Skip to main content
Select Actions to adjust the guide
Some actions may require additional configuration in the provider to be accessible. Choose the actions you need and the guide will be updated.
Action
Scope(s)
Loading actions…
Dynamic Guide URL
Scopes Selected
Separator
HiBob OAuth 2.0 requires access to the HiBob Developer Portal, which is only available to registered HiBob technology partners. You must apply for and be approved into the HiBob Partner Programme before you can register an OAuth application. Contact your HiBob account manager or apply via the HiBob Partner Programme to request Developer Portal access.

Apply for HiBob Partnership and Developer Portal Access

OAuth 2.0 authentication in HiBob is restricted to registered technology partners. You must be approved into the HiBob Partner Programme and granted Developer Portal access before you can create an OAuth application.

1

Contact HiBob to request partner access

Reach out to HiBob to request access to the Developer Portal.

  • Contact your HiBob account manager directly, or
  • Apply via the HiBob Partner Programme page or the HiBob Marketplace to register as a technology partner
  • Click on Become a partner — this opens the HiBob Partners page. On that page, click the BECOME A PARTNER button to open a modal with partner type options. Select Tech Partner to proceed to the Tech Partner Application Form. Fill out the required details and click Submit Application.
  • Once Approved, HiBob will provision access to the Developer Portal for your account.
2

Await Developer Portal provisioning

After your partner application is approved, HiBob will provide you with access to the Developer Portal within your HiBob account.

Note: Approval may take a few business days. You will not be able to proceed with the next steps until HiBob grants Developer Portal access.

Register Your App in the HiBob Developer Portal

Once you have Developer Portal access, register your application to obtain the credentials required for OAuth 2.0 authentication.

1

Access the HiBob Developer Portal

Log in to your HiBob account and navigate to the Developer Portal.

  • Click the + Create app button and enter the required fields such as App Name (e.g. StackOne Integration) and App description, then click Create.
2

Configure OAuth Settings

Configure the OAuth application to represent your StackOne integration.

  • Click the created app — you will be directed to the app configuration page.
  • You can navigate between pages using the left-side menu.
  • In the Basic Information section, upload your app logo and review any remaining fields, then click Save in the bottom-right corner.
  • Navigate to the OAuth page. Copy the App ID, Client ID, and Client Secret (for both Development and Production) — you will need these when configuring the StackOne Connector Profile.
  • Scroll down to the Redirect URI section and add the StackOne OAuth callback URL, i.e. https://api.stackone.com/connect/oauth2/hibob/callback, then click Save in the bottom-right corner.
  • Navigate to the Scopes page, click + Manage scopes to select the required scopes, then click Apply to close the selection popup. After that, click the Save button at the bottom-right of the Scopes page to persist your changes.
  • (Optional) The App listing details and Submission information pages are only required if you intend to publish your app to the HiBob Marketplace. You can skip these for development and testing.
  • NOTE: If you want to publish your app in the HiBob Marketplace, you need to fill out the details on the Submission information page and submit your app for review. However, to test the app before publishing, you can use the Development Credentials.
  • When configuring the StackOne Connector Profile, select the Environment based on your app’s publication status in HiBob. Select Sandbox if your app has not yet been submitted for review or is still unpublished in the HiBob Marketplace — this will use your Development credentials. Select Production once your app has been approved and published in the Marketplace — this will use your Production credentials.

OAuth Scopes

HiBob uses granular OAuth scopes to control which data and actions StackOne can access on behalf of your organisation. Scopes are grouped by feature area — select only the scopes required for your integration to follow the principle of least privilege.

The minimum required scope to connect your account is employee_data:read. If you do not specify custom scopes, StackOne will request the following core scopes by default:

- employee_data:read
- employee_data:write
- employee_data.history:read
- company.metadata:read
- company.metadata:write
- documents:read
- documents:write
- reports:read
- tasks:write
- timeoff:read
- timeoff:write

Additional module-specific scopes (Goals, Hiring, Job Catalogue, Attendance, and Workforce Planning) are only available if your HiBob account includes the corresponding subscription.

Note: Scopes entered in the Scopes field under the Connector Profile form must be pre-configured on your OAuth app within the HiBob Developer Portal for the connection to succeed.

1

Core employee data scopes

Enables actions: Create Employee, Create Employment History Entry, Create Training Record, Create Work History Entry, Delete Employment History Entry, Delete Training Record, Delete Work History Entry, Get Avatar By Email, Get Avatar By Employee ID, Get Employee, Invite Employee, List Employee Employment History, List Employee Lifecycle History, List Employee Training Records, List Employee Work History, Revoke Employee Access, Search Employees, Terminate Employee, Update Employee, Update Employee Email, Update Employee Start Date, Update Employment History Entry, Update Work History Entry, Upload Employee Avatar

Required for reading and managing employee profiles, work history, lifecycle data, and avatars.

2

Sensitive employee data scopes

Enables actions: Create Bank Account, Create Equity Grant, Create Salary Entry, Create Variable Payment, Delete Bank Account, Delete Equity Grant, Delete Salary Entry, Delete Variable Payment, Get Payroll History, List Bulk Salaries History, List Employee Bank Accounts, List Employee Equity Grants, List Employee Salary History, List Employee Variable Payments, Search Actual Payments, Update Bank Account, Update Equity Grant

Required for accessing sensitive personal data such as salary records, equity grants, variable pay, and bank accounts. Only request these scopes if your integration requires payroll or compensation data.

