🔌Authentication

Introduction

Authentication for the Gangmates API is based on bearer tokens. Each company is issued a unique API token that must be included in the header of each request to authenticate and authorize access to the API endpoints.

Obtaining an API Token

To obtain an API token, contact your administrator. The token will be provided and must be kept secure.

Using the API Token

Include the API token in the Authorization header of your HTTP requests. The format should be as follows:

Authorization: Bearer {your_api_token}

Example Request

GET /api/paystubs HTTP/1.1
Host: stage.gangmates.com
Authorization: Bearer your_api_token

Managing API Tokens

API tokens can be managed through the Gangmates UI. Each company can generate, regenerate, and invalidate their API token.

Generating a New Token

  1. Log in to the Gangmates UI.

  2. Navigate to the "Security" tab then select "API" from the drop down.

  3. Click the "Generate Token" button.

  4. The new token will be generated. Copy and store it securely.

Invalidating a Token

  1. Log in to the Gangmates UI.

  2. Navigate to the "Security" tab then select "API" from the drop down.

  3. Click the "Invalidate Token" button.

  4. The token will be invalidated, and any further requests using that token will be unauthorized.

Rate Limiting

API requests are limited to 100 requests per minute per company. If this limit is exceeded, the following response will be returned:

{
    "error": "Too Many Requests",
    "retry_after": 60
}

The retry_after field indicates the number of seconds to wait before making new requests.

Error Handling

If an invalid or missing token is provided, the following response will be returned:

{
    "error": "Unauthorized"
}

Ensure that your token is correctly included in the Authorization header of each request.

Contact

For any questions or support, please contact our support team at support@gangmates.com.

PreviousAPI OverviewNextRate Limits

Last updated