OAuth2 Documentation

Access to the API is managed using the 3-legged OAuth2 specification with the ability to refresh tokens.

Once a user has approved access, the integrator can access their Kin data to incorporate other 3rd party and proprietary systems.

Resource Group

GET https://ident.kinhr.com//core/connect/authorize?client_id=e5bdd0eb-c66c-4fc9-8d44-5bb9f9c309bb&redirect_uri=https:/localhost:44311/oauth/handle&response_type=code&scope=openid profile email roles offline_access account timeoff files employees calendar reviews objectives tasks company search&state=noonce=09ab6f98,otherId=123-12
Responses200
This response has no content.

Token

To access Kin User data you are required to provide a valid access_token. Include the access_token as a HTTP Authentication header value with the Bearer Scheme.

The following examples show how to obtain an access_token.

[NOTE:]

All exchange requests require a HTTP Authentication header with a Basic Scheme and a Base64 encrypted client_id:client_secret value.

POST https://ident.kinhr.com//core/connect/token
Requestsexample 1
Headers
Authorization: Basic Base64(client_id:client_secret)
Body
grant_type=authorization_code&redirect_uri=https://localhost:44311/oauth/handle&code=YOUR-CODE-HERE
Responses200
Headers
Content-Type: application/json
Body
{
    "id_token": "TG9yZW0gSXBzdW0gaXMgc2ltcGx5IGR1bW15IHRleHQgb2YgdGhlIHByaW50aW5nIGFuZCB0eXBl
c2V0dGluZyBpbmR1c3RyeS4gTG9yZW0gSXBzdW0gaGFzIGJlZW4gdGhlIGluZHVzdHJ5J3Mgc3Rh
bmRhcmQgZHVtbXkgdGV4dCBldmVyIHNpbmNlIHRoZSAxNTAwcywgd2hlbiBhbiB1bmtub3duIHBy
aW50ZXIgdG9vayBhIGdhbGxleSBvZiB0eXBlIGFuZCBzY3JhbWJsZWQgaXQgdG8gbWFrZSBhIHR5
cGUgc3BlY2ltZW4gYm9vay4=",
    "access_token": "W0gSXBzdW0gaGFzIGJlZW4gdW0gSXBzd",
    "expires_in": 1200,
    "token_type": "Bearer",
    "refresh_token": "0dGluZyBpbmR1c3RyeS4gTG90dGluZys"
}

Authorization code exchange
POST/core/connect/token


POST https://ident.kinhr.com//core/connect/token
Requestsexample 1
Headers
Authorization: Basic Base64(client_id:client_secret)
Body
grant_type=refresh_token&refresh_token=YOUR-REFRESH-TOKEN-HERE
Responses200
Headers
Content-Type: application/json
Body
{
  "access_token": "W0gSXBzdW0gaGFzIGJlZW4gdW0gSXBzd",
  "expires_in": 1200,
  "token_type": "Bearer",
  "refresh_token": "0dGluZyBpbmR1c3RyeS4gTG90dGluZys"
}

Refresh token exchange
POST/core/connect/token


POST https://ident.kinhr.com//core/connect/token
Requestsexample 1
Headers
Authorization: Basic Base64(client_id:client_secret)
Body
grant_type=refresh_token&refresh_token=YOUR-REFRESH-TOKEN-HERE&acr_values={"kin_data":{"Company_Id":"THE-COMPANY_ID"}}
Responses200
Headers
Content-Type: application/json
Body
{
  "access_token": "W0gSXBzdW0gaGFzIGJlZW4gdW0gSXBzd",
  "expires_in": 1200,
  "token_type": "Bearer",
  "refresh_token": "0dGluZyBpbmR1c3RyeS4gTG90dGluZys"
}

Token exchange for a specific Company
POST/core/connect/token


User information

GET https://ident.kinhr.com//core/connect/userinfo
Requestsexample 1
Headers
Authorization: Bearer access_token
Responses200
Headers
Content-Type: application/json
Body
{
  "sub": "2722924d-9fef-11e6-9047-001c4240f5d6",
  "preferred_username": "[email protected]",
  "given_name": "Demo",
  "family_name": "User",
  "timeZoneId": "Central Standard Time",
  "email": "[email protected]",
  "avatar": ""
}

Consent user info
GET/core/connect/userinfo


Generated by aglio on 21 Nov 2017