You need an API key in order to call the WiseTime Connect API. To obtain an API key, create a connection through your team settings page.
Once you have an API key, you can authenticate your HTTP requests by setting the the x-api-key header. For example:
curl --header "x-api-key: yourwisetimeconnectapikey" https://wisetime.io/connect/api/team/info
When registering your posted time webhook, you can specify a Caller Key. Whenever WiseTime calls your webhook, it will send the Caller Key back to you so that you can authenticate that the call indeed comes from WiseTime.
See the Posted Time section of the WiseTime Connect API for details on how you can register a webhook.