• General information
  • Environments
  • Authentication options
  • Application parnters
  • Application approval
  • How to access
  • How to make a call
  • Json responses
  • CRUD
  • Request limiting
  • Data security
  • Sample application
  • Static integrations
  • BI integration

Getting started

General information

Introduction

This page explains the Total Synergy APIs and our customers and partners should read this to understand how to integrate with our Synergy cloud product.

Environments

Total Synergy environments

Total Synergy supports two environments.

  1. Our production environment is app.totalsynergy.com. This environment also has two dedicated API environments: api.totalsynergy.com (for API usage) and publicapi.totalsynergy.com (for PowerBI connections). Use this environment for production data only.
  2. Our test environment is beta.totalsynergy.com. This environment also has two dedicated API environments: https://betaapi.totalsynergy.com/ (for api usage) and https://betaextapi.totalsynergy.com (for PowerBI connections). Contact our team to get access to the beta environment. Use this environment for testing.

Authentication options

General

Total Synergy supports two authentication types:

  1. For application partners, OAuth authentication is supported and explained below. Create an application
  2. For customers wanting to build batch applications, internal applications or for testing before deployment, limited duration hard coded keys can be used. See: Static integrations

Application partners

Create an application

Synergy API is an integrated product. This means you must first create an application to gain access to the API.

In order to create your first application you must register a Synergy account. Once you are logged in you can access your applications via the application home page

From this page you can create, edit and delete your applications.

When you create a new application you must provide your application name, organisation, callback URL and a variety of other fields.

Once you have created an application, the public key and private key will be automatically generated for your use.

Application approval

Public application

Other organisations cannot access your application until the Synergy team approves it. This means users outside of your testing environment cannot access it, as it will not appear in the Synergy application library

To ensure your application is accepted by the Synergy team, you must provide a valid website URL, detailed description and an application image for use in the Synergy application library

To request approval:

  1. Go to the application home page and view the details of the application you wish to make public.
  2. Clicking on the 'Request Approval' button. This will notify the Synergy team that your application is ready for approval.
  3. If the application satisfies all requirements, you will receive an email notifying you that your application is approved.
  4. Go back to the details page of the application and toggle the 'Is Public' field.

How to access?

OAuth

Synergy API is based on authenticating requests via an OAuth token

You will first need to generate a user OAuth token. Follow these steps:

  1. Gain a token request code via a user login. Once you have logged in, you will receive a token request code in the redirect URI you provided. You will see the code under the response parameter 'code'. To make the user login request use the following structure:

    https://app.totalsynergy.com/OAuth2/Authorize?ApplicationKey=YOURAPPLICATIONKEY&RedirectUri=/AuthenticationResponse&tenant=

    For Desktop applications you can set the Redirect URI to https://desktop and monitor the browser for a change to the URL https://desktop/?code=XXXX.

    You will then need to retrieve the token for the next step. You can also include the query parameter &simple=true if you require a login without javascript on the page.

  2. Using your request code, perform a POST to /Oauth2/GetAccessToken to recieve the user access token. Do this from your server application, as it requires your secret key. The POST request must contain your application public key, application secret key, token request code and the grant_type. The following code shows how to perform this operation using an angular HTTP request.

    
        $http({
        url: 'https://api.totalsynergy.com/api/v2/Oauth2/GetAccessToken,
        method: 'POST',
        data : {
        applicationKey : "YOURAPPLICATIONKEY",
        ApplicationSecret : "YOURAPPLICATIONSECRET",
        code : "asdjhsnd3d.sad839jdm",
        grant_type : "authorization_code"
        }
        });
    
  3. The server will respond with your OAuth token and the given expiry date for the token. To use the access token in any subsequent API calls you add the header 'access-token' and assign it the value of the newly generated user OAuth token.

  4. The token contains a refreshToken that lasts for 1 month. To refresh the access token, POST the following request:

    
        $http({
        url: 'https://api.totalsynergy.com/api/v2/Oauth2/RefreshAccessToken,
        method: 'POST',
        data : {
        applicationKey : "YOURAPPLICATIONKEY",
        ApplicationSecret : "YOURAPPLICATIONSECRET",
        refreshToken: "YOURREFRESHTOKEN"
        grant_type : "authorization_code"
        }
        });
    

How to make a call?

API call

To make an API call you must first generate a user OAuth token using the above steps. As the API does not allow CORS, web SPAs should use a server proxy to call the API.

All Synergy API requests share the same format. Use https://api.totalsynergy.com/api/v2/ as the base URL and append the action you wish to perform. API requests must also contain the user OAuth token under the header access-token. The following examples demonstrate a typical API request :

Java - Retrofit 2
@POST("api/v2/Timers")
Call<Item> createTimer(@Header("access-token") String accessToken, @Body Timer timer);
								
Javascript - Angular

$http({ 
  url: 'https://api.totalsynergy.com/api/v2/Organisation/MySlug/Timesheet/Leaderboard',
  method: 'POST',
  headers: {'Content-Type': 'application/json','access-token' : key}
});
									

JSON responses

All responses are encapsulated as JSON. Strongly typed data types such as dates are serialized and delivered in string format. Synergy API responses all embed standard REST based characteristics:

  1. Successful responses return with a HTTP 200 status code

  2. Unsuccessful responses return with a status code reflecting the error. Synergy API response codes include not found 404, unauthorized action 401 and internal server error500

CRUD

Synergy reserves POST and PUT for certain CRUD operations. A PUT method will create new data in Synergy, whereas a POST will either create new data or update existing data. Likewise, GET is used for requesting data and DELETE for the removal of data in Synergy.

Request limiting

API requests are currently limited to 5000 requests an hour. Once exceeded, users will recieve a 429 error status code "Rate Limit exceeded". On every hour, UTC time, the request count will return to 0.

Data security

Confidential and personal data security

We recommend exercising extreme care and caution with any development, to protect confidential data including personal data and confidential business data.

With access to the API, the developer has greater accessibility to potential confidential and personal information which the API developer is responsible for keeping safe.

The API developer must also keep any API keys/tokens/OAuth safe and secure from unauthorised parties using them. This could include keeping API keys/tokens/OAuth out of webconfig or other such files, instead keeping them in some sort of encrypted storage to be decrypted on the fly when required.

Sample application

Total Synergy sample application

A sample OAuth application is available for download at Total Synergy sample application.

A live version of the sample web app is here Live sample web application.

Static integrations

Static key integration

For batch processing or internal applications built by customers or while doing development, use a static key to call APIs.

Retrieve the The static key by following the steps below. Follow the same procedure as the access-token detailed above. To acquire a static token:

  1. In Synergy, click on the top right menu icon and choose "edit profile"
  2. Under the profile page, click the menu elipsis and choose API key
  3. Copy the complete API key and use it as as an access-token.
  4. This API key is valid for one year.

BI integration

Power BI support

The Total Synergy API can be called by Power BI using the rest connector.

A simple example for integrating Power BI is available at Power BI.
Querying more than three months of data will require the api addon

Building a dataflow

  1. Copy the following elements From the Synergy example above to the dataflow (ideally in the below order):
    • Access token – A System Admin can get his access token from the profile page.
    • Slug – the unique identifier in your url: app.totalsynergy.com/organisation/<Unique identifier>/...
    • GetJson - GetJson will need a small change to become a dataflow.
      change:
         RawData = Web.Contents(environmentUrl, options)
      to:
        RawData = Web.Contents(“publicapi.totalsynergy.com“, options),
    • GetEntityCount
    • getPage
    • GetAllPages
    • Now you can start creating the queries by copying GetAllProjects and similar other queries to your new dataflow