openapi: 3.0.3 info: title: Bonusly API description: >- The Bonusly API is the REST interface behind the Bonusly employee recognition and rewards platform. It exposes bonuses (peer-to-peer recognition posts that carry points), users, the reward catalog, redemptions, awards, company settings, and analytics. All endpoints are served under the base https://bonus.ly/api/v1 and authenticated with a Bearer personal access token (PAT) minted by a Global or Tech admin, with fine-grained read / write / administer scopes per resource. A token that lacks the required scope returns 403 Forbidden. A newer public surface is also available under https://bonus.ly/api/public. API access is available on paid Bonusly plans. This description models the publicly documented endpoints; verify exact request and response shapes against the live reference at https://docs.bonus.ly. version: '1.0' contact: name: Bonusly url: https://docs.bonus.ly/ servers: - url: https://bonus.ly/api/v1 description: Bonusly REST API (v1) - url: https://bonus.ly/api/public description: Bonusly public API surface security: - bearerAuth: [] tags: - name: Bonuses description: Peer-to-peer recognition posts that carry points. - name: Users description: Company members who give and receive recognition. - name: Rewards description: The catalog of gift cards, donations, and custom rewards. - name: Redemptions description: Conversions of earned points into rewards. - name: Analytics description: Snapshots and lists of recognition activity for reporting. - name: Company description: Company-level settings and achievements. paths: /bonuses: get: operationId: listBonuses tags: - Bonuses summary: List bonuses description: Lists bonuses, most recent first, with optional filters for user, hashtag, and date range. parameters: - name: limit in: query schema: type: integer default: 20 - name: skip in: query schema: type: integer - name: start_time in: query schema: type: string format: date-time - name: end_time in: query schema: type: string format: date-time - name: user_email in: query schema: type: string - name: hashtag in: query schema: type: string responses: '200': description: A list of bonuses. content: application/json: schema: type: object properties: success: type: boolean result: type: array items: $ref: '#/components/schemas/Bonus' '401': $ref: '#/components/responses/Unauthorized' post: operationId: createBonus tags: - Bonuses summary: Create a bonus description: Creates a bonus. The reason text names one or more receivers, an amount, and a reason - for example "+10 @alice for shipping the release #teamwork". requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/BonusInput' responses: '200': description: The created bonus. content: application/json: schema: $ref: '#/components/schemas/BonusResponse' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '422': $ref: '#/components/responses/UnprocessableEntity' /bonuses.atom: get: operationId: listBonusesAtom tags: - Bonuses summary: List bonuses (Atom feed) description: Returns recent bonuses as an Atom (XML) feed. responses: '200': description: An Atom feed of bonuses. content: application/atom+xml: schema: type: string /bonuses/{id}: parameters: - name: id in: path required: true schema: type: string get: operationId: retrieveBonus tags: - Bonuses summary: Retrieve a bonus description: Retrieves a single bonus by its ID. responses: '200': description: The requested bonus. content: application/json: schema: $ref: '#/components/schemas/BonusResponse' '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' put: operationId: updateBonus tags: - Bonuses summary: Update a bonus description: Updates the reason text of an existing bonus. requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/BonusInput' responses: '200': description: The updated bonus. content: application/json: schema: $ref: '#/components/schemas/BonusResponse' '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' delete: operationId: deleteBonus tags: - Bonuses summary: Delete a bonus description: Deletes a bonus by its ID. responses: '200': description: The bonus was deleted. '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' /users: get: operationId: listUsers tags: - Users summary: List users description: Lists users in the company, with optional filtering and pagination. parameters: - name: limit in: query schema: type: integer default: 20 - name: skip in: query schema: type: integer - name: email in: query schema: type: string - name: sort in: query schema: type: string responses: '200': description: A list of users. content: application/json: schema: type: object properties: success: type: boolean result: type: array items: $ref: '#/components/schemas/User' '401': $ref: '#/components/responses/Unauthorized' post: operationId: createUser tags: - Users summary: Create a user description: Creates (invites) a new user in the company. Requires an administrator-scoped token. requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/UserInput' responses: '200': description: The created user. content: application/json: schema: $ref: '#/components/schemas/UserResponse' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' /users/{id}: parameters: - name: id in: path required: true schema: type: string get: operationId: retrieveUser tags: - Users summary: Retrieve a user description: Retrieves a single user by ID. responses: '200': description: The requested user. content: application/json: schema: $ref: '#/components/schemas/UserResponse' '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' put: operationId: updateUser tags: - Users summary: Update a user description: Updates a user's profile fields, such as display name, email, or budget. Requires an administrator-scoped token. requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/UserInput' responses: '200': description: The updated user. content: application/json: schema: $ref: '#/components/schemas/UserResponse' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' delete: operationId: deactivateUser tags: - Users summary: Deactivate a user description: Deactivates (archives) a