BreatheHR Redacted API
At dxw we use BreatheHR as our HR system. We want to be able to access its API in order to get information about holidays, sickness, training etc. and put them into other systems.
The BreatheHR API does not allow you to limit the access of particular API keys. That means that anyone with an API key could access sensitive personal information.
This project exists as a middleman between projects that want to consume information about staff absences without being able to access other personal information. Rather than making a request to the BreatheHR API, an app makes a request to this redacted API instead.
This project is deployed and run on Heroku. Due to the sensitive nature of the data, only a handful of people have access to it.
API
Authorization
Pass an API key for this app (not one for BreatheHR) via the X-Api-Key
header
Endpoints
The API has four endpoints:
/employees
Returns a JSON array of the emails and IDs of all employees.
/absences
, /sicknesses
, /employee_training_courses
Each return a JSON array of all absences/sicknesses/trainings. Use the filter
parameter employee_id
to limit to a particular employee, and after
with a
YYYY-MM-DD date to limit the age of items
/absences?employee_id=123&after=2023-04-06
Running locally
-
Install the dependencies via Bundler:
$ bundle install
-
Set up your environment variables by copying
.env.example
to.env
and fill in the blanks. -
Start the server
ruby api.rb
Developing
Running the tests:
$ bundle exec rspec lib