Ábyrg verslunFyrirtækiAldursskírteiniVefþjónustaAlgengar spurningar
Vefþjónusta

Employees

Manage employee records for your tenant. Employees are assigned to locations and use 6-digit access codes to identify themselves on devices.

Note: The SSN is hashed server-side and never stored in plain text. The accessCode is only shown in the POST response and cannot be retrieved again.

GET/api/tenant/employees

List all employees for your tenant. Optionally filter by location.

Headers

AuthorizationstringRequired

Bearer <access_token> — requires employees:read scope

Query Parameters

locationIdstringOptional

Filter employees assigned to a specific location

Response

{
  "data": [
    {
      "id": "emp_abc123",
      "name": "Jón Jónsson",
      "phoneNumber": "7771234",
      "locationIds": ["loc_xyz"],
      "createdAt": "2024-01-15T10:00:00.000Z"
    }
  ]
}
GET/api/tenant/employees/:id

Retrieve a single employee by ID.

Headers

AuthorizationstringRequired

Bearer <access_token> — requires employees:read scope

Response

{
  "data": {
    "id": "emp_abc123",
    "name": "Jón Jónsson",
    "phoneNumber": "7771234",
    "locationIds": ["loc_xyz"],
    "createdAt": "2024-01-15T10:00:00.000Z"
  }
}
POST/api/tenant/employees

Create a new employee. Returns the generated employee ID and access code. The access code is shown only once — store it securely before responding to the customer.

Headers

AuthorizationstringRequired

Bearer <access_token> — requires admin scope

Content-TypestringRequired

application/json

Request Body

namestringRequired

Employee's full name

ssnstringRequired

Employee's Icelandic social security number (kennitala). Hashed server-side — never stored in plain text.

phoneNumberstringRequired

Employee's phone number

accessCodestringOptional

6-digit access code. If omitted, one is generated automatically.

locationIdsstring[]Optional

List of location IDs to assign the employee to

Response

{
  "employeeId": "emp_abc123",
  "accessCode": "483920"
}
PATCH/api/tenant/employees/:id

Update an existing employee. All fields are optional. Sending an empty locationIds array clears all location assignments.

Headers

AuthorizationstringRequired

Bearer <access_token> — requires admin scope

Content-TypestringRequired

application/json

Request Body

namestringOptional

Employee's full name

phoneNumberstringOptional

Employee's phone number

accessCodestringOptional

New 6-digit access code

locationIdsstring[]Optional

Updated list of location IDs. Empty array clears all assignments.

Response

{
  "data": {
    "id": "emp_abc123",
    "name": "Jón Jónsson",
    "phoneNumber": "7771234",
    "locationIds": ["loc_xyz"],
    "createdAt": "2024-01-15T10:00:00.000Z"
  }
}
DELETE/api/tenant/employees/:id

Delete an employee. Also removes all location assignments for that employee.

Headers

AuthorizationstringRequired

Bearer <access_token> — requires admin scope

Response

{ "success": true }