user. Requires an administrator-scoped token. responses: '200': description: The user was deactivated. '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' /users/me: get: operationId: retrieveMe tags: - Users summary: Retrieve the authenticated user description: Returns the user associated with the access token used to make the request. responses: '200': description: The authenticated user. content: application/json: schema: $ref: '#/components/schemas/UserResponse' '401': $ref: '#/components/responses/Unauthorized' /users/autocomplete: get: operationId: autocompleteUsers tags: - Users summary: Autocomplete users description: Returns users matching a partial name or email, for building recognition input fields. parameters: - name: query in: query required: true schema: type: string responses: '200': description: Matching users. content: application/json: schema: type: object properties: success: type: boolean result: type: array items: $ref: '#/components/schemas/User' /users/{id}/bonuses: parameters: - name: id in: path required: true schema: type: string get: operationId: listUserBonuses tags: - Users summary: List a user's bonuses description: Lists bonuses given or received by a specific user. responses: '200': description: The user's bonuses. content: application/json: schema: type: object properties: success: type: boolean result: type: array items: $ref: '#/components/schemas/Bonus' /users/{id}/redemptions: parameters: - name: id in: path required: true schema: type: string get: operationId: listUserRedemptions tags: - Users summary: List a user's redemptions description: Lists redemptions made by a specific user. responses: '200': description: The user's redemptions. content: application/json: schema: type: object properties: success: type: boolean result: type: array items: $ref: '#/components/schemas/Redemption' /users/{id}/achievements: parameters: - name: id in: path required: true schema: type: string get: operationId: listUserAchievements tags: - Users summary: List a user's achievements description: Lists achievements earned by a specific user. responses: '200': description: The user's achievements. content: application/json: schema: type: object properties: success: type: boolean result: type: array items: type: object /rewards: get: operationId: listRewards tags: - Rewards summary: List rewards description: Lists rewards available in the redemption catalog - gift cards, donations, and custom company rewards - optionally filtered by country and reward request. parameters: - name: country in: query description: ISO country code used to scope the gift-card catalog. schema: type: string - name: request in: query schema: type: string responses: '200': description: A list of rewards. content: application/json: schema: type: object properties: success: type: boolean result: type: array items: $ref: '#/components/schemas/Reward' '401': $ref: '#/components/responses/Unauthorized' /redemptions: get: operationId: listRedemptions tags: - Redemptions summary: List redemptions description: Lists redemptions across the company, with optional pagination and filters. parameters: - name: limit in: query schema: type: integer default: 20 - name: skip in: query schema: type: integer responses: '200': description: A list of redemptions. content: application/json: schema: type: object properties: success: type: boolean result: type: array items: $ref: '#/components/schemas/Redemption' '401': $ref: '#/components/responses/Unauthorized' /redemptions/{id}: parameters: - name: id in: path required: true schema: type: string get: operationId: retrieveRedemption tags: - Redemptions summary: Retrieve a redemption description: Retrieves a single redemption by its ID. responses: '200': description: The requested redemption. content: application/json: schema: type: object properties: success: type: boolean result: $ref: '#/components/schemas/Redemption' '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' /user_redemptions: post: operationId: createUserRedemption tags: - Redemptions summary: Create a user redemption description: Redeems a reward on behalf of a user, spending earned points from their balance. requestBody: required: true content: application/json: schema: type: object properties: user_id: type: string reward_request: type: string denomination: type: number responses: '200': description: The created redemption. content: application/json: schema: type: object properties: success: type: boolean result: $ref: '#/components/schemas/Redemption' '401': $ref: '#/components/responses/Unauthorized' '422': $ref: '#/components/responses/UnprocessableEntity' /custom_reward_redemptions: get: operationId: listCustomRewardRedemptions tags: - Redemptions summary: List custom reward redemptions description: Lists redemptions of custom company rewards, which follow an approve-and-fulfill workflow. responses: '200': description: A list of custom reward redemptions. content: application/json: schema: type: object properties: success: type: boolean result: type: array items: $ref: '#/components/schemas/Redemption' /custom_reward_redemptions/approve: post: operationId: approveCustomRewardRedemptions tags: - Redemptions summary: Approve custom reward redemptions description: Approves one or more pending custom reward redemptions. Requires an administrator-scoped token. requestBody: required: true content: application/json: schema: type: object properties: ids: type: array items: type: string responses: '200': description: The redemptions were approved. '403': $ref: '#/components/responses/Forbidden' /custom_reward_redemptions/fulfill: post: operationId: fulfillCustomRewardRedemptions tags: - Redemptions summary: Fulfill custom reward redemptions description: Marks one or more approved custom reward redemptions as fulfilled. Requires an administrator-scoped token. requestBody: required: true content: application/json: schema: type: object properties: ids: type: array items: type: string responses: '200': description: The redemptions were fulfilled. '403': $ref: '#/components/responses/Forbidden' /analytics/health: get: operationId: