- Having an HrFlow.ai account. To signup, please visit https://hrflow.ai/signup
After creating your account, our system will automatically generate for you three pairs of :
- API ID
- API SECRET KEY (you have to store it safely)
API KEY LEAKS
If you believe one of your API keys has been compromised, you should immediately revoke it.
Each one of these keys has a different level of permissions. They are intended for different use cases.
API SECRET KEY (ask)
To send data to the HrFlow.ai API.
To get data from the HrFlow.ai API. For
To get/send data from/to the HrFlow.ai API.
Exposing an API Key with a
If you use an API Key with Read permission in an exposed website, you should whitelist the domain where you use it to avoid personal data leaks.
Domain whitelisting in HrFlow.ai is a security model that controls access to outside domains. The default security policy is to allow all external API calls. The developers can limit the access to specific network domains and subdomains by declaring them.
API calls requires at least:
- an HrFlow.ai API
The HrFlow.ai requests are authenticated using two
HTTPheaders called :
X-API-KEY: pass your API Secret Key to it (ex: DEMO_KEY)
X-USER-EMAIL: pass your email used to sign in to the HrFow.ai Portal (ex: [email protected])
curl --request METHOD --url ENDPOINT_URL -header "X-API-Key: DEMO_KEY" --header "X-USER-EMAIL:[email protected]"
Updated 4 months ago