Use the access token

Once an access token has been provided, you must embed this into the Authorization header of each subsequent API call, prefixed with the word “Bearer”, e.g.:

curl https://api.iris.co.uk/hr/v2/employees \
-H "authorization: Bearer <access_token>"

When you receive the access token, the expires_in value dictates how long the access token will be valid. For example, 3599 ≈ 1 hour.

On expiry, please ensure that you obtain a new access token using your credentials as specified above.

We don't provide permanent access tokens. Once an access token becomes invalid, generate another access token to make subsequent API calls.