External Integrations APIs¶

The External Integrations APIs provide endpoints for third-party system integrations with the Stratpoint Timesheet Application. These APIs support app-to-app authentication, data filtering, and specialized data export for integrated systems.

Authentication Headers¶

All external integration endpoints use app-specific authentication:

galingsa: {app_source_name}
bulong: {encrypted_app_token}
Content-Type: application/json

F1 Resource Management Integration¶

F1 is a resource management platform that integrates with the timesheet system for project assignments and utilization reporting.

Authentication Endpoint¶

F1 integration uses app-only authentication without user context.

Base URL: /api/v2/f1/

Middleware: timesheet.authAppBulongOnly:f1

Rate Limiting: 50 requests per minute

Get Project Assignments¶

Retrieves project assignment data for F1 resource management.

POST /api/v2/f1/getProjectAssignments

Request Body:

{
  "startDate": "2024-01-01",
  "endDate": "2024-12-31",
  "projectIds": [1, 2, 3],
  "userIds": [123, 456, 789]
}

Response:

href="#__codelineno-2-1">{ "header": { "status": 200, "title": "Project", "description": "Data Successfully Retrieved" }, "body": { "data": [ { "projectId": 1, "projectName": "Enterprise Portal Development", "userId": 123, "userName": "John Doe", "assignmentDate": "2024-01-15", "allocatedHours": "40.00", "role": "Senior Developer", "isActive": 1 } ] } }

Get Utilization Report by Month¶

Retrieves monthly utilization data for F1 resource planning.

POST /api/v2/f1/getUtilizationReportByMonth

Request Body:

{
  "startDate": "2024-01-01",
  "endDate": "2024-01-31",
  "userId": 123,
  "businessUnitId": 1
}

Get ID List¶

Retrieves filter data for F1 integration dropdowns.

POST /api/v2/f1/getIdList

Response:

{
  "header": {
    "status": 200,
    "title": "Filters",
    "description": "Data Successfully Retrieved"
  },
  "body": {
    "data": {
      "users": [
        {
          "id": 123,
          "name": "Doe, John M.",
          "isActive": 1
        }
      ],
      "projects": [
        {
          "id": 1,
          "name": "Enterprise Portal Development",
          "isActive": 1
        }
      ],
      "businessUnits": [
        {
          "id": 1,
          "name": "Technology"
        }
      ]
    }
  }
}

SINOP Integration¶

SINOP is an internal system integration that provides comprehensive project and resource data access.

Authentication¶

SINOP uses JWT-based authentication with app source validation.

Base URL: /api/v2/sinop/

Middleware: my.jwt.auth, timesheet.allowedAppSource:sinop

Rate Limiting: 50 requests per minute

Authentication Endpoint¶

POST /api/v2/sinop/authenticate

Standard resource authentication following the main authentication pattern.

Setup Data¶

Retrieves initial setup data for SINOP integration.

GET /api/v2/sinop/setup

Users Data¶

Retrieves user data for SINOP.

GET /api/v2/sinop/users

Projects Data¶

Retrieves project data for SINOP.

GET /api/v2/sinop/projects

Project Revenue PM Percentages¶

Retrieves project manager percentage data for revenue calculations.

GET /api/v2/sinop/projects/revenues-pm-percentages

Project Managers¶

Retrieves project manager assignments.

GET /api/v2/sinop/projects/project-managers

Payment Milestones¶

Retrieves project payment milestone data.

GET /api/v2/sinop/projects/payment-milestones

Project Resources¶

Retrieves project resource assignment data.

GET /api/v2/sinop/projects/resources

Utilizations¶

Retrieves utilization data.

GET /api/v2/sinop/utilizations

Utilizations by Type¶

Retrieves utilization data filtered by type.

GET /api/v2/sinop/utilizations/{type}

Parameters: - type: Utilization type filter

CSAT Integration¶

CSAT integration provides basic filter data for customer satisfaction tracking systems.

Authentication¶

Base URL: /api/v2/csat/

Middleware: timesheet.authAppBulongOnly:csat

Rate Limiting: 50 requests per minute

Get ID List¶

Retrieves filter data for CSAT integration.

