🔑 API Authentication
Get your Secret Keys to authenticate your API Calls. Secure API Call with Domain whitelisting.
Prerequisites
- Having an HrFlow.ai account. To signup, please visit https://hrflow.ai/signup
Step 1: Access your API Keys
After creating your account, our system will automatically generate for you three pairs of :
- API ID
- API SECRET KEY (you have to store it safely)
API KEY LEAKS
If you believe one of your API keys has been compromised, you should immediately revoke it.
Each one of these keys has a different level of permissions. They are intended for different use cases.
| Permissions | Use Case | API SECRET KEY (ask) |
|---|---|---|
| Write | To send data to the HrFlow.ai API. For FRONTEND and BACKEND. | Starts with askw_ |
Read | To get data from the HrFlow.ai API. For BACKEND. | Starts with askr_ |
Read & Write | To get/send data from/to the HrFlow.ai API. For BACKEND. | Starts with ask_ |
Exposing an API Key with a
ReadpermissionIf you use an API Key with Read permission in an exposed website, you should whitelist the domain where you use it to avoid personal data leaks.
Settings > API > Keys
Step 2: Whitelist your domains & Secure your data
Domain whitelisting in HrFlow.ai is a security model that controls access to outside domains. The default security policy is to allow all external API calls. The developers can limit the access to specific network domains and subdomains by declaring them.
Step 3: Authenticate your API requests
API calls requires at least:
- an HrFlow.ai API
ENDPOINT_URL - a
METHODsuch asGET,POST,PATCH,PUT,DELETE.
The HrFlow.ai requests are authenticated using twoHTTPheaders called : X-API-KEY: pass your API Secret Key to it (ex: DEMO_KEY)X-USER-EMAIL: pass your email used to sign in to the HrFow.ai Portal (ex: [email protected])
curl --request METHOD --url ENDPOINT_URL -header "X-API-Key: DEMO_KEY" --header "X-USER-EMAIL:[email protected]"
Updated almost 3 years ago