analyticsHealthcheck tags: - Analytics summary: Analytics healthcheck description: Returns the availability status of the analytics subsystem. responses: '200': description: Analytics is available. /analytics/snapshots/analytics_users: post: operationId: queueUsersSnapshot tags: - Analytics summary: Queue an analytics users snapshot description: Queues an asynchronous snapshot of analytics users. Returns a snapshot ID to poll for status. responses: '200': description: The snapshot was queued. content: application/json: schema: $ref: '#/components/schemas/Snapshot' /analytics/snapshots/recognition_events: post: operationId: queueRecognitionEventsSnapshot tags: - Analytics summary: Queue a recognition events snapshot description: Queues an asynchronous snapshot of recognition events. Returns a snapshot ID to poll for status. responses: '200': description: The snapshot was queued. content: application/json: schema: $ref: '#/components/schemas/Snapshot' /analytics/snapshots/{id}: parameters: - name: id in: path required: true schema: type: string get: operationId: getSnapshotStatus tags: - Analytics summary: Get snapshot status description: Returns the processing status of a queued analytics snapshot. responses: '200': description: The snapshot status. content: application/json: schema: $ref: '#/components/schemas/Snapshot' /analytics/analytics_users: get: operationId: listAnalyticsUsers tags: - Analytics summary: List analytics users description: Lists the rows of a completed analytics users snapshot. responses: '200': description: Analytics user rows. content: application/json: schema: type: object /analytics/recognition_events: get: operationId: listRecognitionEvents tags: - Analytics summary: List recognition events description: Lists the rows of a completed recognition events snapshot. responses: '200': description: Recognition event rows. content: application/json: schema: type: object /company: get: operationId: retrieveCompany tags: - Company summary: Retrieve company description: Retrieves company-level settings and configuration for the account tied to the access token. responses: '200': description: The company. content: application/json: schema: type: object properties: success: type: boolean result: $ref: '#/components/schemas/Company' '401': $ref: '#/components/responses/Unauthorized' put: operationId: updateCompany tags: - Company summary: Update company description: Updates company-level settings. Requires an administrator-scoped token. requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/Company' responses: '200': description: The updated company. content: application/json: schema: type: object properties: success: type: boolean result: $ref: '#/components/schemas/Company' '403': $ref: '#/components/responses/Forbidden' components: securitySchemes: bearerAuth: type: http scheme: bearer description: >- A Bonusly personal access token (PAT) passed as a Bearer token in the Authorization header. Tokens carry read / write / administer scopes per resource and are minted by a Global or Tech admin. A token that lacks the required scope returns 403 Forbidden. responses: Unauthorized: description: The access token is missing or invalid. Forbidden: description: The token lacks the scope required for this operation. NotFound: description: The requested resource was not found. UnprocessableEntity: description: The request was well-formed but could not be processed. schemas: Bonus: type: object properties: id: type: string created_at: type: string format: date-time reason: type: string reason_html: type: string amount: type: integer amount_with_currency: type: string value: type: string giver: $ref: '#/components/schemas/User' receivers: type: array items: $ref: '#/components/schemas/User' hashtag: type: string via: type: string family_amount: type: integer BonusInput: type: object required: - reason properties: reason: type: string description: The recognition text, including receiver mentions, amount, and hashtag. giver_email: type: string parent_bonus_id: type: string BonusResponse: type: object properties: success: type: boolean result: $ref: '#/components/schemas/Bonus' User: type: object properties: id: type: string short_name: type: string display_name: type: string username: type: string email: type: string full_name: type: string first_name: type: string last_name: type: string path: type: string full_pic_url: type: string profile_pic_url: type: string can_give: type: boolean earning_balance: type: integer earning_balance_with_currency: type: string giving_balance: type: integer giving_balance_with_currency: type: string can_receive: type: boolean department: type: string country: type: string time_zone: type: string user_mode: type: string UserInput: type: object properties: email: type: string first_name: type: string last_name: type: string display_name: type: string budget_boost: type: integer user_mode: type: string role: type: string department: type: string country: type: string time_zone: type: string UserResponse: type: object properties: success: type: boolean result: $ref: '#/components/schemas/User' Reward: type: object properties: request: type: string name: type: string type: type: string description: type: string image_url: type: string denominations: type: array items: type: number currency_code: type: string countries: type: array items: type: string Redemption: type: object properties: id: type: string created_at: type: string format: date-time display_name: type: string amount: type: integer amount_with_currency: type: string reward_amount: type: number currency_code: type: string reward_type: type: string status: type: string user: $ref: '#/components/schemas/User' Snapshot: type: object properties: id: type: string status: type: string type: type: string created_at: type: string format: date-time Company: type: object properties: id: type: string name: type: string subdomain: type: string allow_self_registration: type: boolean base_allowance: type: integer currency_code: type: string default_country: type: string company_newsfeed_enabled: type: boolean values: type: array items: type: string