OpenID Connect Login API Q&A

What is OpenID Connect Login API?

Access control to the API is always controlled by an API key that identifies a particular user. Usually, this API key is generated by the user in the BambooHR application. It is now possible for registered applications to generate new API keys for each user on the fly by making a special API request, using our OpenID Connect Login API. 


Why do we require Apps Marketplace Partners to use it?

We want to track what customers are using the integration our Apps Martketplace Partners build. This will allow us to take strategic steps to strengthen and analyze each integration.
Additionally, it will provide a better configuration experience for the customer. Customers will not need to generate an API key in BambooHR. Instead, they will provide their BambooHR account subdomain in your application, and then you will direct the user to BambooHR for authentication. Once authenticated, you can retrieve an API key on their behalf.


How do I get an Application Key?

To use this endpoint, the partner will need to complete, sign, and return our Application Key Agreement.  Once accepted, BambooHR will issue a unique Application Key to the partner.


What information is in the agreement?

Our Application Key Agreement will require the discarding of email/passwords provided by your user, agreeing to not share the application key, and other approvals and testing your product will go through. The revoking of access may also take place if we deem any actions taken as untrustworthy.


How will this impact current customers using the integration?

Once a Partner rolls out the OpenID Connect Login functionality, existing customers using the integration will need to re-authenticate and re-configure.  This will update their API key to one that is trackable by BambooHR.