Supplier API Tech Specs

Magnit Supplier API

Verbs

Supported verbs are POST, GET and PATCH.

Error Response

  • Error response uses "Content-Type" as "application/problem" and JSON format.
  • 2XX status codes are used for successful request processing.
  • 4XX HTTP status codes are used for client errors with a specific resource.
  • 500 HTTP status code is used for server errors.

Unknown Attributes
Any unrecognized parameters or attributes in the request are disregarded during processing.

Rate Limiting
We currently apply a rate limit of 1 request per second. If this limit is exceeded, the IP will be temporarily blocked for one second. Additional daily rate limits are enforced based on the licensing model chosen:

Core: 500 calls/day

Professional: 4,000 calls/day

Enterprise: 10,000 calls/day

Pagination

  • The GET Staffing Request, Worker and Reference List endpoints are supported by pagination.
  • Pagination is managed through “offset” and “limit” query string parameters, with the default value for offset set to 0 and maximum limit set to 100. If a request specifies a size greater than this limit, the maximum value will be applied instead. 
  • These parameters are case-sensitive and must be lowercase.
  • The response includes a “next” value, which provides the URL for the next page of results.
  • The “totalRecords” field indicates the total number of records without pagination.

Sample Pagination URL: https://{baseurl}/staffingrequests?offset=0&limit=100

Credential Management

A Supplier User with API Admin permission will navigate to the API Management page in Magnit VMS to generate your supplier's credentials, which include a Client Key, Client Secret, Credential Key, and AWS Key. Credentials are valid for 180 days and upcoming expiration email notifications are sent. When new credentials are generated, existing credentials (if valid for more than one week) will remain active for one additional week to allow testing and validation before full transition. This structured overlap ensures uninterrupted connectivity while supporting secure credential rotation best practices.

Authentication

Make a POST call to the token endpoint {baseurl}/get-api-token.  The request body should be in JSON format.  Three components of your Supplier’s API keys located on the API Management page in the VMS should be passed in the body, and if successful, an access token will be returned.  The AWS Key is included as a header parameter, outlined in the API Documentation section of this website.

Sample Request:

{
    "credentialKey": 1234,
    "clientKey": "XXXX",
    "clientSecret": "XXXX"
}

Once you have the access token you can call the other endpoints. Use it in the Authorization header as below:

Authorization: Bearer <token>

API Documentation

 Download (YAML) OpenAPI specification

Support and Release Notes

If further assistance is needed, please open a case at Magnit Global Services & Support Center.

Release Notes

March 14, 2026

February 20, 2026

January 9, 2026

December 13, 2025

 

 

Your Evolution of Work Starts Here

Contact Us