Bonusly Users API
Manage company members - create, list, retrieve, update, and deactivate users; fetch the authenticated user via /me; autocomplete users by name; and pull a user's bonuses, redemptions, and achievements.
Manage company members - create, list, retrieve, update, and deactivate users; fetch the authenticated user via /me; autocomplete users by name; and pull a user's bonuses, redemptions, and achievements.
openapi: 3.0.3
info:
title: Bonusly API
description: >-
The Bonusly API is the REST interface behind the Bonusly employee
recognition and rewards platform. It exposes bonuses (peer-to-peer
recognition posts that carry points), users, the reward catalog,
redemptions, awards, company settings, and analytics. All endpoints are
served under the base https://bonus.ly/api/v1 and authenticated with a
Bearer personal access token (PAT) minted by a Global or Tech admin, with
fine-grained read / write / administer scopes per resource. A token that
lacks the required scope returns 403 Forbidden. A newer public surface is
also available under https://bonus.ly/api/public. API access is available
on paid Bonusly plans. This description models the publicly documented
endpoints; verify exact request and response shapes against the live
reference at https://docs.bonus.ly.
version: '1.0'
contact:
name: Bonusly
url: https://docs.bonus.ly/
servers:
- url: https://bonus.ly/api/v1
description: Bonusly REST API (v1)
- url: https://bonus.ly/api/public
description: Bonusly public API surface
security:
- bearerAuth: []
tags:
- name: Bonuses
description: Peer-to-peer recognition posts that carry points.
- name: Users
description: Company members who give and receive recognition.
- name: Rewards
description: The catalog of gift cards, donations, and custom rewards.
- name: Redemptions
description: Conversions of earned points into rewards.
- name: Analytics
description: Snapshots and lists of recognition activity for reporting.
- name: Company
description: Company-level settings and achievements.
paths:
/bonuses:
get:
operationId: listBonuses
tags:
- Bonuses
summary: List bonuses
description: Lists bonuses, most recent first, with optional filters for user, hashtag, and date range.
parameters:
- name: limit
in: query
schema:
type: integer
default: 20
- name: skip
in: query
schema:
type: integer
- name: start_time
in: query
schema:
type: string
format: date-time
- name: end_time
in: query
schema:
type: string
format: date-time
- name: user_email
in: query
schema:
type: string
- name: hashtag
in: query
schema:
type: string
responses:
'200':
description: A list of bonuses.
content:
application/json:
schema:
type: object
properties:
success:
type: boolean
result:
type: array
items:
$ref: '#/components/schemas/Bonus'
'401':
$ref: '#/components/responses/Unauthorized'
post:
operationId: createBonus
tags:
- Bonuses
summary: Create a bonus
description: Creates a bonus. The reason text names one or more receivers, an amount, and a reason - for example "+10 @alice for shipping the release #teamwork".
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/BonusInput'
responses:
'200':
description: The created bonus.
content:
application/json:
schema:
$ref: '#/components/schemas/BonusResponse'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'422':
$ref: '#/components/responses/UnprocessableEntity'
/bonuses.atom:
get:
operationId: listBonusesAtom
tags:
- Bonuses
summary: List bonuses (Atom feed)
description: Returns recent bonuses as an Atom (XML) feed.
responses:
'200':
description: An Atom feed of bonuses.
content:
application/atom+xml:
schema:
type: string
/bonuses/{id}:
parameters:
- name: id
in: path
required: true
schema:
type: string
get:
operationId: retrieveBonus
tags:
- Bonuses
summary: Retrieve a bonus
description: Retrieves a single bonus by its ID.
responses:
'200':
description: The requested bonus.
content:
application/json:
schema:
$ref: '#/components/schemas/BonusResponse'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
put:
operationId: updateBonus
tags:
- Bonuses
summary: Update a bonus
description: Updates the reason text of an existing bonus.
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/BonusInput'
responses:
'200':
description: The updated bonus.
content:
application/json:
schema:
$ref: '#/components/schemas/BonusResponse'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
delete:
operationId: deleteBonus
tags:
- Bonuses
summary: Delete a bonus
description: Deletes a bonus by its ID.
responses:
'200':
description: The bonus was deleted.
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
/users:
get:
operationId: listUsers
tags:
- Users
summary: List users
description: Lists users in the company, with optional filtering and pagination.
parameters:
- name: limit
in: query
schema:
type: integer
default: 20
- name: skip
in: query
schema:
type: integer
- name: email
in: query
schema:
type: string
- name: sort
in: query
schema:
type: string
responses:
'200':
description: A list of users.
content:
application/json:
schema:
type: object
properties:
success:
type: boolean
result:
type: array
items:
$ref: '#/components/schemas/User'
'401':
$ref: '#/components/responses/Unauthorized'
post:
operationId: createUser
tags:
- Users
summary: Create a user
description: Creates (invites) a new user in the company. Requires an administrator-scoped token.
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/UserInput'
responses:
'200':
description: The created user.
content:
application/json:
schema:
$ref: '#/components/schemas/UserResponse'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
/users/{id}:
parameters:
- name: id
in: path
required: true
schema:
type: string
get:
operationId: retrieveUser
tags:
- Users
summary: Retrieve a user
description: Retrieves a single user by ID.
responses:
'200':
description: The requested user.
content:
application/json:
schema:
$ref: '#/components/schemas/UserResponse'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
put:
operationId: updateUser
tags:
- Users
summary: Update a user
description: Updates a user's profile fields, such as display name, email, or budget. Requires an administrator-scoped token.
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/UserInput'
responses:
'200':
description: The updated user.
content:
application/json:
schema:
$ref: '#/components/schemas/UserResponse'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
delete:
operationId: deactivateUser
tags:
- Users
summary: Deactivate a user
description: Deactivates (archives) a user. Requires an administrator-scoped token.
responses:
'200':
description: The user was deactivated.
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
/users/me:
get:
operationId: retrieveMe
tags:
- Users
summary: Retrieve the authenticated user
description: Returns the user associated with the access token used to make the request.
responses:
'200':
description: The authenticated user.
content:
application/json:
schema:
$ref: '#/components/schemas/UserResponse'
'401':
$ref: '#/components/responses/Unauthorized'
/users/autocomplete:
get:
operationId: autocompleteUsers
tags:
- Users
summary: Autocomplete users
description: Returns users matching a partial name or email, for building recognition input fields.
parameters:
- name: query
in: query
required: true
schema:
type: string
responses:
'200':
description: Matching users.
content:
application/json:
schema:
type: object
properties:
success:
type: boolean
result:
type: array
items:
$ref: '#/components/schemas/User'
/users/{id}/bonuses:
parameters:
- name: id
in: path
required: true
schema:
type: string
get:
operationId: listUserBonuses
tags:
- Users
summary: List a user's bonuses
description: Lists bonuses given or received by a specific user.
responses:
'200':
description: The user's bonuses.
content:
application/json:
schema:
type: object
properties:
success:
type: boolean
result:
type: array
items:
$ref: '#/components/schemas/Bonus'
/users/{id}/redemptions:
parameters:
- name: id
in: path
required: true
schema:
type: string
get:
operationId: listUserRedemptions
tags:
- Users
summary: List a user's redemptions
description: Lists redemptions made by a specific user.
responses:
'200':
description: The user's redemptions.
content:
application/json:
schema:
type: object
properties:
success:
type: boolean
result:
type: array
items:
$ref: '#/components/schemas/Redemption'
/users/{id}/achievements:
parameters:
- name: id
in: path
required: true
schema:
type: string
get:
operationId: listUserAchievements
tags:
- Users
summary: List a user's achievements
description: Lists achievements earned by a specific user.
responses:
'200':
description: The user's achievements.
content:
application/json:
schema:
type: object
properties:
success:
type: boolean
result:
type: array
items:
type: object
/rewards:
get:
operationId: listRewards
tags:
- Rewards
summary: List rewards
description: Lists rewards available in the redemption catalog - gift cards, donations, and custom company rewards - optionally filtered by country and reward request.
parameters:
- name: country
in: query
description: ISO country code used to scope the gift-card catalog.
schema:
type: string
- name: request
in: query
schema:
type: string
responses:
'200':
description: A list of rewards.
content:
application/json:
schema:
type: object
properties:
success:
type: boolean
result:
type: array
items:
$ref: '#/components/schemas/Reward'
'401':
$ref: '#/components/responses/Unauthorized'
/redemptions:
get:
operationId: listRedemptions
tags:
- Redemptions
summary: List redemptions
description: Lists redemptions across the company, with optional pagination and filters.
parameters:
- name: limit
in: query
schema:
type: integer
default: 20
- name: skip
in: query
schema:
type: integer
responses:
'200':
description: A list of redemptions.
content:
application/json:
schema:
type: object
properties:
success:
type: boolean
result:
type: array
items:
$ref: '#/components/schemas/Redemption'
'401':
$ref: '#/components/responses/Unauthorized'
/redemptions/{id}:
parameters:
- name: id
in: path
required: true
schema:
type: string
get:
operationId: retrieveRedemption
tags:
- Redemptions
summary: Retrieve a redemption
description: Retrieves a single redemption by its ID.
responses:
'200':
description: The requested redemption.
content:
application/json:
schema:
type: object
properties:
success:
type: boolean
result:
$ref: '#/components/schemas/Redemption'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
/user_redemptions:
post:
operationId: createUserRedemption
tags:
- Redemptions
summary: Create a user redemption
description: Redeems a reward on behalf of a user, spending earned points from their balance.
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
user_id:
type: string
reward_request:
type: string
denomination:
type: number
responses:
'200':
description: The created redemption.
content:
application/json:
schema:
type: object
properties:
success:
type: boolean
result:
$ref: '#/components/schemas/Redemption'
'401':
$ref: '#/components/responses/Unauthorized'
'422':
$ref: '#/components/responses/UnprocessableEntity'
/custom_reward_redemptions:
get:
operationId: listCustomRewardRedemptions
tags:
- Redemptions
summary: List custom reward redemptions
description: Lists redemptions of custom company rewards, which follow an approve-and-fulfill workflow.
responses:
'200':
description: A list of custom reward redemptions.
content:
application/json:
schema:
type: object
properties:
success:
type: boolean
result:
type: array
items:
$ref: '#/components/schemas/Redemption'
/custom_reward_redemptions/approve:
post:
operationId: approveCustomRewardRedemptions
tags:
- Redemptions
summary: Approve custom reward redemptions
description: Approves one or more pending custom reward redemptions. Requires an administrator-scoped token.
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
ids:
type: array
items:
type: string
responses:
'200':
description: The redemptions were approved.
'403':
$ref: '#/components/responses/Forbidden'
/custom_reward_redemptions/fulfill:
post:
operationId: fulfillCustomRewardRedemptions
tags:
- Redemptions
summary: Fulfill custom reward redemptions
description: Marks one or more approved custom reward redemptions as fulfilled. Requires an administrator-scoped token.
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
ids:
type: array
items:
type: string
responses:
'200':
description: The redemptions were fulfilled.
'403':
$ref: '#/components/responses/Forbidden'
/analytics/health:
get:
operationId: analyticsHealthcheck
tags:
- Analytics
summary: Analytics healthcheck
description: Returns the availability status of the analytics subsystem.
responses:
'200':
description: Analytics is available.
/analytics/snapshots/analytics_users:
post:
operationId: queueUsersSnapshot
tags:
- Analytics
summary: Queue an analytics users snapshot
description: Queues an asynchronous snapshot of analytics users. Returns a snapshot ID to poll for status.
responses:
'200':
description: The snapshot was queued.
content:
application/json:
schema:
$ref: '#/components/schemas/Snapshot'
/analytics/snapshots/recognition_events:
post:
operationId: queueRecognitionEventsSnapshot
tags:
- Analytics
summary: Queue a recognition events snapshot
description: Queues an asynchronous snapshot of recognition events. Returns a snapshot ID to poll for status.
responses:
'200':
description: The snapshot was queued.
content:
application/json:
schema:
$ref: '#/components/schemas/Snapshot'
/analytics/snapshots/{id}:
parameters:
- name: id
in: path
required: true
schema:
type: string
get:
operationId: getSnapshotStatus
tags:
- Analytics
summary: Get snapshot status
description: Returns the processing status of a queued analytics snapshot.
responses:
'200':
description: The snapshot status.
content:
application/json:
schema:
$ref: '#/components/schemas/Snapshot'
/analytics/analytics_users:
get:
operationId: listAnalyticsUsers
tags:
- Analytics
summary: List analytics users
description: Lists the rows of a completed analytics users snapshot.
responses:
'200':
description: Analytics user rows.
content:
application/json:
schema:
type: object
/analytics/recognition_events:
get:
operationId: listRecognitionEvents
tags:
- Analytics
summary: List recognition events
description: Lists the rows of a completed recognition events snapshot.
responses:
'200':
description: Recognition event rows.
content:
application/json:
schema:
type: object
/company:
get:
operationId: retrieveCompany
tags:
- Company
summary: Retrieve company
description: Retrieves company-level settings and configuration for the account tied to the access token.
responses:
'200':
description: The company.
content:
application/json:
schema:
type: object
properties:
success:
type: boolean
result:
$ref: '#/components/schemas/Company'
'401':
$ref: '#/components/responses/Unauthorized'
put:
operationId: updateCompany
tags:
- Company
summary: Update company
description: Updates company-level settings. Requires an administrator-scoped token.
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/Company'
responses:
'200':
description: The updated company.
content:
application/json:
schema:
type: object
properties:
success:
type: boolean
result:
$ref: '#/components/schemas/Company'
'403':
$ref: '#/components/responses/Forbidden'
components:
securitySchemes:
bearerAuth:
type: http
scheme: bearer
description: >-
A Bonusly personal access token (PAT) passed as a Bearer token in the
Authorization header. Tokens carry read / write / administer scopes per
resource and are minted by a Global or Tech admin. A token that lacks
the required scope returns 403 Forbidden.
responses:
Unauthorized:
description: The access token is missing or invalid.
Forbidden:
description: The token lacks the scope required for this operation.
NotFound:
description: The requested resource was not found.
UnprocessableEntity:
description: The request was well-formed but could not be processed.
schemas:
Bonus:
type: object
properties:
id:
type: string
created_at:
type: string
format: date-time
reason:
type: string
reason_html:
type: string
amount:
type: integer
amount_with_currency:
type: string
value:
type: string
giver:
$ref: '#/components/schemas/User'
receivers:
type: array
items:
$ref: '#/components/schemas/User'
hashtag:
type: string
via:
type: string
family_amount:
type: integer
BonusInput:
type: object
required:
- reason
properties:
reason:
type: string
description: The recognition text, including receiver mentions, amount, and hashtag.
giver_email:
type: string
parent_bonus_id:
type: string
BonusResponse:
type: object
properties:
success:
type: boolean
result:
$ref: '#/components/schemas/Bonus'
User:
type: object
properties:
id:
type: string
short_name:
type: string
display_name:
type: string
username:
type: string
email:
type: string
full_name:
type: string
first_name:
type: string
last_name:
type: string
path:
type: string
full_pic_url:
type: string
profile_pic_url:
type: string
can_give:
type: boolean
earning_balance:
type: integer
earning_balance_with_currency:
type: string
giving_balance:
type: integer
giving_balance_with_currency:
type: string
can_receive:
type: boolean
department:
type: string
country:
type: string
time_zone:
type: string
user_mode:
type: string
UserInput:
type: object
properties:
email:
type: string
first_name:
type: string
last_name:
type: string
display_name:
type: string
budget_boost:
type: integer
user_mode:
type: string
role:
type: string
department:
type: string
country:
type: string
time_zone:
type: string
UserResponse:
type: object
properties:
success:
type: boolean
result:
$ref: '#/components/schemas/User'
Reward:
type: object
properties:
request:
type: string
name:
type: string
type:
type: string
description:
type: string
image_url:
type: string
denominations:
type: array
items:
type: number
currency_code:
type: string
countries:
type: array
items:
type: string
Redemption:
type: object
properties:
id:
type: string
created_at:
type: string
format: date-time
display_name:
type: string
amount:
type: integer
amount_with_currency:
type: string
reward_amount:
type: number
currency_code:
type: string
reward_type:
type: string
status:
type: string
user:
$ref: '#/components/schemas/User'
Snapshot:
type: object
properties:
id:
type: string
status:
type: string
type:
type: string
created_at:
type: string
format: date-time
Company:
type: object
properties:
id:
type: string
name:
type: string
subdomain:
type: string
allow_self_registration:
type: boolean
base_allowance:
type: integer
currency_code:
type: string
default_country:
type: string
company_newsfeed_enabled:
type: boolean
values:
type: array
items:
type: string