OrganizationTeamMemberHierarchy object with the given id.
Returns:
200: success, response body is an OrganizationTeamMemberHierarchy in JSON format
404: entry not found for that id
GET /odata/OrganizationTeamMemberHierarchies
Get a list of all team memberships defined. The output can be filtered using OData parameters.
Returns:
200: success, response body is an OData list of all matching OrganizationTeamMemberHierarchy objects in JSON format
POST /odata/OrganizationTeamMemberHierarchies
Create a new membership entry in the system. Request body is expected to be an OrganizationTeamMemberHierarchy object in JSON format.
Returns:
200: success, response body is the resulting entry (with Id populated).
400: invalid request: format error or CompanyId of team doesn't match id of authenticated user making the request
409: an entry already exists for this user and team
PATCH /odata/OrganizationTeamMemberHierarchies(id)
PUT /odata/OrganizationTeamMemberHierarchies(id)
Update the existing entry for the user membership with key id.
Returns:
204: success
400: invalid request: format error, CompanyId of team doesn't match id of authenticated user making the request, or attempt was made to change either the user id or team id fields
404: no such team/user pair found
DELETE /odata/OrganizationTeamMemberHierarchies(id)
Remove the membership for the given user in the given team.
Returns:
204: success
404: no such entry found
Users controller
This controller provides read/write access to User (=> employee/personnel) records. Changes are only allowed if the authenticated user is an administrator or member of a team that is an ancestor of one of the teams the user belongs to. Only administrators can change the SecurityLevel property; a change to this by a non-administrator will fail with a 400 return code.
GET /odata/Users(id)
Retrieve the User object for the given id if accessible to the authenticated user.
Returns:
200 on success, User object as JSON payload
400 authenticated account doesn't have access to that user's information
404 on user not found
403 on unauthorized request
500 on exception
GET /odata/Users
Get all accessible user objects. Administrators can see all users but otherwise . Otherwise only users in teams managed by that are descendants of the teams for the authenticated user will be visible (as well as the authenticated user's account).
OData query parameters can be used to filter results.
Returns:
200 on success, OData query result as JSON payload
403 on unauthorized request
500 on exception
POST /odata/Users
Create a new user object. Body of request is a a User object in JSON format. SecurityLevel must be User unless the authenticated user is an administrator, otherwise 400 Invalid request will be returned
Returns:
200 on success, body of response is the newly created User object (with populated Id field)
400 on invalid request: duplicate username or invalid fields
403 on unauthorized request
500 on exception
or attempt by non-admin to create a non-user account
PATCH /odata/Users(id)
PUT /odata/Users(id)
Update the existing user object with the given id. Body of request is a User object with the updated fields. Id must be populated.
Returns:
204 on success
400 on invalid request: invalid fields or , Id in body doesn't match the one provided in the URL or authenticated user doesn't have access to this user entry
404 no such user
DELETE /odata/Users(id)
Removes the user object with the given id. Only accessible to administrator users.
403 on unauthorized request
404 on no such user
500 on exception Usually best practice is to set a user's IsActive to false instead of deleting so that all records that link back to the user in the database will have a valid reference (as opposed to "missing user")
Returns:
200 success
400 invalid request: not an administrator
404 no such user