3

Employee history scopes

Enables actions: List Bulk Employment History, List Bulk Lifecycle History, List Bulk Work History

Required for accessing bulk employment, lifecycle, and work history records via the bulk history endpoints.

4

Company metadata scopes

Enables actions: Add Item To List, Create Custom Field, Delete Custom Field, Delete List Item, Get All Company Lists, Get All Employee Fields, Get Company List By Name, Get Onboarding Wizards, Update Custom Field, Update List Item

Required for reading and managing company-level configuration such as named lists, custom employee fields, and onboarding wizards.

5

Documents scopes

Enables actions: Delete Document From Confidential Folder, Delete Document From Custom Folder, Delete Document From Shared Folder, Get Document Folders Metadata, List Employee Documents, Upload Document From URL To Confidential Folder, Upload Document From URL To Custom Folder, Upload Document From URL To Shared Folder, Upload File To Confidential Folder, Upload File To Custom Folder, Upload File To Shared Folder

Required for accessing and managing employee documents across shared, confidential, and custom folders.

6

Time off scopes

Enables actions: Add Policy Type Reason Codes, Adjust Time Off Balance, Cancel Time Off Request, Create Time Off Request, Get All Policy Types, Get Employee Time Off Balance, Get Policy Details, Get Policy Names, Get Policy Type Details, Get Policy Type Reason Codes, Get Time Off Changes, Get Time Off Request, Get Who’s Out, Get Who’s Out Today

Required for reading and managing employee time off requests, balances, policy types, and reason codes.

7

Reports scope

Enables actions: Get Company Reports, Get Report Download URL For Polling

Required for listing and downloading company reports.

8

Tasks scope

Enables actions: List All Open Tasks, List Employee Tasks, Mark Task As Complete

Required for listing, retrieving, and completing employee tasks. Note that HiBob requires the write scope even for read operations on tasks.

9

Goals scopes (Talent Module)

Enables actions: Create Goals, Create Key Results, Delete Goal, Delete Key Result, Get Goal Type Metadata, Get Goals Metadata, Get Key Results Metadata, Search Goal Types, Search Goals, Search Key Results, Update Goal, Update Goal Status, Update Key Results Details, Update Key Results Progress

Required for accessing and managing employee, team, and company goals and key results. Only available with a HiBob Talent Module subscription.

10

Hiring scope (Hiring Module)

Enables actions: Get Job Ad, Search Job Ads

Required for searching and retrieving active job advertisements from the HiBob career page. Only available with a HiBob Hiring Module subscription. Note that HiBob requires the write scope for all hiring endpoints, including read operations.

11

Job Catalogue scope

Enables actions: Get Job Families, Get Job Families Metadata, Get Job Family Groups, Get Job Family Groups Metadata, Get Job Profiles Metadata, Get Job Roles, Get Job Roles Metadata, Search Job Profiles

Required for accessing job profiles, job roles, job families, and job family groups. Only available with the new Job Catalogue feature in HiBob (the legacy Job Catalogue is not supported via API).

12

Attendance scope

Enables actions: Import Attendance Data

Required for importing employee attendance punch records. Only available with a HiBob Attendance Module subscription.

13

Workforce Planning scopes

Enables actions: Cancel Position, Create Position, Create Position Budget, Create Position Opening, Delete Position Opening, Get Position Budget Metadata, Get Position Openings Metadata, Get Positions Metadata, Search Position Budgets, Search Position Openings, Search Positions, Update Position, Update Position Budget, Update Position Opening

Required for accessing and managing positions, position openings, and position budgets. Only available with a HiBob Workforce Planning subscription.

Re-authenticating or Editing Your HiBob Connection

HiBob does not support re-installing an already-installed app via the OAuth flow. If you need to re-authenticate or edit your connection, you must manually uninstall the app from the Bob Marketplace before reconnecting.

1

Uninstall the app from Bob Marketplace

Before re-authenticating, remove the existing app installation from HiBob.

  • Log in to your HiBob account.
  • Navigate to Marketplace from the top-left corner (waffle menu).
  • Locate your installed app by searching in the top-right Search field or the category tabs to find your installed app. Open the app by clicking on it, then click Uninstall on the left side of the detail view.
2

Reconnect via StackOne

Once uninstalled, return to StackOne and reconnect your HiBob account through the standard OAuth 2.0 flow.

Creating the StackOne Connector Profile

To create the Connector Profile in StackOne for HiBob:
1

Navigate to Connector Profiles

Login to StackOne and navigate to Connector Profiles
2

Create New Connector Profile

  • Click + Connector Profile
  • Search for and select HiBob
  • Select Type as OAuth 2.0
  • Fill out the fields using details retrieved from your provider:
    • App ID
    • Client ID
    • Client Secret
    • OAuth Scopes (Optional)
  • (Optional) Select Actions to be enabled for this Connector Profile
  • Click Create profile
Congratulations! The new Connector Profile will now show up in your project ready to be used. You can now continue to Link Accounts for HiBob.