Developer / Public API

The platform
your engineers will actually like.

Versioned REST, scoped keys with per-key rate limits, HMAC-signed webhooks, a metering dashboard, and audit log SIEM export — backed by a developer portal.

GET/api/v1/employees/:id
200 OK
{
  "id": "emp_01HK9XQ4",
  "first_name": "Sarah",
  "last_name": "Jenkins",
  "email": "[email protected]",
  "department": {
    "id": "dep_01HJ4",
    "name": "Engineering"
  },
  "employment": {
    "type": "full_time",
    "start_date": "2024-02-12",
    "status": "active"
  }
}
Latency
42ms
Rate left
993 / 1k
Version
v1
v1 GA
Versioned REST
HMAC
Signed webhooks
Per-key
Rate limits
SIEM
Audit log stream
Versioned REST

One contract. One version line. No surprise breakage.

Every endpoint sits under /api/v1/*. Breaking changes ship under a new version with a 12-month overlap. Deprecations are advertised in response headers and in the changelog.

  • Versioned under /api/v1/*
  • 12-month deprecation overlap minimum
  • Deprecation headers on responses
  • Idempotency keys on writes
  • Cursor-based pagination
  • Sandbox tenant for testing
GET/api/v1/employees/:id
200 OK
{
  "id": "emp_01HK9XQ4",
  "first_name": "Sarah",
  "last_name": "Jenkins",
  "email": "[email protected]",
  "department": {
    "id": "dep_01HJ4",
    "name": "Engineering"
  },
  "employment": {
    "type": "full_time",
    "start_date": "2024-02-12",
    "status": "active"
  }
}
Latency
42ms
Rate left
993 / 1k
Version
v1
Scoped Keys

A key per integration. A scope per key.

Keys are scoped to module + verb (employees:read · payroll:write) and carry per-key rate limits. Compromised keys can be revoked instantly. IP allowlists optional.

  • Scope by module and verb
  • Per-key rate limits and quotas
  • IP allowlist per key
  • Instant revocation
  • Last-used timestamp and IP
  • Service accounts vs user keys

API Keys

Scoped
BI Connector (PowerBI)
50 / min
reports:read
Payroll integration (Workday)
200 / min
employees:read · payroll:write
Slackbot · leave approvals
100 / min
leave:read · approvals:write
HMAC Webhooks

Webhooks you can actually trust.

Every event carries an HMAC-SHA256 signature over timestamp + body. Replays are rejected. Failed deliveries are retried with exponential back-off. Dead letters are inspectable.

  • HMAC-SHA256 over timestamp + body
  • 5-minute replay window
  • Exponential back-off retries (up to 6)
  • Dead letter inspection in portal
  • Event taxonomy with stable IDs
  • Per-tenant filtering at subscription

Webhook Delivery

HMAC SHA256
Payload
event: payroll.run.completed
id: evt_01HK9XQ4
tenant: acme
data.run_id: pr_2026_03
X-OB-Signature
t=1719931200,v1=8c5b7e34d9af1b...
Retried up to 6 times with exponential back-off.
Metering & SIEM

Visibility into every call and every event.

A live metering dashboard for calls, success rates, and latency. Plus an audit log stream that ships to your SIEM in CEF / JSON / NDJSON.

  • Live calls, 2xx rate, P95 latency
  • Per-key usage breakdown
  • Webhook delivery success rate
  • SIEM stream: S3, HTTPS sink, Kafka
  • CEF / JSON / NDJSON formats
  • Splunk · Datadog · Sumo · Elastic ready

API Usage

Live
Calls today
128.4k
2xx
99.6%
Webhook delivery
99.98%
P95 latency
78ms
Audit log SIEM stream
→ s3://siem-audit/officeblink/...
Common Questions

Developer platform, answered.

Yes. All endpoints live under /api/v1/* and follow semantic deprecation. Breaking changes ship under a new version with a minimum 12-month overlap.

Build on a HR platform that respects engineers.

Versioned REST, signed webhooks, scoped keys, and a metering dashboard — out of the box.