🔓 Permissions requises
Super admin
Reading time | 10mn |
Set up time | Varies depending on configuration |
Number of steps | 4 |
1️⃣ Create an Account
Start by creating your workspace. Registration is free and includes a 15-day trial, perfect for testing your integrations without commitment.
💡 Your agency account only needs to be created once. The super admin can then invite collaborators, who will be able to create their own access credentials.
2️⃣ Choose Your Authentication Method
Two authentication methods are available. Choose the one that best fits your use case:
🔵 OPTION A | 🟢 OPTION B |
JWT — User Sessions For applications where users log in interactively. Short-lived token (30 min), refreshable. | API Token — Integrations For Make, Zapier, n8n, or server-side scripts. Long-lived scoped token created from the Settings menu. |
A — JWT AUTHENTICATION
Exchange your credentials for an access token and a refresh token:
CURL · GET A TOKEN |
`# Send your credentials |
curl -X POST https://api.ooti.co/api/v1/token-auth/ \ |
-H "Content-Type: application/json" |
-d '{"username": "[email protected]", "password": "your-password"}'` |
Expected response:
JSON · RESPONSE |
`{ |
"access": "eyJ0eXAiOi...", ← use this field |
"refresh": "eyJ0eXAiOi...", |
"token": "eyJ0eXAiOi..." ← legacy alias, prefer "access" |
}` |
⏱️ Access tokens expire after 30 minutes. Refresh them without logging in again.
CURL · REFRESH A TOKEN |
`curl -X POST https://api.ooti.co/api/v1/token-refresh/ \ |
-H "Content-Type: application/json" |
-d '{"refresh": "<YOUR_REFRESH_TOKEN>"}'` |
B — API TOKEN (UNATTENDED INTEGRATIONS)
Super admins can create a token under Settings → Integrations → API Tokens. This is the recommended option for server-to-server usage and automations.
🔒 Store your tokens securely. Do not expose them in your source code and never expose a token client-side.
3️⃣ Make Your First API Request
Pass the token in the Authorization header. The prefix depends on the token type:
CURL · WITH A JWT (USERS) |
-H "Authorization: JWT <VOTRE_ACCESS_TOKEN>"` |
CURL · WITH AN API TOKEN (INTEGRATIONS) |
-H "Authorization: Token <YOUR_API_TOKEN>"` |
This endpoint returns the organizations and teams the authenticated user belongs to. The id field of each organization corresponds to the org_pk value required by most other endpoints.
4️⃣ Explore the Full API
The complete reference — including every endpoint, request/response schemas, and an interactive “try it” console — is available at:
api.ooti.co/api/v1/docs/.
Common entry points to start exploring:
GET /api/v1/projects/list/{org_pk}/ List projects |
POST /api/v1/timelogs/worklogs/ Log time |
POST /api/v1/invoices/list/{org_pk}/ Create an invoice |
GET /api/v1/contacts/list/{org_pk}/ List clients and contacts |
QUICK REFERENCE |
Base URL https://api.ooti.co/api/v1/ |
Format JSON |
Auth (utilisateur) Authorization: JWT <access-token> |
Auth (intégration) Authorization: Token <api-token> |
Get a token POST /api/v1/token-auth/ |
Refresh POST /api/v1/token-refresh/ |
Documentation api.ooti.co/api/v1/docs/ |
Sign up app.ooti.co/accounts/signup/ |
Support [email protected] |