Using the access token

Once an access token has been provided, you must embed this into the Authorization header of each subsequent API call, prefixed with the word “Bearer”, e.g.:

curl https://api.iris.co.uk/hr/v2/employees \

-H "authorization: Bearer <access_token>"

When you receive the access token, the expires_in value dictates how long the access token will be valid. For example 3599 ≈ 1 hour.

On expiry, please ensure that you obtain a new access token using your credentials as specified above.

We do not provide permanent access tokens, so once an access token becomes invalid, you will need to generate another access token to make subsequent API calls.