Dyzo API
v2.0.0
Getting Started
Company Setup
Login & Sessions
Management
Time & Attendance
Communication
Analytics & Reports
Advanced Features
Authentication
Complete Dyzo API Documentation - Project Management, Team Collaboration & Time Tracking Platform
Authentication API
Secure access to your APIs
Comprehensive authentication system supporting API Keys, JWT tokens, OTP, and social login.
Key Features
Generate and manage API keys
JWT token authentication with auto-refresh
OTP-based login
Google OAuth and Apple Sign-In
Rate limiting and token expiration
Method 1: API Key Authentication
Simple and permanent authentication for server-to-server integrations
Request Header:
X-API-Key: YOUR_API_KEYBest for:
- Automated scripts
- Third-party integrations
- Cron jobs
Features:
- Rate limiting
- Expiration dates
- Usage tracking
Implementation Examples
javascript
1// Using Axios2const axios = require('axios');34const API_KEY = 'your_api_key_here';5const BASE_URL = 'https://api.dyzo.ai';67// Set default header for all requests8axios.defaults.headers.common['X-API-Key'] = API_KEY;910// GET request11const getTasks = async () => {12 try {13 const response = await axios.get(`${BASE_URL}/tasks/`);14 console.log('Tasks:', response.data);15 } catch (error) {16 console.error('Error:', error.response?.data);17 }18};1920// POST request21const createTask = async (taskData) => {22 const response = await axios.post(`${BASE_URL}/create-task/1/`, taskData, {23 headers: { 'X-API-Key': API_KEY }24 });25 return response.data;26};POST
/api-keys/{user_id}/200 OK
Create API Key
Generate a new API key for programmatic access.
JSONRequest Body
{
"name": "Production Key",
"expires_in_days": 365,
"rate_limit": 1000
}JSONResponse (200 OK)
{
"status": 1,
"message": "API key created successfully",
"api_key": {
"id": 5,
"name": "Production Key",
"key": "dyzo_abc123...",
"is_active": true,
"rate_limit": 1000,
"expires_at": "2025-10-29T00:00:00Z"
}
}GET
/api-keys/{user_id}/200 OK
List API Keys
Get all API keys for a user.
JSONResponse (200 OK)
{
"status": 1,
"api_keys": [...]
}DELETE
/api-keys/{user_id}/200 OK
Delete API Key
Permanently delete an API key.
JSONRequest Body
{
"key_id": 5
}JSONResponse (200 OK)
{
"status": 1,
"message": "API key deleted successfully"
}Method 2: JWT Token Authentication
Secure token-based authentication with automatic refresh for web and mobile applications
Request Headers:
Authorization: Bearer <access_token>X-Refresh-Token: <refresh_token>Best for:
- Web applications
- Mobile apps
- User-specific operations
Token Expiry:
- Access Token: 1 hour
- Refresh Token: 30 days
Client-Side Implementation
javascript
1// Axios interceptor for automatic token refresh + retry2axios.interceptors.response.use(3 response => {4 // Check for new tokens in response headers5 const newAccessToken = response.headers['x-new-access-token'];6 const newRefreshToken = response.headers['x-new-refresh-token'];7 8 if (newAccessToken) {9 localStorage.setItem('access_token', newAccessToken);10 console.log('ā
New access token stored');11 }12 13 if (newRefreshToken) {14 localStorage.setItem('refresh_token', newRefreshToken);15 console.log('ā
New refresh token stored');16 }17 18 // Retry original request with new token19 if (newAccessToken) {20 const originalRequest = response.config;21 originalRequest.headers['Authorization'] = `Bearer ${newAccessToken}`;22 23 if (newRefreshToken) {24 originalRequest.headers['X-Refresh-Token'] = newRefreshToken;25 } else {26 const existingRefreshToken = localStorage.getItem('refresh_token');27 if (existingRefreshToken) {28 originalRequest.headers['X-Refresh-Token'] = existingRefreshToken;29 }30 }31 32 console.log('š Retrying original request');33 return axios(originalRequest);34 }35 36 return response;37 }38);3940// Add tokens to every request automatically41axios.interceptors.request.use(42 config => {43 const accessToken = localStorage.getItem('access_token');44 const refreshToken = localStorage.getItem('refresh_token');45 46 if (accessToken) {47 config.headers['Authorization'] = `Bearer ${accessToken}`;48 }49 50 if (refreshToken) {51 config.headers['X-Refresh-Token'] = refreshToken;52 }53 54 return config;55 }56);POST
/login/200 OK
Employee Login
Authenticate an employee with email and password. Returns JWT access and refresh tokens.
JSONRequest Body
{
"email": "[email protected]",
"password": "securepassword123"
}JSONResponse (200 OK)
{
"status": 1,
"message": "Login successful",
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"employee": {
"_id": 10,
"first_name": "John",
"last_name": "Doe",
"email": "[email protected]",
"companyId": 1,
"designation": "Software Engineer",
"isActive": true
}
}POST
/api/google-login/200 OK
Google OAuth Login
Authenticate using Google OAuth token.
JSONRequest Body
{
"token": "google_oauth_token_here",
"email": "[email protected]"
}JSONResponse (200 OK)
{
"status": 1,
"access_token": "...",
"employee": {...}
}Security Best Practices
- ā ļø LocalStorage is vulnerable to XSS attacks
- ā Recommended: Use HTTP-only cookies for production
- ā Always use HTTPS in production
- ā Implement proper CORS policies
- ā Rotate refresh tokens periodically
- ā Implement token blacklisting on logout
POST
/otp-login/200 OK
OTP Login
Login using OTP sent to mobile/email.
JSONRequest Body
{
"phone": "+1234567890",
"otp": "123456"
}JSONResponse (200 OK)
{
"status": 1,
"access_token": "..."
}