POST /api/v2/csat/getIdList

Response:

{
  "header": {
    "status": 200,
    "title": "Filters",
    "description": "Data Successfully Retrieved"
  },
  "body": {
    "data": {
      "users": [...],
      "projects": [...],
      "clients": [...]
    }
  }
}

Wookie Integration¶

Wookie integration provides user data access for external applications.

Authentication¶

Base URL: /api/v2/wookie/

Middleware: timesheet.authAppBulongOnly:wookie

Rate Limiting: 50 requests per minute

Get User Data¶

Retrieves active user data with basic information.

POST /api/v2/wookie/getUserData

Response:

{
  "header": {
    "status": 200,
    "title": "User",
    "description": "Data Successfully Retrieved"
  },
  "body": {
    "data": [
      {
        "id": 123,
        "firstname": "John",
        "lastname": "Doe",
        "email": "john.doe@stratpoint.com",
        "isActive": 1,
        "designation": "Senior Developer",
        "businessUnit": "Technology"
      }
    ]
  }
}

Get ID List¶

Retrieves filter data for Wookie integration.

POST /api/v2/wookie/getIdList

TimeDef Integration¶

TimeDef integration provides timesheet deficiency data for compliance tracking.

Authentication¶

Base URL: /api/v2/timedef/

Middleware: timesheet.authAppBulongOnly:timedef

Rate Limiting: 50 requests per minute

Get ID List¶

Retrieves filter data for TimeDef integration.

POST /api/v2/timedef/getIdList

Get Timelog Deficiency Basic Data¶

Retrieves basic data for timelog deficiency analysis.

POST /api/v2/timedef/timelogDeficiencyBasicData

Timelog Deficiency Report¶

Retrieves comprehensive timelog deficiency report with automatic parameter handling.

POST /api/v2/timedef/timelogDeficiencyReport

Automatic Parameters: - includeOnlyUsersWithDeficiency: true (default) - includeLwopAwolRejected: true (default) - includeProjectsPmSm: true (default)

Authentication Context: - Runs with hardcoded admin permissions (ID: 1, permissions: 69,93)

Integration Security and Access Control¶

App-to-App Authentication¶

External integrations use two authentication methods:

App Token Only (authAppBulongOnly):
Used by: F1, CSAT, Wookie, TimeDef
Requires valid galingsa and bulong headers
No user context required
JWT + App Source (my.jwt.auth + allowedAppSource):
Used by: SINOP
Requires valid JWT token and app source validation
User context available

Rate Limiting¶

All external integrations have rate limiting: - Limit: 50 requests per minute - Throttle key: IP-based throttling - Enforcement: Laravel throttle middleware

Access Logging¶

All external integrations have access logging: - Middleware: timesheet.logAccess:{app_name} - Tracking: Request logging for audit purposes

Common Response Patterns¶

Standard Success Response¶

{
  "header": {
    "status": 200,
    "title": "Resource Name",
    "description": "Data Successfully Retrieved"
  },
  "body": {
    "data": [...],
    "filters": {...}
  }
}

Error Responses¶

Authentication Error:

{
  "header": {
    "status": 401,
    "title": "Authentication",
    "description": "Unauthorized access"
  },
  "body": []
}

Rate Limit Exceeded:

{
  "header": {
    "status": 429,
    "title": "Rate Limit",
    "description": "Too many requests"
  },
  "body": []
}

Key Implementation Notes¶

Specialized Integrations: Each integration designed for specific external system needs
App-Specific Authentication: Security through app source validation and encrypted tokens
Rate Limiting: Consistent 50 requests/minute across all integrations
Minimal Data Exposure: Integrations expose only necessary data for each use case
Filter Data Pattern: Common getIdList endpoint for dropdown/filter data
No User Context: Most integrations operate without user-specific permissions
Audit Logging: All integration access is logged for security monitoring
Simple Data Formats: Straightforward JSON responses optimized for integration consumption

These External Integration APIs are designed for secure, efficient data exchange with specific partner systems and internal tools.