What type of integrations are supported by enableHR Open API?
enableHR's Open API supports integrations via three-legged OAuth2. enableHR supports the authorization_code grant and refresh_tokens.
What is the expiration for an access token?
Access tokens are valid for 30 minutes.
What is the expiration for a refresh token?
Unused refresh tokens expire after 14 days. If you don’t refresh your access token within 14 days the user will need to reauthorize your app. When you perform a token refresh, you should replace your existing refresh token with the new one returned in the response. If for whatever reason, you don't receive the response you can retry refreshing your existing refresh token for a grace period of 30 minutes.
What OAUTH2 client can I use?
You can use any OAUTH2 client to connect to our Authentication Authorisation Server (AAS). We have used Spring Security OAUTH, Spring Security 5 libraries, and POSTMAN to test enableHR's API’s.
What are configurations you need?
The configurations you would need to connect to our AAS are as follows:
enableHR will provide this to you
enableHR will provide this to you
Client Authentication Method
Redirect Uri Template
This is a URL on your server where we redirect to once your user has authenticated an approved access. You will need to provide this to us
Check Token Uri
User Info Uri
How does the typical OAuth2 flow looks like for enableHR's Open API?
On your website, there would be a link to connect to enableHR. When you click on the link, you will be redirected to https://login.enablehr.com/oauth/authorize?client_id=<CLIENT ID>r&redirect_uri=<YOUR REDIRECT URI>&response_type=code&scope=<SCOPES REQUESTED>&state=<SOME STATE TO VERIFY>. This will bring up the enableHR login page. Users will have to type in their username and password and approve any scopes that were requested above. If this is successful, a code will be provided in the redirect URI https://<YOUR REDIRECT URI>?code=N_aFQt&state=<SOME STATE TO VERIFY>. You can use the code to now get the access token and refresh token from the Token Uri provided above. You can verify the token using the Check Token Uri given above. Any subsequent calls to our https://rest.enablehr.com would use the above Access Token in the Authentication header. Authentication: Bearer <the access token goes here>. And the scopes requested are from our YAML.
How do I get the Client ID and Client Secret?
Client ID is shared via email to an authorised user. Client Secret is shared via email within the attached zip file. The zip file is encrypted and the password to open the file will be provided to you by SMS to the authorised user. The zip file contains one line which is the client secret. It is critical that this is kept safe.
What is Redirect URI?
This redirect URI endpoint is where you will receive the OAUTH2 auth code. The auth code will then need to be exchanged for the OAUTH2 access token. The access token can then be used in subsequent calls to retrieve data from enableHR.
What endpoints and API fields are available as part of enableHR's Open API?
You can review enableHR's Open API documentation portal here: https://developer.enablehr.com/.
For more information of what additional endpoints and API fields are coming in the future, please see this article: What data can be shared via enableHR's Open API?