Security Reference Guide

From your , ,

Applies to ,


When I Work strives to comply with industry standard best practices that ensure your data stays private and secure.

Use the following article as a guide to learn more about the security measures that When I Work has implemented for the web app and mobile apps.

Trust Center

Check out our Trust Center to dive deeper into the measures When I Work has taken to build a secure platform.

Token-based authentication

When I Work uses token-based authentication for the web app and mobile apps. Token-based authentication is a secure verification method that enables users to log in once to the When I Work app and access it for up to 8 days without needing to log back in.

Who is impacted?

  • Users of the When I Work web app
  • Users of the iOS When I Work Scheduling app on any version before 8.3.1
  • Every API consumer that is not using an application key

Token expiration parameters

Web app users are logged out of their accounts every 8 days unless they log out and log back in within 5 days. Mobile app users tokens stay active as long as they continue to use the mobile app.

  • Logged in users receive an expiring token when their token is refreshed after 5 days.
  • Any users not logged in to the web app are given a new token with an expiration date the next time they log in.
  • Five days after receiving the new token, the token is refreshed at log in.

TLS v1.2 compliance

A TLS v1.2 compliant version of your web browser or mobile app is required to connect to When I Work. If your web browser or mobile app is not compliant, you will not be able to connect to When I Work. Use this article to help determine if your method of connection is compliant.

Check out the following articles for more information about TLS v1.2 compliance.

Updated on March 1, 2024

Was this article helpful?

Related Articles

Still Need Help?

Open a ticket with our customer care team.

Submit a Ticket