POST credentials to the When I Work login service at https://api.login.wheniwork.com/login with a JSON body containing email and password; the response includes a token field.
Include the returned token value in the W-Token header (or as a Bearer token in the Authorization header) on all subsequent API requests to https://api.wheniwork.com/2/.
Retrieve the list of users and locations to obtain the IDs required as foreign keys when creating shifts.
POST to /2/shifts with a JSON body specifying user_id, location_id, start_time, end_time, and any position or notes fields to create a new shift.
Confirm creation by inspecting the shift object returned in the response; record the shift id for future updates or deletions.
Use webhooks (configured in account settings) to subscribe to shift change events rather than polling the shifts endpoint on a schedule.
Known gotchas
The login endpoint is at api.login.wheniwork.com (a separate subdomain from the main API); sending login requests to api.wheniwork.com will fail.
Tokens have a limited lifetime (documented as approximately 7 days from issuance); build token refresh logic and treat the iat claim in the token to determine expiry rather than hard-coding a duration.
Admin-level account credentials are required to obtain API access; manager or employee accounts may return authentication errors or restricted data sets.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp