API access is configured under Settings → Company → Integrations tab when the API feature is enabled on your plan.
Authentication
Send Authorization: Bearer <your_api_key> header with each request.
Available resources (v1)
- employees — list and search staff
- attendance — daily/monthly punches
- leaves — leave applications and status
- payslips — approved payslip data
- vacancies — open job posts
- projects, expenses, overtime, and more per your plan features
Base endpoint pattern: /hellohrms/api/v1/index.php?resource=<name>
-
Open Integrations settings
Settings → Company → Integrations tab (company_settings.php?tab=integrations).
-
Generate API key
Enter a descriptive key name, select scopes if prompted, click Generate. Copy the key immediately — it is shown only once.
-
Test with curl
Example: GET /hellohrms/api/v1/index.php?resource=employees with Bearer header. Confirm JSON list returns.
-
Rotate compromised keys
Revoke old keys from the integrations list and issue a new key without downtime on other integrations.
-
OTP provider (optional)
Same tab configures Email or OTPmore/WhatsApp OTP for login verification — separate from REST API keys.