OverviewAccount and sign-inYour profileDraft your summary from your CVAI assistant (Sandy)Managing shiftsBooking requestsMessaging a workplaceBooking schedulesAvailability calendarCalendar syncCancellation protectionLocum directoryWorkplaces and organisationsInvoicingWorkplace signed linksAuto-chasersShift pay-checkMedicare direct billingAgency vs direct billingAgency and PAYG trackingTripled bulk-billing incentiveThomas and Naaz: payroll taxTax planningExpenses and cents-per-kmEarnings forecastBAS readinessSuper guaranteePSI diagnosticXero integrationAdvanced reportingAHPRA registration and CPDState credentialsDocument storeCompliance passportRural incentives and MMMNDIS price guideBilling and subscriptionComplimentary and trial accessReferralsNotification preferencesNotification inboxSupport ticketsREST APIData export and privacyLocum tax calculatorATO cents-per-km calculatorBAS estimatorSuper contribution plannerPSI self-assessmentMMM rural lookupAgency super checkAHPRA renewal reminderFree invoice templateLocum GP rates AustraliaLocum pharmacist rates AustraliaAgency nurse rates AustraliaLocum paramedic rates AustraliaLocum physio rates AustraliaBecome a locum GPBecome a locum pharmacistBecome an agency nurseBecome a locum paramedicBecome a locum physiotherapist
Help centre

REST API for Australian locums

Read your shifts, invoices and expenses straight out of Sessional and into your own spreadsheets, dashboards or scripts. Available on the Pro plan.

What the Sessional API does

The Sessional REST API gives you read-only access to the core data you already keep in your account, so you can build whatever sits on top. It is a pull API: your code asks for data when it needs it and gets back clean JSON. There is no marketplace, no booking feed, just your own records: the shifts you have worked, the invoices you have raised, the expenses you have logged, and your profile.

Australian locums and contractors typically use it to:

  • Pull invoice totals into a personal cash-flow spreadsheet across every agency and direct workplace
  • Feed shift history into a Google Sheet or Notion board for your own records
  • Push expense data into bookkeeping software that we do not integrate with natively
  • Generate a monthly summary for your accountant or BAS agent without copy-pasting

Note

The REST API is a Pro feature. Open Dashboard > APIto create keys and use the interactive “try it out” documentation. If you mainly want spreadsheet files rather than code, see data export for one-click CSV downloads.

Creating an API key

Keys are created from Dashboard > API:

  1. Open the API page from the dashboard sidebar (Pro plan required).
  2. Create a key and give it a clear label, for example “Sheets sync” or “Accountant export”, so you can tell your keys apart later.
  3. Copy it immediately. The full key is shown once, at creation. We store only a SHA-256 hash, so we cannot show it to you again. If you lose it, revoke the key and create a new one.

Every key begins with the prefix sk_live_ followed by a random string. The prefix makes Sessional keys easy to spot in an environment file or a secrets manager, and the first eight characters stay visible in your key list so you can identify a key without revealing the secret. You can hold up to ten active keys per account.

Important

A key reads your account data, including your AHPRA number and financials. Treat it like a password. Do not paste it into client-side code, commit it to a public repository, or share it. If a key is exposed, revoke it straight away and issue a replacement.

Authenticating with a Bearer token

Send your key in the Authorization header using the Bearer scheme on every request:

GET /api/v1/sessions HTTP/1.1
Host: sessional.com.au
Authorization: Bearer sk_live_your_key_here

A missing header, a malformed key, a revoked key, or a key on an account that is no longer on Pro is rejected with a JSON error and an appropriate status code: 401 for an authentication problem, 403 when the account does not (or no longer) has Pro API access, and 403 if the account is suspended. The response body always explains the reason.

Rate limits

The API allows 100 requests per minute on a sliding 60-second window. The limit is shared across every key on your account, so adding more keys does not raise your ceiling. That is comfortably more than a periodic sync needs.

Successful responses carry X-RateLimit-Limit, X-RateLimit-Remainingand X-RateLimit-Reset headers so you can pace your calls. If you go over, you get a 429 Too Many Requests with a Retry-After: 60 header telling you how long to wait. For a live dashboard, cache responses locally and poll on a sensible interval rather than hammering the API.

The /api/v1 endpoints

Four read-only endpoints are available, all returning JSON:

  • GET /api/v1/sessions: your shifts, with optional from, to and status filters. Each row carries the shift date, start and end times, the agreed rate and rate type, status, the workplace name, payment terms and site notes.
  • GET /api/v1/invoices: your invoices, filterable by status (DRAFT, ISSUED, ACKNOWLEDGED, PAID, OVERDUE, VOID) and date. Returns the invoice number, subtotal and total, status, issued, due and settled dates, the bank payment reference, the workplace, and the line items.
  • GET /api/v1/expenses: your expenses, filterable by category and date. Returns the date, category, description, amount, kilometres logged for cents-per-km claims, and the receipt reference.
  • GET /api/v1/profile: your profile, including profession, AHPRA registration number, public slug, default payment terms, your current subscription tier, and counts of your workplaces, shifts, invoices and expenses.

All list endpoints paginate with page (default 1) and per_page (default 25, maximum 100). Every list response wraps the results in a data array alongside a pagination object with the page, page size, total count and total pages.

Tip

Amounts come back as plain numbers in Australian dollars. GST is computed at the standard rate when you are GST-registered, and the GST line is shown on the invoices themselves. See BAS and GST for how that flows through to your activity statement.

Interactive docs, and revoking a key

The API page includes a “try it out” panel: pick an endpoint, set any filters, send the request, and see the live response from your own account. It is the fastest way to learn the response shape and test a query before you write a line of code. The page also lists every filter parameter for each endpoint.

To retire a key, revoke it from the same page. Revocation is immediate and permanent: the record is kept for your audit trail but the key stops working at once, returning 401 on the next request. There is no limit on how many keys you create over time, but keep only the ones you are actively using.

Frequently asked questions

Can I create or change data through the API?
No. The API is read-only. You cannot create, update or delete records through it. All data entry happens in the Sessional dashboard. The API exists so you can read your own data into other tools.
What happens to my keys if I downgrade from Pro?
Your keys are kept but stop working: requests return 403 until you are back on Pro. You do not need to recreate them. If a card payment fails, API access continues for the same billing grace window the dashboard gives you, then drops if the grace period lapses.
Can I have more than one API key?
Yes, up to ten active keys per account. Separate keys for separate integrations let you revoke one without breaking the others. The 100-requests-per-minute rate limit is shared across all of your keys.
Is there a webhook or push API?
Not yet. The API is pull-based, so your application requests data when it needs it. If you need near-real-time updates, poll at a sensible interval such as every 15 minutes rather than continuously.
How do I report a problem or ask for a new endpoint?
Raise a support ticket from Dashboard > Support with the detail of what you need. We review all API feedback and prioritise by demand.

Related guides

Data export and privacyXero integrationAdvanced reportingBilling and ProSupport tickets

Build on your own Sessional data

The REST API ships with Pro, alongside Xero sync and advanced reporting. Start free, then upgrade when you are ready to automate.

Start freeSee pricing