Skip to main content

API Integration

The HR COREHub platform provides a robust and secure REST API that allows organizations to integrate external payroll, shift management, and employee database systems.

Architecture diagram illustrating the REST API integration gateway, authentication layers, and webhook event delivery system of HR COREHub

API Authentication

All API requests must be authenticated. HR COREHub supports two main authentication schemes:

  • JSON Web Tokens (JWT): Used for user-centric sessions and interactive requests. Tokens are retrieved via the /api/v1/auth/login endpoint and must be passed in the Authorization: Bearer <Token> header.
  • API Keys: Used for server-to-server backend integrations. API Keys can be generated from the admin settings panel and must be included in the request headers as X-API-Key: <Key>.

Webhooks

Webhooks allow your application to receive real-time notifications about specific events in HR COREHub.

  • Event Triggers: Receive instant callbacks when employee profiles are updated, leave requests are approved, or attendance status changes.
  • Delivery Policy: Webhook event payloads are signed using a shared secret hash to verify authenticity. You must validate the header signature X-Hub-Signature to secure the callback endpoint.

Rate Limits

To ensure system stability, high availability, and protection against denial-of-service attempts, rate limits are strictly enforced:

  • Standard Integrations: Up to 60 requests per minute per API key.
  • Premium Channels: Up to 300 requests per minute.
  • Response Headers: The API Gateway returns rate limit information in X-RateLimit-Limit and X-RateLimit-Remaining headers on every response.