
This page is powered by the generated OpenAPI document and rendered with Swagger UI.
OpenAPI document: /openapi/v1.json
API base path: /api/ephy
Your organization must be provisioned for access to the EPHY API before calling protected endpoints.
All API endpoints are relative to the API host provided during onboarding.
Base path: /api/ephy
Example: https://<api-host>/api/ephy/employees
Protected endpoints under /api/ephy require a bearer token from Microsoft Entra ID.
Authorization: Bearer <access_token>.Access_as_application.401 Unauthorized.403 Forbidden.The EPHY API uses Microsoft Entra ID OAuth 2.0 client credentials flow. Use the Tenant ID, Client ID, Client Secret, and API Scope provided during onboarding.
Token endpoint:
https://login.microsoftonline.com/<tenant_id>/oauth2/v2.0/token
Required form fields:
client_id: Your assigned application Client ID.client_secret: Your assigned client secret.grant_type: client_credentialsscope: api://<api-client-id>/.defaultcURL token request:
curl -X POST "https://login.microsoftonline.com/<tenant_id>/oauth2/v2.0/token" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "client_id=<client_id>" \
-d "client_secret=<client_secret>" \
-d "grant_type=client_credentials" \
-d "scope=api://<api-client-id>/.default"
Successful token response:
{
"token_type": "Bearer",
"expires_in": 3599,
"access_token": "eyJ..."
}
Use the returned access_token in the Authorization header when calling protected endpoints.
Example API request:
curl -X GET "https://<api-host>/api/ephy/employees?pageSize=100" \
-H "Authorization: Bearer <access_token>"
To test protected endpoints in Swagger UI:
Endpoints that return collections support pagination.
pageSize: Number of records to return. Maximum value is 1000.nextCursor: Cursor value returned from the previous response.Continue requesting pages until no nextCursor is returned.
Example first request:
GET /api/ephy/employees?pageSize=100
Example next page request:
GET /api/ephy/employees?pageSize=100&nextCursor=<nextCursor>
Collection endpoints return records and may include a cursor for the next page.
{
"employees": [
{
"employeeId": "12345",
"firstName": "John",
"lastName": "Doe",
"emailAddress": "john.doe@example.com",
"jobTitle": "Manager",
"status": "Active",
"hireDate": "2026-01-15T00:00:00Z"
}
],
"nextCursor": "eyJjbGllbnRJZCI6..."
}
Dates are returned using ISO 8601 format.
Example: 2026-07-01T14:30:00Z
The API uses standard HTTP status codes.
| Status Code | Meaning |
|---|---|
200 |
Request succeeded. |
400 |
The request was invalid or contained unsupported parameters. |
401 |
The access token is missing, expired, or invalid. |
403 |
The token is valid, but the caller does not have permission to access the requested resource. |
404 |
The requested resource was not found. |
429 |
Too many requests. Retry after waiting. |
500 |
An unexpected server error occurred. |
Clients should avoid excessive concurrent requests.
If rate limiting is enabled, the API may return 429 Too Many Requests.
v1/openapi/v1.json/api/ephyusing System.Net.Http.Headers;
var accessToken = "<access_token>";
using var client = new HttpClient();
client.DefaultRequestHeaders.Authorization =
new AuthenticationHeaderValue("Bearer", accessToken);
var response = await client.GetAsync(
"https://<api-host>/api/ephy/employees?pageSize=100");
response.EnsureSuccessStatusCode();
var json = await response.Content.ReadAsStringAsync();
Console.WriteLine(json);
If you need API credentials, have trouble obtaining a token, or receive authorization errors, contact PuzzleHR Support.