Right To Work API (v1.2)

Download OpenAPI specification:

Environments

The API is available in two separate environments:

Environment Base URL Data
Test https://sistec-se-dev-proxy.azurewebsites.net Isolated test data. Nothing you do here affects live data.
Production https://api.sistec.se Live data.

Both environments expose exactly the same endpoints — only the host differs, so you can point your integration at the test host and run the complete flow (order, hire, update, leave) end to end before going live.

Note: https://sistec-se-prod-proxy.azurewebsites.net is an alternative host name for https://api.sistec.se. It is production, not a test environment — requests sent there write to live data. Use sistec-se-dev-proxy for testing.

Credentials are issued per environment: the client_id and client_secret you use in test are not valid in production, and vice versa. Contact Sistec to obtain test credentials.

Authentication

All API endpoints require a bearer token obtained via the OAuth 2.0 client credentials flow. Your client_id and client_secret are provided by Sistec.

Request a token by posting form-encoded credentials to /auth/token (replace the host with the environment you are calling):

curl -X POST "https://api.sistec.se/auth/token" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET"

The response contains the token and its expiry (7200 seconds):

{
  "token": "eyJhbGciOiJSUzI1NiJ9...",
  "expiresIn": 7200,
  "expiresAt": "2026-01-01T14:00:00"
}

Pass the token in the X-Authorization header on every API call:

X-Authorization: Bearer eyJhbGciOiJSUzI1NiJ9...

Request a new token when the current one expires.

Authentication

getToken

OAuth 2.0 client credentials flow. Exchanges your client id and secret for a bearer token valid for 7200 seconds. Pass the token in the X-Authorization header on all other calls.

Request Body schema: application/x-www-form-urlencoded
required
client_id
required
string
client_secret
required
string

Responses

Enrollment API

updateEnrollment

Authorizations:
bearerToken
path Parameters
siteId
required
string
externalId
required
string
Request Body schema: application/json
required
id
string
externalId
string
siteId
string
name
string
firstName
string
lastName
string
email
string
phone
string
firstDayAtSite
string <date>
lastDayAtSite
string <date>
rightToWork
string
Enum: "EU_CITIZEN" "SWE_WORK_PERMIT" "SWE_WORK_PERMIT_EXEMPTION_TEMPORARY_WORK_IN_CONNECTION_WITH_CONSTRUCTION" "SWE_WORK_PERMIT_EXEMPTION_ICT" "SWE_WORK_PERMIT_EXEMPTION_SPECIALIST" "SWE_WORK_PERMIT_EXEMPTION_LMA" "SWE_WORK_PERMIT_EXEMPTION_MACHINE_INSTALLATION_OR_REPAIR_EMERGENCY"
rightToWorkId
string
contractorName
string
contractorOrgNumber
string
contractorCountry
string
contractorFTaxNumber
string
mainContractorName
string
mainContractorOrgNumber
string
Array of objects (Document)
contact
string
contactEmail
string
contactPhone
string
projects
Array of strings

Responses

Request samples

Content type
application/json
{
  • "id": "string",
  • "externalId": "string",
  • "siteId": "string",
  • "name": "string",
  • "firstName": "string",
  • "lastName": "string",
  • "email": "string",
  • "phone": "string",
  • "firstDayAtSite": "2019-08-24",
  • "lastDayAtSite": "2019-08-24",
  • "rightToWork": "EU_CITIZEN",
  • "rightToWorkId": "string",
  • "contractorName": "string",
  • "contractorOrgNumber": "string",
  • "contractorCountry": "string",
  • "contractorFTaxNumber": "string",
  • "mainContractorName": "string",
  • "mainContractorOrgNumber": "string",
  • "documents": [
    ],
  • "contact": "string",
  • "contactEmail": "string",
  • "contactPhone": "string",
  • "projects": [
    ]
}

getEnrollment

Authorizations:
bearerToken
path Parameters
siteId
required
string
externalId
required
string

Responses

enrollEnding

Authorizations:
bearerToken
path Parameters
siteId
required
string
externalId
required
string
query Parameters
endDate
required
string <date>

Responses

updateEnrollmentById

Authorizations:
bearerToken
path Parameters
id
required
string
Request Body schema: application/json
required
name
string
firstName
string
lastName
string
email
string
phone
string

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "firstName": "string",
  • "lastName": "string",
  • "email": "string",
  • "phone": "string"
}

enrollEndingById

Authorizations:
bearerToken
path Parameters
id
required
string
query Parameters
endDate
required
string <date>

Responses

enroll

Authorizations:
bearerToken
Request Body schema: application/json
required
id
string
externalId
string
siteId
string
name
string
firstName
string
lastName
string
email
string
phone
string
firstDayAtSite
string <date>
lastDayAtSite
string <date>
rightToWork
string
Enum: "EU_CITIZEN" "SWE_WORK_PERMIT" "SWE_WORK_PERMIT_EXEMPTION_TEMPORARY_WORK_IN_CONNECTION_WITH_CONSTRUCTION" "SWE_WORK_PERMIT_EXEMPTION_ICT" "SWE_WORK_PERMIT_EXEMPTION_SPECIALIST" "SWE_WORK_PERMIT_EXEMPTION_LMA" "SWE_WORK_PERMIT_EXEMPTION_MACHINE_INSTALLATION_OR_REPAIR_EMERGENCY"
rightToWorkId
string
contractorName
string
contractorOrgNumber
string
contractorCountry
string
contractorFTaxNumber
string
mainContractorName
string
mainContractorOrgNumber
string
Array of objects (Document)
contact
string
contactEmail
string
contactPhone
string
projects
Array of strings

