In your Worker Experience account, navigate to your Profile, then scroll to the Manage API Keys section, where you can create, view and delete your API keys. API keys are personal and unique to your own account, and have the same permissions as your user. You can create as many API keys as you want for your account, which is how you will be able to rotate them easily.
When creating an API key, make sure to copy both the Key and Secret strings as you will need both to authenticate later and won't be able to view the Secret key again after you close that screen.
Fountain Worker Experience uses the OAuth2 standard authentication flow to generate an Authorization Bearer token. The resulting authentication token is valid for 60 minutes.
- Access token URL: https://wxp-services.fountain.com/api/servicesecurity/processes/apikey/oauth/token
- Grant type: client_credentials
- Client ID: your API key
- Client secret: your API secret
- Scope: employer
This is equivalent to performing the following call then using the resulting token for subsequent requests to the API:
curl -X "POST" "https://wxp-services.fountain.com/api/servicesecurity/processes/apikey/oauth/token?grant_type=client_credentials&scopes=employer" \
-H 'Content-Type: application/x-www-form-urlencoded' \
-u 'API_KEY:API_SECRET'