View in Help Center/New Window
Overview: The Buddy Punch Developer API lets you connect your own software to Buddy Punch to read and manage employees, punches, time entries, time off, schedules, and more - so you can automate data syncs, build custom reports, or integrate Buddy Punch with the other tools your team uses.
This guide is for account Administrators and walks you through enabling the API and creating an API key with the right permissions. For everything else - authentication, endpoints, and code examples - see the full API documentation linked at the end.
Important: The new Developer API is served from api2.buddypunch.com. More about the new API here: https://api2.buddypunch.com/docs/
Instructions:
Before you begin
You'll need a few things in place:
The Developer API is available on the Pro and Enterprise plans. Visit Settings --> Billing to review your current plan information.
You're signed in as an Administrator on the Buddy Punch account. (Managers and employees can't create API keys.)
The Developer API is enabled on your account. If you don't see it under Settings --> Integrations, reach out to our support team, and we'll turn it on for you.
Step 1: Log in to Buddy Punch as an Administrator, then go to Settings --> Integrations. Search for or scroll to the Developer API card and click the blue Manage API Keys button:
Step 2: The API Keys page lists any keys you've already created, along with each key's name, key prefix, permissions, status, last-used date, and creation date. From here, click + Create New API Key:
Step 3: Give your key a clear Key Name (for example, "Production Integration") so you can recognize it later. Then set the Permissions for the key.
Each resource can be granted Read and/or Write access. Use Select All (Full Access) to grant everything, or check only the specific resources your integration needs. As a best practice, grant the smallest set of permissions your integration actually requires - you can always create another key later if your needs grow:
Step 4: After you create the key, the full API key is shown only once. Copy it immediately and store it somewhere secure - you won't be able to view it again. If you lose a key, simply revoke it from the API Keys page and create a new one.
Important! Keep your key secure!
Treat your API key like a password - anyone with it can access your account's data within the key's permissions.
Store it in a secrets manager or environment variable; never hard-code it into client-side or shared code.
Use separate keys for separate integrations so you can revoke one without disrupting the others.
Revoke any key that's no longer used or may have been exposed, and create a replacement.
Full API documentation
Complete, interactive documentation - including the base URL, authentication, every endpoint, the full data model, permission scopes, API versioning, rate limits, pagination, the full error reference, idempotency, webhooks, code examples (curl, Node.js, Python, C#), and the migration guide for moving off the legacy API - is available at: https://api2.buddypunch.com/docs/



