🔑 API Authentication
Get your Secret Keys to authenticate your API Calls. Secure API Call with Domain whitelisting.
- Having an HrFlow.ai account. To signup, please visit https://hrflow.ai/signup
Step 1: Access your API Keys
After creating your account, our system will automatically generate for you three pairs of :
- API ID
- API SECRET KEY (you have to store it safely)
API KEY LEAKS
If you believe one of your API keys has been compromised, you should immediately revoke it.
Each one of these keys has a different level of permissions. They are intended for different use cases.
|Permissions||Use Case||API SECRET KEY (ask)|
|Write||To send data to the HrFlow.ai API.|
|Starts with |
|To get data from the HrFlow.ai API. For ||Starts with |
|To get/send data from/to the HrFlow.ai API.|
|Starts with |
Exposing an API Key with a
If you use an API Key with Read permission in an exposed website, you should whitelist the domain where you use it to avoid personal data leaks.
Step 2: Whitelist your domains & Secure your data
Domain whitelisting in HrFlow.ai is a security model that controls access to outside domains. The default security policy is to allow all external API calls. The developers can limit the access to specific network domains and subdomains by declaring them.
Step 3: Authenticate your API requests
API calls requires at least:
- an HrFlow.ai API
The HrFlow.ai requests are authenticated using two
HTTPheaders called :
X-API-KEY: pass your API Secret Key to it (ex: DEMO_KEY)
X-USER-EMAIL: pass your email used to sign in to the HrFow.ai Portal (ex: [email protected])
curl --request METHOD --url ENDPOINT_URL -header "X-API-Key: DEMO_KEY" --header "X-USER-EMAIL:[email protected]"
Updated about 1 year ago