At dxw we use BreatheHR as our HR system. We want to be able to access its API in order to get information about holidays, sickness, training etc. and put them into other systems.
The BreatheHR API does not allow you to limit the access of particular API keys. That means that anyone with an API key could access sensitive personal information.
This project exists as a middleman between projects that want to consume information about staff absences without being able to access other personal information. Rather than making a request to the BreatheHR API, an app makes a request to this redacted API instead.
This project is deployed and run on Heroku. Due to the sensitive nature of the data, only a handful of people have access to it.
Pass an API key for this app (not one for BreatheHR) via the X-Api-Key header
The API has four endpoints:
Returns a JSON array of the emails and IDs of all employees.
Each return a JSON array of all absences/sicknesses/trainings. Use the filter
parameter employee_id to limit to a particular employee, and after with a
YYYY-MM-DD date to limit the age of items
/absences?employee_id=123&after=2023-04-06
-
Install the dependencies via Bundler:
$ bundle install -
Set up your environment variables by copying
.env.exampleto.envand fill in the blanks. -
Start the server
ruby api.rb
Running the tests:
$ bundle exec rspec lib