WoPora
Access Control

Access Control & API Keys

Manage API keys and role-based access control for WoPora integrations and security.

Access Control & API Keys

The Access Control section lets administrators manage API keys for machine-to-machine integrations and review permission settings. Navigate to Dashboard -> Access.

API Keys

API keys allow external systems (e.g., payroll providers, BI tools, custom scripts) to securely access WoPora data without using a user's credentials.

Creating an API Key

  1. Go to Dashboard -> Access -> API Keys
  2. Click New API Key
  3. Enter a name for the key (e.g., "Xero Integration", "BI Dashboard")
  4. Set the permissions scope (read, write, or admin per data type)
  5. Optionally set an expiry date
  6. Click Generate Key
  7. Copy the key immediately --- it is shown only once

Security: API keys are hashed after creation. WoPora cannot retrieve or display a key after the initial generation. Store keys in a secrets manager.

API Key Scopes

ScopeAccess
timesheets:readRead timesheet data
timesheets:writeCreate and update timesheets
employees:readRead employee records
employees:writeCreate and update employees
payroll:readRead pay run data
payroll:writeCreate and approve pay runs
rosters:readRead roster/schedule data
rosters:writeCreate and publish rosters

Rotating an API Key

  1. Find the key in the API Keys list
  2. Click Rotate
  3. A new key value is generated --- copy and update it in your integration
  4. The old key is immediately revoked

Revoking an API Key

  1. Find the key in the list
  2. Click Revoke and confirm

Role Permissions Overview

FeatureAdminManagerSupervisorAccountsStaff
View timesheetsAllTeamTeamAllOwn
Approve timesheets-��-��---------
Create pay runs-��-------��---
Export payroll-��-------��---
Manage employees-��-��---------
Create rosters-��-��---------
Approve leave-��-��---------
Manage settings-��------------
View analytics-��-��----��---
Manage API keys-��------------

Security Best Practices

  • Use the minimum scope --- Grant only the permissions each key needs
  • Set expiry dates --- Rotate at least quarterly
  • Audit regularly --- Deactivate any keys no longer in use
  • Use separate keys per integration --- Never share one key across multiple systems

Users & Roles

Manage users, roles, and permissions in your WoPora organisation.

Analytics & Reports

Use WoPora Analytics to track labour costs, hours worked, and workforce performance across your organisation.

On this page

Access Control & API KeysAPI KeysCreating an API KeyAPI Key ScopesRotating an API KeyRevoking an API KeyRole Permissions OverviewSecurity Best PracticesRelated Docs