How to create a new user in WorkSpan?


“Application User” is created by the Company Administrator specifically to be used for access by an application using the WorkSpan External APIs. An Application User cannot log in through Web UI. Application User is not added as a member of any object. However, the application user has access to the data of an object where a company is a member of the object (Access level depends on the role of the user of that company in that object). An application user is created with “Access type”.

The application user is assigned an id; Application User Id (client_id) and secret. Application Id is immutable. Secret can be reset at any time, making the previous secret invalid.

Access Type: Access type is a predefined profile that provides access to a limited set of objects and operations (Read / Write / Link). For e.g., “ObjectRead”, “ObjectReadWrite”, “Object Dynamics_Read”, etc.

Steps to Create “Application User”

Step 1: Company Admins in WorkSpan can register new Application users by going to their Company Profile.

Step 2: On the company page, click on “Applications”, go to the “Application Users” tab, and click on “Create Application User”

Step 3: Fill in the Application User’s “Name” for e.g., “Report Export API” and under “Security Profile”, select “Object Read”, then click “Save”.

Step 4: Copy the secret key in a safe place as mentioned in the popup that will quickly be shown after the user is created.

Step 5: Then from the list of Application Users, open the newly created user and copy the user id.

Step 6: The pair of a User ID and the Secret are needed for acquiring the access token:

Application User ID: WS-ApplicationUser_ahFzfnZtd2FyZS1iaWctYmV0c3IZCxIPQXBwbGljYXRpb25Vc2VyGJHE9dwDDA

Secret: cd3a1eaa3f5144a8a8494b2af1ef8b72e

Acquiring Access Token

For OpenAPI documentation visit:

Method: POST



x-ws-env - Specify the environment if using any of the non-production environments, for e.g.,

Content-Type: application/json

Request Body:


"grant_type": "client_credentials",

"client_id":" WSApplicationUser_ahFzfnZtd2FyZS1iaWctYmV0c3IZCxIPQXBwbGljYXRpb25Vc2VyGJHE9dwDDA",

"client_secret": "cd3a1eaa3f5144a8a8494b2af1ef8b72e"


Response Body:


"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOm51bGwsInBhciI6eyJpc19jb21wYW55X2FkbWluIjpmYWxzZX0sIm9iaiI6ImFoRnpmblp0ZDJGeVpTMWlhV2N0WW1WMGMzSVdDeElKUVhWMGFGUnZhMlZ1R0lDQXdLTFZocDBKREEiLCJ1c3IiOiJXUy1BcHBsaWNhdGlvblVzZXJfYWhGemZuWnRkMkZ5WlMxaWFXY3RZbVYwYzNJWkN4SVBRWEJ3YkdsallYUnBiMjVWYzJWeUdOSFNqdG9EREEiLCJleHAiOjE2MzM3NjUxMjJ9.9oi5UQ203FUOnPjZW34Z-KTNsHOhHO641AYepYoQwNE",

"token_type": "Bearer",

"expires_in": 863999,

"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOm51bGwsInBhciI6eyJpc19jb21wYW55X2FkbWluIjpmYWxzZX0sIm9iaiI6ImFoRnpmblp0ZDJGeVpTMWlhV2N0WW1WMGMzSVpDeElNVW1WbWNtVnphRlJ2YTJWdUdJQ0F3UHp1OVlvS0RBIiwidXNyIjoiV1MtQXBwbGljYXRpb25Vc2VyX2FoRnpmblp0ZDJGeVpTMWlhV2N0WW1WMGMzSVpDeElQUVhCd2JHbGpZWFJwYjI1VmMyVnlHTkhTanRvRERBIiwiZXhwIjoxNjMzNzY1MTIyfQ.C3oX1qcgI4JfWgQWjYHovuDsmncYOxiVvNQ2cif2LRw"


Note down the access token and pass it in the Authorization header when calling any of the Public API endpoints. Example as given below:



0 out of 0 found this helpful



Please sign in to leave a comment.