Skip to main content
Daysync issues integration credentials through the Integrations Portal. You submit an application, Daysync reviews it, and on approval your app is provisioned with credentials.

What you’ll receive

On approval, two credentials unique to your app:

x-api-key

Identifies your partner application at the API gateway, and serves as your OAuth client ID. Looks like dk_live_…

x-api-secret

Authenticates your application — on every API call and as your OAuth client secret. Treat as a password. Looks like ds_…
There is no separate OAuth client. Your x-api-key / x-api-secret are your OAuth client ID and secret (used with HTTP Basic auth at the token endpoint). See Authentication.

How to apply

1

Open the Integrations Portal

Go to the Integrations Portal and sign in with your Daysync account (sign up at app.daysync.com if you don’t have one), then start a new application.
2

Fill out the application

You’ll provide:
  • Company name
  • Website
  • Application name (shown to users on the consent screen)
  • Contact email for the developer who will integrate
  • Use case — what you’re building and why
  • Scopes you need from the Scopes & Permissions list
  • Redirect URIs — your OAuth callback URL(s); see Callback URLs
3

Daysync reviews

Your application goes to a review queue. Once approved, your app is provisioned and your x-api-key and x-api-secret are shown once — store them immediately in your secret manager. They’re stored only as a bcrypt hash and can’t be recovered, only rotated.
4

Run the quickstart

Follow the Quickstart to make your first authenticated API call within ~15 minutes of approval.

Changing things after approval

Most changes are self-service on your app page in the portal:
  • Redirect URIs — add or remove callback URLs yourself; changes take effect immediately (see Callback URLs).
  • Additional scopes — request more scopes from your app page; the request goes to a Daysync reviewer.
  • Rotating your x-api-secret — rotate from your app page (suspected compromise, employee departure, scheduled hygiene). Rotation supports an overlap window so you can roll the secret without downtime.
Scope expansion doesn’t invalidate existing tokens, but your users may need to re-consent to the new scopes before their tokens carry them.

Notes

No. Your x-api-key / x-api-secret are your OAuth client credentials — there’s no shared client and no separate Cognito registration. See Authentication.
Daysync currently operates a single production environment. Use is_demo: true on tours you create for testing — see Environments.
You’ll need a real Daysync user to test the OAuth flow. Sign up at app.daysync.com or use an existing test account on your team.
Questions the portal doesn’t answer? Email support@daysync.com.