Logo
API Documentation

EPHY API

This page is powered by the generated OpenAPI document and rendered with Swagger UI.

OpenAPI document: /openapi/v1.json

API base path: /api/ephy

Before you begin

Your organization must be provisioned for access to the EPHY API before calling protected endpoints.

Base URL

All API endpoints are relative to the API host provided during onboarding.

Base path: /api/ephy

Example: https://<api-host>/api/ephy/employees

Authorization

Protected endpoints under /api/ephy require a bearer token from Microsoft Entra ID.

How to obtain an access token

The EPHY API uses Microsoft Entra ID OAuth 2.0 client credentials flow. Use the Tenant ID, Client ID, Client Secret, and API Scope provided during onboarding.

Token endpoint:

https://login.microsoftonline.com/<tenant_id>/oauth2/v2.0/token

Required form fields:

cURL token request:

curl -X POST "https://login.microsoftonline.com/<tenant_id>/oauth2/v2.0/token" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "client_id=<client_id>" \
  -d "client_secret=<client_secret>" \
  -d "grant_type=client_credentials" \
  -d "scope=api://<api-client-id>/.default"

Successful token response:

{
  "token_type": "Bearer",
  "expires_in": 3599,
  "access_token": "eyJ..."
}

Use the returned access_token in the Authorization header when calling protected endpoints.

Example API request:

curl -X GET "https://<api-host>/api/ephy/employees?pageSize=100" \
  -H "Authorization: Bearer <access_token>"

Using Swagger UI Authorization

To test protected endpoints in Swagger UI:

Pagination

Endpoints that return collections support pagination.

Continue requesting pages until no nextCursor is returned.

Example first request:

GET /api/ephy/employees?pageSize=100

Example next page request:

GET /api/ephy/employees?pageSize=100&nextCursor=<nextCursor>

Sample response

Collection endpoints return records and may include a cursor for the next page.

{
  "employees": [
    {
      "employeeId": "12345",
      "firstName": "John",
      "lastName": "Doe",
      "emailAddress": "john.doe@example.com",
      "jobTitle": "Manager",
      "status": "Active",
      "hireDate": "2026-01-15T00:00:00Z"
    }
  ],
  "nextCursor": "eyJjbGllbnRJZCI6..."
}

Date format

Dates are returned using ISO 8601 format.

Example: 2026-07-01T14:30:00Z

Error responses

The API uses standard HTTP status codes.

Status Code Meaning
200 Request succeeded.
400 The request was invalid or contained unsupported parameters.
401 The access token is missing, expired, or invalid.
403 The token is valid, but the caller does not have permission to access the requested resource.
404 The requested resource was not found.
429 Too many requests. Retry after waiting.
500 An unexpected server error occurred.

Rate limits

Clients should avoid excessive concurrent requests. If rate limiting is enabled, the API may return 429 Too Many Requests.

Versioning

C# example

using System.Net.Http.Headers;

var accessToken = "<access_token>";

using var client = new HttpClient();

client.DefaultRequestHeaders.Authorization =
    new AuthenticationHeaderValue("Bearer", accessToken);

var response = await client.GetAsync(
    "https://<api-host>/api/ephy/employees?pageSize=100");

response.EnsureSuccessStatusCode();

var json = await response.Content.ReadAsStringAsync();

Console.WriteLine(json);

Support

If you need API credentials, have trouble obtaining a token, or receive authorization errors, contact PuzzleHR Support.