Common Responses

401 Authorization header not present or token expired or invalid

500 Unexpected server error

Organization Teams Controller

This controller allows for creating org chart teams entries and assigning their hierarchy.  Changes are only allowed if the authenticated user is an administrator or is a member of an ancestor (parent, parent of parent, etc) team of the team being updated.  If the parent is being changed then the authenticated user needs to belong to the new parent team (or an ancestor) as well. Otherwise 400 is returned.

GET /odata/OrganizationTeamHierarchies(id)

Retrieve the Organization Team with the given id

Returns:

200: success, response body is an Organization Team in JSON format

404: team not found

GET /odata/OrganizationTeamHierarchies

Get a list of all teams defined.  The output can be filtered using OData parameters.

Returns:

200: success, response body is an OData list of all matching Organization Team objects in JSON format

POST /odata/OrganizationTeamHierarchies

Create a new Organization Team entity in the system.  Request body is expected to be an Organization Team object in JSON format.  

Returns:

200: success, response body is the resulting Organization Team (with Id populated).

400: invalid request: format error, CompanyId of team doesn't match id of authenticated user making the request or authenticated user doesn't have access to create 

PATCH /odata/OrganizationTeamHierarchies(id)

PUT /odata/OrganizationTeamHierarchies(id)

Update the existing entry for the team with key id.

Returns:

204: success

400: invalid request: format error or CompanyId of team doesn't match id of authenticated user making the request

404: no such team found

DELETE /odata/OrganizationTeamHierarchies(id)

Remove the team from the system.  Authenticated user must be an administrator or a member of a team that's an ancestor of the team being updated.

Returns:

204: success

400: invalid request: CompanyId of team doesn't match id of authenticated user making the request

404: no such team found

Organization Team Members Controller

This controller allows for assigning/removing users to/from org chart teams.  Changes are only allowed if the authenticated user is an administrator or belongs to the team identified by the OrganizationTeamHierarchyId property of the request or a team that is a parent of it.

GET /odata/OrganizationTeamMemberHierarchies(id)

Retrieve the OrganizationTeamMemberHierarchy object with the given id.

Returns:

200: success, response body is an OrganizationTeamMemberHierarchy in JSON format

404: entry not found for that id

GET /odata/OrganizationTeamMemberHierarchies

Get a list of all team memberships defined.  The output can be filtered using OData parameters.

Returns:

200: success, response body is an OData list of all matching OrganizationTeamMemberHierarchy objects in JSON format

POST /odata/OrganizationTeamMemberHierarchies

Create a new membership entry in the system.  Request body is expected to be an OrganizationTeamMemberHierarchy object in JSON format.

Returns:

200: success, response body is the resulting entry (with Id populated).

400: invalid request: format error or CompanyId of team doesn't match id of authenticated user making the request

409: an entry already exists for this user and team

PATCH /odata/OrganizationTeamMemberHierarchies(id)

PUT /odata/OrganizationTeamMemberHierarchies(id)

Update the existing entry for the user membership with key id.

Returns:

204: success

400: invalid request: format error, CompanyId of team doesn't match id of authenticated user making the request, or attempt was made to change either the user id or team id fields

404: no such team/user pair found

DELETE /odata/OrganizationTeamMemberHierarchies(id)

Remove the membership for the given user in the given team.

Returns:

204: success

404: no such entry found

Users controller

This controller provides read/write access to User (=> employee/personnel) records.  Changes are only allowed if the authenticated user is an administrator or member of a team that is an ancestor of one of the teams the user belongs to.  Only administrators can change the SecurityLevel property; a change to this by a non-administrator will fail with a 400 return code.

GET /odata/Users(id)

Retrieve the User object for the given id if accessible to the authenticated user.  

Returns:

200 success, User object as JSON payload

400 authenticated account doesn't have access to that user's information

404 user not found

GET /odata/Users

Get all accessible user objects.  Administrators can see all users.  Otherwise only users in teams that are descendants of the teams for the authenticated user will be visible (as well as the authenticated user's account).

OData query parameters can be used to filter results.

Returns:

200 success, OData query result as JSON payload

POST /odata/Users

Create a new user object.  Body of request is a User object in JSON format.  SecurityLevel must be User unless the authenticated user is an administrator, otherwise 400 Invalid request will be returned

Returns:

200 success, body of response is the newly created User object (with populated Id field)

400 invalid request: duplicate username or invalid fields or attempt by non-admin to create a non-user account

PATCH /odata/Users(id)

PUT /odata/Users(id)

Update the existing user object with the given id.  Body of request is a User object with the updated fields.  Id must be populated.

Returns:

204 success

400 invalid request: invalid fields, Id in body doesn't match the one provided in the URL or authenticated user doesn't have access to this user entry

404 no such user

DELETE /odata/Users(id)

Removes the user object with the given id.  Only accessible to administrator users.  Usually best practice is to set a user's IsActive to false instead of deleting so that all records that link back to the user in the database will have a valid reference (as opposed to "missing user")

Returns:

200 success

400 invalid request: not an administrator

404 no such user