Generating a JWT Token

The basic process for generating a token is to first construct an originating token signed with an API secret, and then send that originating token to the authentication service.  If successful, the response from the service will include the generated token.

In order to understand the types of API secrets available, it’s important to review the hierarchy built into Swipeclock’s system. The image below depicts some important entities and actors in Swipeclock.

  1. Partner/Accountant – A Partner/Accountant administers any number of sites below them. A typical example of a partner is a payroll provider who has setup Swipeclock for a number of employers they manage.
  2. Company/Client/Site – A Company/Client/Site is an end employer setup for Swipeclock’s services. Each site will have a number of employees managed. In our image we have three sites: Steve’s Lawn Care, Joe’s Pizza Shop and Dr. Martin’s Office.
  3. Employee – an employee using Swipeclock’s services. An employee can be granted the company admin role or manager role.

There are 2 types of api secrets that can be used to sign the originating token – Accountant-level secret and Client/Site-level secret.

  1. Accountant API Secret – This secret provides access to all administered sites and employees within a specific partner/accountant in SwipeClock. Only users with partner/accountant level administration rights have the ability to generate and view this level of secret. To do this, follow these steps:
    1. Sign in at https://payrollservers.us/pg
    2. Click on “Accountant Options” on the left hand menu
    3. Within “Accountant Options”, click on the Accountant Menu link
    4. Within “Accountant Options”, click on the Accountant Level Secret Management link in the main window frame

    5. If a Partner/Accountant API secret has already been generated, you can view it. If you need to, you can regenerate a new API secret by clicking the “regenerate” button. If a secret has not been generated yet, click the “Generate” button to create a new one.

      Please note that regenerating a new secret will deactivate a prior partner/accountant level secret issued on your account which may affect current Swipeclock integrations. If this happens you will need to reach out to Swipeclock to help resolve this.

  2. Client/Site API Secret – This secret provides access to just the site it is created for and all employees within this site. Like Partner API secrets, only users with Partner/Account level administration rights have the ability to generate client API secrets. Users who are Client/Site level administrators can view these secrets by following these steps:
    1. Sign in at https://payrollservers.us/pg
    2. Click on “Settings Menu” on the left hand menu
    3. Within the “Settings Menu”, click on Client Level API Secret Management
    4. If a client API secret has already been generated, you can view it. If one has not been generated, please contact your SwipeClock reseller to generate one for you.