Home Account Settings, Security & Data Portability

Account Settings, Security & Data Portability

By Lahiru Himesh Madusanka

• 4 articles

Workspace data export, backup, and import

Workspace data export, backup, and import Timether includes workspace data tools to help you back up, move, export, and restore your workspace information. These tools are useful when you want to keep a backup, analyze your time logs outside Timether, prepare reports, or restore data from a previous export. You can find these options inside your workspace settings. Exporting a full JSON backup The Export JSON option downloads a complete backup file of your workspace data. This backup can include: - Clients - Projects - Tags - Invoices - Time entries A JSON export is useful when you want to keep a full copy of your workspace data or move data between environments. Because this export is designed as a structured backup, it is best used for restoring or migrating data rather than for spreadsheet analysis. When to use JSON export Use Export JSON when you want to: - Create a full workspace backup - Save a copy before making major changes - Move workspace data to another setup - Restore data later using the import tool - Keep a long-term backup of important records It is a good idea to store exported backup files safely, especially if they contain client names, invoice details, or time tracking history. Exporting time logs as CSV The Export CSV option lets you export time logs in a spreadsheet-friendly format. You can filter the export by date range and tags before downloading the file. CSV exports are useful when you want to analyze your time data in tools such as Excel, Google Sheets, Numbers, or other reporting systems. For example, you can export time logs for a specific month, project period, or tag such as #meetings, #dev, or #design. Exporting time logs as PDF The Export PDF option creates a visual report of your time logs. Like CSV exports, PDF exports can be filtered by date range and tags. PDF exports are useful when you want to share or present time records in a cleaner format. For example, you may use a PDF export for: - Client updates - Internal reviews - Project reports - Billing support documents - Management presentations CSV is better for calculations and analysis, while PDF is better for reading, sharing, and presentation. Filtering exports by date range and tags When exporting time logs to CSV or PDF, you can choose the date range you want to include. This helps you export only the records that matter for the report or analysis. You can also filter by tags to focus on specific types of work. For example, you might export: - All #meetings from this month - All #dev work from last week - All #support time during a billing period - All tagged entries for a selected client review Using filters keeps exports focused and easier to understand. Importing a JSON backup The Import JSON option lets you upload a previously exported Timether JSON backup file. This can be used to quickly restore workspace data from a backup. To import a JSON backup: 1. Go to Workspace Settings. 2. Open the data export, backup, or import section. 3. Choose Import JSON. 4. Select the previously exported JSON backup file. 5. Confirm the import. Once imported, Timether will restore the data from the backup file into the workspace. Before importing data Before importing a JSON backup, make sure you are in the correct workspace. Imports can affect the workspace you are currently using, so it is important to check your active workspace before continuing. You may also want to export a fresh backup before importing, especially if the current workspace already contains important data. Clearing a workspace The Clear Workspace option deletes workspace data and resets the workspace to a clean state. This action can delete: - Tracked time entries - Projects - Clients - Tags It can also reset active timers. Clear Workspace is a destructive action and requires confirmation. Only use it if you are sure you want to remove the workspace’s tracked data and setup. Important warning about Clear Workspace Clearing a workspace cannot be treated like archiving. Archiving hides old clients or projects while keeping historical records. Clearing a workspace removes data from the workspace. Before using Clear Workspace, consider exporting a JSON backup first. This gives you a copy of the workspace data in case you need to restore it later. Recommended backup practice If your workspace contains important billing, client, or time tracking records, create regular JSON backups. You may also want to export CSV or PDF reports at the end of each billing period for accounting, analysis, or client records. Use JSON for full backup and restore. Use CSV for spreadsheet analysis. Use PDF for readable reports and presentation.

