Reporting API Documentation: Web Services and XML for TimeLog Project.

Security

TimeLog Reporting API's security is based on SSL encryption, activation, hosting information, a unique site code, and two types of login. By combining these security measures optimal security and protection of your data is achieved.

See Setup for detailed information about how to setup TimeLog Reporting API, including security.

SSL Encryption

It is highly recommended to use SSL encryption whenever accessing TimeLog Reporting API. This will protect you against others listening in and sniffing out e.g. login information.

You can choose disable the SSL encryption for the API, e.g. if you intend to use TimeLog Reporting API inside a secure network, but otherwise it is strongly recommended to leave it on.

Activation

TimeLog Reporting API must be activated before use. Otherwise it cannot be accessed. As an extra precaution it is recommended only to enable the web services methods you are actually going to use.

Site Code

The Site Code is a unique key (GUID) for each TimeLog Project installation. It works as a shared secret between the API and it's users.

Never give out the site code to anyone else than the developers who are in charge of all coding for the API. Take every precaution to prevent unnecessary exposure of the site code. Every request for the Site Code is logged in the "Log" tab in "TimeLog API – Settings" in the System Administration.

Address

Every web service method must include the name of the host and the address for your TimeLog Project. Without this information the web service methods cannot locate your data.

Authentication and Permission Level

Every call to an API function must include the API Login for authentication. The API Login is maintained in TimeLog Project.

TimeLog Reporting API also makes it possible to develop applications, where access to data is based on the TimeLog Project user login and their permission level. E.g. a senior manager has access to more data than a project manager or a project member.

The special ApiUserauthentication method returns a TimeLog Project user login and information about his/her permission level. The returned also contains the API Login. This will enable you to build applications, which will work even if the API Login is changed.

This method must be enabled when setting up TimeLog Reporting API, and it is possible to limit the access to this method based on the permission level of the TimeLog Project user.

Questions?

TimeLog's support will give you the answers.

Contact TimeLog

API Samples

Download and check out a couple of samples that illustrate what you can do with TimeLog Reporting API.