Integration Settings

The Integration Settings tab is where you wire TimePally into your other systems. You generate API credentials, set a webhook URL, choose which events to subscribe to, and review what’s been delivered. Use this when you have a payroll, HR, or analytics platform that needs to know about every clock-in or clock-out as it happens.

Getting there

Click Configurations in the sidebar and switch to the Integration Settings tab.

What you’ll see

The tab is organised into four stacked sections:

1. Integration API Documentation: a download box with a Download PDF button for the full integration guide (HMAC verification, payload format, Pull API reference).
2. API Credentials: your API Key and Secret Key with reveal and copy buttons, plus a Generate Keys (or Regenerate Keys) button and a status badge (Not Configured / Active / Inactive).
3. Webhook Configuration: Webhook URL field, event checkboxes (CLOCK_IN, CLOCK_OUT), Enable/Disable toggle, Save Configuration and Send Test Webhook buttons.
4. Recent Deliveries: a grid of the last 50 webhook delivery attempts with Event, Status (SUCCESS / FAILED / RETRYING), Timestamp, HTTP Status, Attempt number, and Error preview.

Common tasks

First-time setup: generate keys and configure a webhook

1. Click Generate Keys. A one-time dialog appears with the API Key and Secret Key in plain text.
2. Copy both into your destination system. The secret key is encrypted in storage, so you can reveal it later but cannot retrieve it through any other channel.
3. Click I’ve saved my keys to close the dialog.
4. In the Webhook Configuration section, paste your endpoint into Webhook URL (must start with http:// or https://).
5. Tick the events you want to receive (CLOCK_IN, CLOCK_OUT, or both).
6. Click Save Configuration.
7. Click Send Test Webhook to make sure your endpoint responds with HTTP 200. The result appears as a notification.
8. Click Enable Webhook to start receiving live events.

Reveal or copy the secret key later

• Click the eye icon next to the Secret Key field to toggle masked/unmasked.
• Click the copy icon to copy the decrypted secret to your clipboard.

Regenerate keys

Click the Regenerate Keys button (it replaces Generate Keys once keys exist). A red warning dialog appears asking you to type REGENERATE to confirm. The button is disabled until the word matches.

Note: Regeneration invalidates the old keys and signatures immediately. Any external system using the old credentials will stop working until you update it.

Test a webhook without sending real events

Click Send Test Webhook. TimePally sends a sample payload to your URL, with a real signature, and reports back the HTTP status. The result also lands in the Recent Deliveries grid for later inspection.

Investigate a failed delivery

1. Open the Recent Deliveries grid.
2. Find rows where Status is FAILED.
3. Hover the Error column for the truncated reason; the HTTP Status column shows the response code from your endpoint.
4. Click Refresh to reload the latest deliveries.

Tips

• The Subscribe to Events checkboxes currently only offer CLOCK_IN and CLOCK_OUT: those are the only event types being broadcast.
• Send Test Webhook is gated: the URL field must be filled and the URL must start with http:// or https://.
• Toggling Enable Webhook without a webhook URL configured shows an error: set the URL first, save, then enable.
• All webhook deliveries are HMAC-signed using your secret key. See the downloaded PDF for the verification algorithm.

Note: This page focuses on outbound webhooks. The downloaded PDF also documents the Pull API if you’d rather poll for data than receive pushes.

Related

• Audit Log: credential rotation and webhook config changes are logged
• Attendance Logs: see the raw events that drive these webhooks
• Administrators: only admins can manage these settings