Responses

Request samples

Content type
application/json
{
  • "id": "string",
  • "externalId": "string",
  • "siteId": "string",
  • "name": "string",
  • "firstName": "string",
  • "lastName": "string",
  • "email": "string",
  • "phone": "string",
  • "firstDayAtSite": "2019-08-24",
  • "lastDayAtSite": "2019-08-24",
  • "rightToWork": "EU_CITIZEN",
  • "rightToWorkId": "string",
  • "contractorName": "string",
  • "contractorOrgNumber": "string",
  • "contractorCountry": "string",
  • "contractorFTaxNumber": "string",
  • "mainContractorName": "string",
  • "mainContractorOrgNumber": "string",
  • "documents": [
    ],
  • "contact": "string",
  • "contactEmail": "string",
  • "contactPhone": "string",
  • "projects": [
    ]
}

getManualCheckIns

Lists check-ins made via manual check-in (staffing ledger entries) at the company's sites, ordered by check-in time. Optionally filtered by site and by check-in date range.

Authorizations:
bearerToken
query Parameters
siteId
string
from
string <date>

Include entries checked in on or after this date

to
string <date>

Include entries checked in on or before this date

Responses

getSites

Authorizations:
bearerToken

Responses

Order API

order

Authorizations:
bearerToken
Request Body schema: application/json
required
costCenter
string
email
string
firstName
string
lastName
string
phone
string
ordererEmail
string
orgNumber
string

Responses

Request samples

Content type
application/json
{
  • "costCenter": "string",
  • "email": "string",
  • "firstName": "string",
  • "lastName": "string",
  • "phone": "string",
  • "ordererEmail": "string",
  • "orgNumber": "string"
}

Employee API

hireEmployee

Hire event. Links the employee to an existing checked worker and marks it as employed. Matching is done on national ID (Swedish personnummer or coordination number, 10 or 12 digits, with or without separator) within the calling company, with employee email as fallback. The call is idempotent - repeating a hire for the same externalEmployeeId is safe. A hire for an externalEmployeeId belonging to a previously dismissed employee re-activates it.

Authorizations:
bearerToken
Request Body schema: application/json
required
externalEmployeeId
string

The employee id in the HR system, used as the key for all subsequent calls

firstName
string
lastName
string
email
string

Employee email in the HR system

nationality
string

ISO 3166-1 alpha-2 or alpha-3 country code

nationalId
string

National ID (Swedish personnummer or coordination number), used to match the hire against the checked worker

hireDate
string <date>
leaveDate
string <date>
managerEmail
string
status
string
Enum: "NEW" "REVIEWED" "CANDIDATE" "EMPLOYED" "DISMISSED" "NO_RESPONSE" "TO_BE_REMOVED"

Response only - current employment status

Responses

Request samples

Content type
application/json
{
  • "externalEmployeeId": "string",
  • "firstName": "string",
  • "lastName": "string",
  • "email": "string",
  • "nationality": "string",
  • "nationalId": "string",
  • "hireDate": "2019-08-24",
  • "leaveDate": "2019-08-24",
  • "managerEmail": "string",
  • "status": "NEW"
}

updateEmployee

Update event (name change, manager change). Only non-empty fields are applied.

Authorizations:
bearerToken
path Parameters
externalEmployeeId
required
string
Request Body schema: application/json
required
externalEmployeeId
string

The employee id in the HR system, used as the key for all subsequent calls

firstName
string
lastName
string
email
string

Employee email in the HR system

nationality
string

ISO 3166-1 alpha-2 or alpha-3 country code

nationalId
string

National ID (Swedish personnummer or coordination number), used to match the hire against the checked worker

hireDate
string <date>
leaveDate
string <date>
managerEmail
string
status
string
Enum: "NEW" "REVIEWED" "CANDIDATE" "EMPLOYED" "DISMISSED" "NO_RESPONSE" "TO_BE_REMOVED"

Response only - current employment status

Responses

Request samples

Content type
application/json
{
  • "externalEmployeeId": "string",
  • "firstName": "string",
  • "lastName": "string",
  • "email": "string",
  • "nationality": "string",
  • "nationalId": "string",
  • "hireDate": "2019-08-24",
  • "leaveDate": "2019-08-24",
  • "managerEmail": "string",
  • "status": "NEW"
}

getEmployee

Authorizations:
bearerToken
path Parameters
externalEmployeeId
required
string

Responses

employeeLeave

Leave event. Sets the employee's last day of employment. If the leave date is today or in the past the employee is marked as no longer employed immediately, otherwise on the given date.

Authorizations:
bearerToken
path Parameters
externalEmployeeId
required
string
query Parameters
leaveDate
required
string <date>

Responses