Last updated on May 19, 2026

Securing your account with two-factor authentication

Securing your account with two-factor authentication Two-factor authentication, also known as 2FA, adds an extra layer of protection to your Timether account. When 2FA is enabled, signing in requires both your password and a temporary verification code from an authenticator app. This helps protect your account even if someone else gets access to your password. Why enable 2FA? 2FA helps secure your login by requiring a second step during sign-in. Your password is something you know. The 2FA code is something generated on your trusted device. This makes it much harder for someone to access your Timether account without permission. What you need To set up 2FA, you need an authenticator app that supports TOTP codes. Common options include: - Google Authenticator - Authy - Microsoft Authenticator - 1Password - Bitwarden - iCloud Passwords These apps generate short-lived codes that refresh automatically. Setting up 2FA To enable 2FA: 1. Go to your account settings. 2. Open the Security or Two-Factor Authentication section. 3. Choose Enable 2FA. 4. Timether will show a QR code and a secret key. 5. Open your authenticator app. 6. Scan the QR code. After scanning, your authenticator app will add Timether and begin generating verification codes. Using the secret key instead of the QR code If you cannot scan the QR code, you can copy the secret key manually. To use the secret key: 1. Copy the secret key shown in Timether. 2. Open your authenticator app. 3. Choose the option to add an account manually. 4. Paste or type the secret key. 5. Save the account. Your authenticator app should then start generating Timether verification codes. Confirming setup 2FA setup is not completed immediately after scanning the QR code or copying the secret key. To finish enabling 2FA, you must enter a valid code from your authenticator app into Timether. This confirmation step makes sure the authenticator app was set up correctly before 2FA is turned on. If the code is valid, Timether will enable 2FA for your account. If the code is invalid, check that the correct account was added to your authenticator app and try again with the latest code. Signing in with 2FA After 2FA is enabled, Timether will ask for a verification code when you sign in. To sign in: 1. Enter your email and password. 2. Open your authenticator app. 3. Find the Timether code. 4. Enter the current code in Timether. 5. Continue signing in. Authenticator codes change regularly, so always use the latest code shown in the app. Disabling 2FA You can disable 2FA from your account security settings. To disable 2FA: 1. Go to your account settings. 2. Open the Security or Two-Factor Authentication section. 3. Choose Disable 2FA. 4. Enter your current account password. 5. Confirm the change. Timether requires your current account password before disabling 2FA. This helps prevent someone from turning off your account protection without permission. Keeping your authenticator access safe Make sure you keep access to your authenticator app or device. If you change phones, reset your device, or remove the authenticator app, you may lose access to your 2FA codes. Before changing devices, transfer your authenticator accounts or disable and re-enable 2FA on the new device. If your code does not work If your verification code is not accepted, try these steps: 1. Make sure you are using the latest code from your authenticator app. 2. Check that the code belongs to your Timether account. 3. Wait for the next code and try again. 4. Make sure your device time is set correctly. TOTP codes depend on accurate device time. If your phone or computer clock is incorrect, the generated code may not work.

Last updated on May 19, 2026

Session management and active device audits

Session management and active device audits Timether lets you review the devices and browsers currently signed in to your account. This helps you monitor account access, check for unfamiliar activity, and sign out from devices you no longer use. What are active sessions? An active session is a browser or device where your Timether account is currently signed in. For example, you may have active sessions from: - Your laptop browser - Your office computer - Your mobile browser - A tablet - A shared or public computer - A browser you used previously but forgot to sign out from Reviewing sessions helps you make sure only trusted devices have access to your account. Viewing your active sessions To view active sessions: 1. Go to your Profile. 2. Open the Sessions tab. 3. Review the list of active browser and device sessions. The sessions list helps you understand where your account is currently signed in. What details are shown? Each active session may include useful details such as: - Login time - Browser information - Device information - Location details - Recent activity information These details can help you identify whether a session belongs to you. For example, if you normally use Timether from Chrome on your laptop, that session should look familiar. If you see a browser, device, or location you do not recognize, you can revoke that session. Revoking a specific session If you want to sign out from one device or browser, you can revoke that specific session. To revoke a session: 1. Go to Profile. 2. Open the Sessions tab. 3. Find the session you want to remove. 4. Click Revoke, Sign Out, or the available remove option. 5. Confirm the action if prompted. Once revoked, that device or browser will be signed out of Timether. The next time someone tries to use Timether from that session, they will need to sign in again. When to revoke a session You should revoke a session if: - You signed in on a shared or public computer - You lost access to a device - You forgot to sign out somewhere - You see a browser or location you do not recognize - You think your account may have been accessed without permission Revoking sessions is a simple way to protect your account without changing your password immediately. Logging out all other sessions Timether also provides a Log Out Other Sessions option. This instantly ends all active sessions except the one you are currently using. To log out other sessions: 1. Go to Profile. 2. Open the Sessions tab. 3. Click Log Out Other Sessions. 4. Confirm the action. After this, all other browsers and devices will be signed out. Your current session will remain active, so you can continue using Timether. When to use Log Out Other Sessions Use Log Out Other Sessions when you want a quick account security reset. This is useful if: - You changed your password - You used Timether on multiple devices and want to clean up access - You suspect someone else may have access - You lost a device - You want to make sure only your current device stays signed in What happens after a session is revoked? When a session is revoked, Timether removes access for that browser or device. The user on that device will be signed out and must log in again to continue. If two-factor authentication is enabled, they will also need to complete the 2FA step during the next login. Keeping your account secure It is a good idea to review your active sessions regularly, especially if you use Timether across multiple devices. If you notice anything suspicious, revoke the session immediately and consider changing your password. For stronger protection, enable two-factor authentication from your account security settings.

