Integrate HeimdallHR with anything

A REST API, webhooks for every event, OAuth for secure access, and a sandbox to develop against. Build the integrations your business needs — to IT systems, payroll, BI tools, or anywhere else your data lives.

Start Free Trial Book a Demo

Sound familiar?

Data silos

Employee data lives in HR, but IT, payroll, and finance need it too. You end up with three slightly-different copies and reconciliation pain.

Manual CSV exports

Every payroll run starts with someone exporting a CSV and re-importing it elsewhere. Errors creep in. Hours wasted.

Bespoke integration cost

Need a custom integration to your IT-provisioning tool? Vendor quotes you £10k and three months. Painful.

Polling instead of events

Other systems can't subscribe to events. They poll the API every hour, miss changes in between, drift out of sync.

A first-class developer experience for HR data

The API & Webhooks add-on opens HeimdallHR up to your wider stack: a clean REST API covers every resource, webhooks fire on every event, OAuth handles auth properly, and a sandbox environment lets your engineering team build and test without touching production. Comprehensive docs and SDKs (Node, Python, .NET) shorten time-to-integration.

Everything you need

Clean REST API

Resource-oriented, predictable URLs, JSON in/out. Covers employees, leave, performance, comp, expenses, recruitment — everything.

Webhooks for every event

Subscribe to events like hire, leave approval, role change, leaver. We POST to your URL with the payload. Retry on failure.

OAuth 2.0

Standards-based auth. Per-app credentials, scoped permissions, refresh tokens. No password-in-config nonsense.

Sensible rate limits

Generous defaults, clearly documented. Bursts allowed. Rate-limit headers on every response so clients can back off cleanly.

Sandbox environment

A fully-featured sandbox with seeded test data. Develop and test without touching production employees.

Comprehensive docs

Reference docs, quick-starts, recipes, OpenAPI spec. SDKs in Node, Python, and .NET. Try-it-out console in the docs.

How it works

1

Get credentials

Create an OAuth app from your admin panel. Sandbox + production keys.

2

Build

Use the API / SDK to read & write HR data. Subscribe webhooks to events.

3

Test in sandbox

Develop against the sandbox with seeded data. No risk to production.

4

Promote to production

Same code, production credentials, real data. Monitor via the audit log.

The impact

One source of truth

HR data flows automatically to where it's needed. No more reconciliation pain.

No bespoke integration fees

Your team builds integrations in days, not months. No vendor lock-in.

Real-time updates

Webhooks push changes immediately. Other systems stay in sync without polling.

Secure by design

OAuth + scoped permissions + audit logs. Compliant with your security team's expectations.

What's included

  • REST API covering every resource
  • Read & write endpoints
  • Cursor-based pagination
  • Filtering, sorting, sparse fields
  • Webhooks for every domain event
  • Webhook signatures (HMAC) for verification
  • Automatic webhook retries with backoff
  • OAuth 2.0 with scoped permissions
  • Per-app API keys
  • Rate-limit headers & documented limits
  • Sandbox environment with seeded data
  • OpenAPI 3 spec
  • SDKs in Node, Python, .NET
  • Interactive docs with try-it-out
  • Audit log of all API calls

Works seamlessly with

HeimdallHR is most powerful when used together.

Custom Workflows

Workflows can call out to your APIs

Advanced Reporting

Pull HR data into PowerBI, Tableau, Looker

E-Signatures

Sign-event webhooks to drive downstream actions

Employee Directory

Sync employees to IT-provisioning systems

Common questions

What are the rate limits?

Default 100 requests/min sustained with bursts up to 500. Webhook deliveries don't count against your rate limit. Higher limits available on request — talk to us.

Do webhooks retry on failure?

Yes. Exponential backoff over 24 hours. After final failure, the event lands in a dead-letter queue you can replay from the admin panel.

Can I scope access tokens?

Yes. OAuth scopes let you create read-only tokens, employee-only tokens, etc. Principle-of-least-privilege by design.

Is there an API change policy?

We follow semver. Breaking changes only in major versions with 12-month deprecation notice. Backwards-compatible additions can land any time and are documented in the changelog.

Connect HeimdallHR to your stack

Start your 30-day free trial. Sandbox credentials available from day one.

Start Free Trial Book a Demo

No credit card required. Cancel anytime.