Collabin REST API quickstart: your first requests in 10 minutes

Collabin's REST API gives you programmatic access to your organization's users, teams, leave types, and leave requests — everything you need to build reports, sync HR systems, or automate approvals. This quickstart takes you from zero to your first authenticated requests in about ten minutes.

What you'll need

• A Collabin account on the Pro plan (the external API is a Pro feature).
• Administrator access to your organization's dashboard.
• curl or any HTTP client.

Step 1: Generate an API key

1. Sign in to your Collabin dashboard and open API Keys.
2. Create a new key. Choose whether it should be read-only or also allowed to write (create leaves, change statuses). Prefer read-only unless you specifically need writes.
3. Copy the key immediately — it looks like clb_4f8a… and is shown only once. Collabin stores only a hash; if you lose the key, you revoke it and generate a new one.

Store the key like a password: environment variables or a secret manager, never in source control.

Step 2: Make your first request

The API lives at https://api.collabin.eu under the /v1 prefix, and authenticates with the X-API-Key header:

curl -s https://api.collabin.eu/v1/users \
  -H "X-API-Key: $COLLABIN_API_KEY"

List responses share a common envelope with pagination metadata:

{
  "data": [
    { "id": 7, "name": "Jane Doe", "email": "jane@example.com" }
  ],
  "total": 134,
  "limit": 50,
  "offset": 0
}

Page through results with limit and offset — the default page size is 50, the maximum 500:

curl -s "https://api.collabin.eu/v1/users?limit=100&offset=100" \
  -H "X-API-Key: $COLLABIN_API_KEY"

The endpoints at a glance

Step 3: Filter leave requests

GET /v1/leaves accepts several query parameters that can be combined freely:

• user_id — limit to one person
• start and end — date range, YYYY-MM-DD
• status — e.g. PENDING, APPROVED, REJECTED
• updated_since — RFC 3339 timestamp, ideal for incremental syncs

For example, everything approved this summer:

curl -s "https://api.collabin.eu/v1/leaves?status=APPROVED&start=2026-06-01&end=2026-08-31" \
  -H "X-API-Key: $COLLABIN_API_KEY"

An incremental sync job only needs what changed since its last run:

curl -s "https://api.collabin.eu/v1/leaves?updated_since=2026-06-12T00:00:00Z" \
  -H "X-API-Key: $COLLABIN_API_KEY"

Step 4: Create and approve a leave (write keys)

Creating a request — it starts in PENDING status:

curl -s -X POST https://api.collabin.eu/v1/leaves \
  -H "X-API-Key: $COLLABIN_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "user_id": 7,
    "leave_type_id": 1,
    "start_date": "2026-07-01T00:00:00Z",
    "end_date": "2026-07-05T00:00:00Z",
    "reason": "Summer vacation"
  }'

Approving (or rejecting) it:

curl -s -X PUT https://api.collabin.eu/v1/leaves/1337/status \
  -H "X-API-Key: $COLLABIN_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{ "status": "APPROVED" }'

To reject, send "status": "REJECTED" and optionally a "rejection_reason". Both operations fire the corresponding webhook events (leave.created, leave.status_changed), so anything you've built on webhooks reacts to API-driven changes too.

Good to know

• Rate limit: 120 requests per minute. On bursts, back off and retry; for large exports, prefer bigger pages over more requests.
• Tenant isolation: a key only ever sees the organization it was issued for — there is nothing to configure and no way to reach across.
• Half days: pass "is_half_day": true when creating single-day leaves that cover only half a day.
• Revocation: delete a key in the dashboard and it stops working immediately. Rotate keys when people leave the team.

Where to go next

Combine the API with calendar feeds for read-only consumers that only need events, and with webhooks when you'd rather be pushed to than poll.