Authentication
Bearer Token
Section titled “Bearer Token”All API requests from Seamlr include a Bearer token in the Authorization header:
Authorization: Bearer {seamlr-access-token}Organization Routing
Section titled “Organization Routing”Seamlr supports multi-tenant providers. Organization routing is done via the providerId.
Header-Based Routing
Section titled “Header-Based Routing”GET /shifts/{shiftId}Authorization: Bearer {seamlr-access-token}X-Provider-Id: 550e8400-e29b-41d4-a716-446655440000Path-Based Routing (Recommended)
Section titled “Path-Based Routing (Recommended)”GET /providers/{providerId}/shifts/{shiftId}Authorization: Bearer {seamlr-access-token}Provider ID
Section titled “Provider ID”The providerId is a UUID that uniquely identifies each organization using your scheduling system that has integrated with Seamlr.
This ID is:
- Provided during integration activation
- Included in every webhook payload from the provider
- Used in every API request from Seamlr
Security Best Practices
Section titled “Security Best Practices”- Validate the Bearer token on every request
- Validate the providerId matches an active integration
- Use HTTPS for all API endpoints
- Log all API calls with the traceId for debugging
- Rate limit API endpoints to prevent abuse