Public API - Facts and Overview


Our Public API is core to using Deputy Embed.

A partner will need to use our APIs extensively to both setup installations they create, in addition to pulling entities such as timesheets, leave and compliance data back into their system.

This doc gives an overview of our Public API, in addition to common questions that a partner may have when interacting with any of our endpoints.

What are our Public APIs?

Our public APIs drive everything at Deputy, including our web-app, mobile apps and kiosk.

Customers are able to build their own integrations into our public API by creating an OAuth token for their profile, and API partners build to our APIs to add new functionality to both Deputy and their own products. The important fact is that there are no different set of APIs, if a partner can't connect to Deputy, that means Deputy is down too!

Deputy is API first and considers it a priority that all functionality that can be done via UI can be done via API. If you notice a gap in our APIs - please reach out to us at [email protected].

Quick Facts

  • Secured via an Oauth 2.0 process. For public apps this uses a combination of Implicit and code flow.
  • Web hooks also available for most endpoints, including all functions such as insert, update, delete & modify.
  • Web hooks can be filtered to send when certain a criteria is met (for example IsInProgress: 1 to indicate a timesheet capture has started)
  • An Advanced Employee API is available (after additional vendor security check) to gain confidential information such as TFN and other employment details required for payroll
  • The API is a RESTFul API and runs on JSON.

How does Embed work?

Embed works similar to customer integrations, however instead of an end user explicitly logging themselves, we do the OAuth handshake silently using the partner's authorisation endpoints. We grant you access to Embed endpoint after a commercial agreement has been signed. The only difference with Embed is that the authentication is seamless for a user, and does not require an end-user intervention unlike the main public third party API.

Embed has several specific APIs for provisioning and churning accounts. These are also privileged and gated behind a commercial agreement. Once an agreement has been made with Deputy and the Partner, an endpoint is given which will allow accounts to be created 24/7. There is no limits to the number of accounts that can be created.

Several Embed endpoints exist to manage specific functionality, such as silently logging a user into a Deputy account, or silently logging them out.

Besides from that, all endpoints to set up the integration and keep the accounts in sync are using our Public APIs!

Embed Workflow

Deprecation Procedures

Deputy typically does not deprecate APIs even when a new version is made available. For example, recently we shipped a brand new employee API to make creating and updating employees in Deputy easier than ever. We have not deprecated the V1 API and have no plans to! Upgrading is a choice for the partner.

In the scenario where Deputy does have to deprecate an API at least six months notice is provided to third party partners. API partners use the same APIs as Deputy Embed are notified in a similar fashion, however due to the size and scale of Embedded integrations, we will work closely with partners around timeframes if they are affected by a deprecation.

New features process

Feature releases to Deputy Premium are usually brought in to Deputy Embed, but the rollout is controlled to ensure no breaking changes to an Embed experience. We work closely with Embed partners as their desires from an embed partner to ensure we release only changes which offer value, and nothing which detracts from the experience.

Outage Information

Deputy maintains a status page for outages at

If there is an outage affecting embedded customers it will also be affecting the main application because they use the same APIs and infrastructure

Deputy has a team on call 24/7 to respond to incidents