Last updated on May 19, 2026

Developer API access and token management

Developer API access and token management Timether provides API access for developers who want to connect Timether with other tools, internal systems, dashboards, automations, or custom workflows. API access is available through public API tokens, which can be created and managed from your workspace settings. Plan requirement Public API token generation is available for workspace members on: - Team - Business API token access is not available on the Free plan or Solo Pro plan. If your workspace does not show API token settings, check that your workspace is on a Team or Business plan and that your role has permission to manage or use API access. What API tokens are used for API tokens allow external systems to securely communicate with the Timether API. Developers can use the API to build integrations such as: - Internal reporting dashboards - Custom productivity tools - Billing or finance workflows - Data export automations - Team monitoring systems - Client portals - Other internal business tools API tokens should only be created for trusted systems and should be handled carefully. Creating an API token To create a new API token: 1. Go to your workspace settings. 2. Open the Developer, API, or API Tokens section. 3. Click Create Token or New Token. 4. Add a name that helps you recognize what the token is used for. 5. Confirm token creation. 6. Copy the generated token and store it somewhere safe. For security, API tokens are shown only once when they are created. After you leave the token creation screen, you will not be able to view the full token again. If you lose the token, you will need to revoke it and create a new one. Storing tokens safely Treat API tokens like passwords. Anyone with access to a valid token may be able to access Timether API data based on the permissions available to that token and workspace. Do not share tokens in public places such as: - GitHub repositories - Public documentation - Client-side JavaScript - Chat messages - Screenshots - Support tickets - Shared documents Store tokens in a secure environment variable or secrets manager when using them in applications. Revoking an API token If a token is no longer needed or may have been exposed, revoke it from the API token settings. To revoke a token: 1. Go to workspace settings. 2. Open the Developer, API, or API Tokens section. 3. Find the token you want to remove. 4. Click Revoke or Delete. 5. Confirm the action. Once revoked, the token can no longer be used to access the Timether API. If an application was using that token, you will need to create a new token and update the application with the new value. Making API requests Timether API requests use the base path: /api/v1 When making a request, include your API token in the Authorization header using the Bearer token format. Example: Authorization: Bearer your_api_token_here You must also specify which workspace the request belongs to by sending the workspace ID in the X-Workspace-Id header. Example: X-Workspace-Id: your_workspace_id_here Example request headers A typical API request should include headers like this: Authorization: Bearer your_api_token_here X-Workspace-Id: your_workspace_id_here Content-Type: application/json The Bearer token authenticates the request. The workspace ID tells Timether which workspace context to use for the request. Why workspace context is required Timether accounts can belong to multiple workspaces. Because workspace data is separated, the API needs to know which workspace the request should operate inside. The X-Workspace-Id header makes this explicit. This helps prevent API requests from accidentally reading or writing data in the wrong workspace. Token security best practices Use a separate token for each integration where possible. For example, use one token for an internal dashboard and another token for a reporting automation. This makes it easier to revoke one integration without affecting others. Name tokens clearly so you can recognize them later. For example: - Internal reporting dashboard - Monthly export automation - Finance sync - Client portal integration Revoke old or unused tokens regularly. If a developer leaves the team or an integration is no longer used, remove the related token. If an API request fails If an API request does not work, check the following: 1. The token is valid and has not been revoked. 2. The token is included in the Authorization header. 3. The header uses the correct Bearer format. 4. The X-Workspace-Id header is included. 5. The workspace is on a Team or Business plan. 6. The workspace is active and not in a billing read-only state. 7. The request is being sent to the correct /api/v1 endpoint. If the workspace is in read-only mode because of a billing issue, write requests may be blocked until billing is resolved.

Last updated on May 19, 2026