Authentication and Authorization

This article explains how to obtain the authentication necessary to start using the HR Cloud REST APIs.

Authentication

HR Cloud REST APIs use two ways of user authentication.

Customer Key and Secret

Customer key and secret are software level credentials which help identify a user without his username and password.

For authentication, pass the customer key and secret in the request header. Both key and secret are usually alphanumeric strings. For example:
```
Customer_Key 697ah89dc58a4
Customer_Secret da2530cd0d024503e9a3
```
If you are a System or an HR Admin,
1. Go to System Settings,
2. Under General, choose Service Accounts,
3. Click on the '+' sign to add a new one,
4. Add a title and activate the account status,
5. The necessary information will appear under KEY and SECRET columns.
Basic Authentication

In this method, a username and password are passed in the Authorization request header.

To construct the authorization header,
- Combine username and password using a colon ( : )
- Encode the resulting string using Base64
- Prepend authorization method and space to the string.
For example,
```
passkey = EncodeToBase64(unencodedUsername +":"+unencodedPassword)
authHeader = string.Format("{0} {1}", "Basic", passkey)
request.Headers.Add("Authorization", authHeader);
```
Here's how it looks like in Postman, for example:

Authorization

Requests are only serviced for resources to which the user is allowed to access the specified method.

The HTTP status code 403, Forbidden is returned for any request which attempts to access an unauthorized resource or unauthorized method on an authorized resource.

To allow the integration with an external system, the API User needs to have the correct set of permissions.

For that, feel free to reach out to your Account Manager or at support@hrcloud.com.