API Integration
The HR COREHub platform provides a robust and secure REST API that allows organizations to integrate external payroll, shift management, and employee database systems.
API Authentication
All API requests must be authenticated. HR COREHub supports two main authentication schemes:
- JSON Web Tokens (JWT): Used for user-centric sessions and interactive requests. Tokens are retrieved via the
/api/v1/auth/loginendpoint and must be passed in theAuthorization: Bearer <Token>header. - API Keys: Used for server-to-server backend integrations. API Keys can be generated from the admin settings panel and must be included in the request headers as
X-API-Key: <Key>.
Webhooks
Webhooks allow your application to receive real-time notifications about specific events in HR COREHub.
- Event Triggers: Receive instant callbacks when employee profiles are updated, leave requests are approved, or attendance status changes.
- Delivery Policy: Webhook event payloads are signed using a shared secret hash to verify authenticity. You must validate the header signature
X-Hub-Signatureto secure the callback endpoint.
Rate Limits
To ensure system stability, high availability, and protection against denial-of-service attempts, rate limits are strictly enforced:
- Standard Integrations: Up to 60 requests per minute per API key.
- Premium Channels: Up to 300 requests per minute.
- Response Headers: The API Gateway returns rate limit information in
X-RateLimit-LimitandX-RateLimit-Remainingheaders on every response.