Skip to main content

Authorization

Authorization is a critical security component of the MindKey Connector API, controlling access by defining specific permissions for API clients. This process ensures that clients have access only to the resources and actions necessary for their operations. API scopes are central to this authorization process, delineating these permissions accurately.

When setting up a new client or integrating a service with the MindKey Connector API, it's essential to carefully assign the correct scopes. These scopes can be designated when generating API keys or configuring Microsoft Entra ID accounts, based on the level of access required by the application. For detailed instructions on configuring these scopes along with API key or Microsoft Entra ID setup, please refer to the API key authentication and Microsoft Entra ID authentication sections of our documentation.

Scopes in the MindKey Connector API

The MindKey Connector API offers various scopes, each tailored to specific functionalities and data access levels within the system. Here's an overview of the available scopes:

  • Employee: Grants access to employee profiles, including personal details, contact information, and employment status—ideal for applications requiring broad employee data access or specific employee details.
  • EmployeeData: Extends the employee information available under the Employee scope with additional attributes critical for detailed employee management systems.
  • Compensation: Focuses on financial data related to employee compensation, such as salaries, bonuses, stock options, and other financial benefits—essential.
  • TimeTracking: Allows access to time tracking data to monitor and analyze work hours
  • Organization: Provides information on the organizational structure, including departmental details, positions, and hierarchical relationships.
  • Leave: Enables management and querying of employee leave records, including vacations, medical leaves, and other absences.
  • Workingtime: Grants access to work schedules and hours.

Each scope is designed for specific functions and accesses different data sets. It's important to understand the distinctions between them to ensure your application functions correctly while adhering to security best practices.

info

Scopes in the MindKey Connector API are "Entity/Endpoint" based rather than "Record" based. This means that when a scope is assigned to an API Key or Microsoft Entra ID account, it grants the ability to retrieve all records accessible through that specific endpoint. There is no record-level security implemented, which allows for unrestricted access to all data available under a particular scope once permission is granted.

For a comprehensive understanding of which endpoints are included under each scope, please check out the API References section of our documentation. This section is organized according to scopes, offering detailed insights into the endpoints available and their capabilities.