Skip to main content
New user request Sign in Visit humanforce.com

Set up a REST API key in Humanforce WFM Web

Follow this guide to create a secure REST API key in Humanforce WFM Web that allows a third-party vendor or internal system to access only the data you permit.

For security and auditing purposes, create a separate user and access level for each API integration. Never share API keys across multiple vendors.

Part 1: Create a dedicated API access level (Web)

The data accessible via the API depends entirely on the permissions assigned to the linked user.

  1. Go to Admin > Security Config > Access Levels.
  2. Click Add.
  3. Enter a clear name for the access level (for example, “[Vendor Name] API Access”).
  4. Open the Permissions tab.
  5. Select only the permissions required for the integration (for example, timesheets if the vendor requires timesheet data).
  6. In the REST API permission group:
    • Tick Allow API access.
    • Tick View API keys.
    • Tick Allow create/edit of API keys (if this user will manage keys).
  7. Review all permissions carefully and remove any access not required (for example, personal employee details if not needed).
  8. Confirm the Auth Level is the same or higher than your own access level so you can create API keys for this user.
  9. Click Save.

The new access level will now appear in your Access Levels list.

Part 2: Create a dedicated API user (Web)

Each API key must be linked to a user profile.

  1. Go to Management > Employee > Employee Management.
  2. Click New, or search for an existing user and click Clone.
  3. In Personal Details:
    • Enter a clear Employee Code (for example, VENDORAPI).
    • Set First Name and Last Name to clearly identify the vendor and that this is an API user.
    • Set the Roster Name appropriately.
  4. Expand the Employment section.
  5. From the Access Level drop-down, select the API access level created in Part 1.
  6. Ensure Include in payroll export is not ticked.
  7. Assign the required locations, departments and roles to control data visibility.
  8. Click Apply to save the profile.

The API user is now ready to be linked to an API key.

Part 3: Generate the REST API key (Web)

  1. Go to Admin > Security Config > API Key Management.
  2. Click Add new record.
  3. Enter a clear Name for the key (for example, “[Vendor Name] API Key”).
  4. Use the Comments field to describe what data the key can access.
  5. Select the API user from the Linked user drop-down.
  6. Copy the generated API Key.
  7. Copy the generated Secret and store it securely.
The Secret key is only visible at the time of creation. Once saved, it cannot be viewed again. If lost, you must re-generate a new secret, which will invalidate the previous one.
  1. Click Save.

You can now provide the API Key and Secret to the vendor or configure them in the integrating application.

Additional information

  • If you do not see API Key Management:
    • Confirm your access level has:
      • View API keys
      • Allow create/edit of API keys
      • Manage API keys for all users (if required)
    • If permissions are correct but the option is still unavailable, log a support ticket or contact your Account Manager to confirm licensing.
  • The Humanforce WFM REST API is available to Humanforce WFM Cloud customers only.
  • For endpoint details, limits and technical documentation, see the REST API Overview.

Security best practice

  • Create one API key per integration.
  • Re-generate the Secret key every 30–90 days.
  • Remove unused API users and keys promptly.
  • Restrict permissions to the minimum required.
  • Avoid sharing credentials between vendors.

Related articles

Can't find what you need?

Our team is here to help
Submit a request

Work easier.
Live better.

Enquire now

About

Industries

Workforce Management

Talent

Payroll

HR

Benefits

Services

Resources

Get started

Connect with us

Level 10, 90 Arthur St, North Sydney, NSW 2060
PO Box 1978, North Sydney NSW 2060
© Humanforce Holdings Pty Ltd or its affiliates