Skip to main content

Getting API Access

Follow the steps below to receive the credentials you need when making API calls.
1

Access the Visma Developer Portal

Log in to the appropriate environment:
2

Create a new application

Go to “My Applications” and click “Add Application” > “Service (Machine-to-Machine)”.
3

Configure and publish your application

Fill in the required details and save your application. Make sure to note your client_id, then publish the application to make it available for integration.
4

Add a new integration

Open your application and add a new integration.
5

Configure the integration

Select the API and scope for your integration:
  • Stage environment: Select automatic-rostering-stage for both API and scope.
  • Production environment: Select automatic-rostering-prod for both API and scope.
6

Wait for approval

Wait for the integration to be accepted. Feel free to contact the Automatic Rostering team to expedite the process.
7

Generate and store credentials

Open your application, generate credentials, and securely store the client_secret.

Retrieving and Using JWT Tokens

Once you have your client_id and client_secret, you can retrieve a JWT access token to authenticate your API requests.

Retrieve an Access Token

To retrieve an access token, make a POST request to the Visma Connect token endpoint:
Endpoint: https://connect.identity.stagaws.visma.com/connect/tokenRequest:
curl -X POST https://connect.identity.stagaws.visma.com/connect/token \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=client_credentials" \
  -d "client_id=YOUR_CLIENT_ID" \
  -d "client_secret=YOUR_CLIENT_SECRET" \
  -d "scope=automatic-rostering-stage"
Endpoint: https://connect.visma.com/connect/tokenRequest:
curl -X POST https://connect.visma.com/connect/token \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=client_credentials" \
  -d "client_id=YOUR_CLIENT_ID" \
  -d "client_secret=YOUR_CLIENT_SECRET" \
  -d "scope=automatic-rostering-prod"
Response: 
{
  "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
  "expires_in": 3600,
  "token_type": "Bearer"
}

Use the Token in API Requests

Include the access token in the Authorization header of all requests to the Automatic Rostering API: 
curl -X GET https://api.optimization-rostering.prod.visma.net/jobs \
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
  -H "CUSTOMER_ID: your-customer-id" \
  -H "USER_ID: your-user-id"
The access token expires after a certain period (typically 3600 seconds). You’ll need to retrieve a new token when it expires. Make sure to implement token refresh logic in your application.