Home API The current implementation rules for the LMS API

The current implementation rules for the LMS API

Last updated on Mar 28, 2026

Public API uses the scheme:

company API key -> short-lived Bearer token

Current implementation rules:

  • The API key belongs to the company, not an individual user.

  • For v1, one active API key per company is permitted.

  • The key is managed only by a user with the HRADMIN role in cab > Settings > Company.

  • The full secret is displayed only once — immediately after generation or rotation.

  • After rotation, the previous key becomes invalid immediately.

  • The integrator obtains an access token via POST /v1/auth/token and subsequently uses Authorization: Bearer <token>.

  • A refresh token is not used for the integrator in v1: after the access token TTL expires, the integrator calls POST /v1/auth/token again.

Base URL and general calling rules

1. Base URL

Current base URL:

  • https://smartway.pro/api

2. General rules

  • Business response format: application/json

  • Error format: application/problem+json

  • Versioning: major version in the URI (/v1/...)

  • To correlate requests, it is recommended to pass traceparent