Apply for HiBob Partnership and Developer Portal Access
OAuth 2.0 authentication in HiBob is restricted to registered technology partners. You must be approved into the HiBob Partner Programme and granted Developer Portal access before you can create an OAuth application.
Contact HiBob to request partner access
Reach out to HiBob to request access to the Developer Portal.
- Contact your HiBob account manager directly, or
- Apply via the HiBob Partner Programme page or the HiBob Marketplace to register as a technology partner
- Click on Become a partner — this opens the HiBob Partners page. On that page, click the BECOME A PARTNER button to open a modal with partner type options. Select Tech Partner to proceed to the Tech Partner Application Form. Fill out the required details and click Submit Application.
- Once Approved, HiBob will provision access to the Developer Portal for your account.
Await Developer Portal provisioning
After your partner application is approved, HiBob will provide you with access to the Developer Portal within your HiBob account.
Note: Approval may take a few business days. You will not be able to proceed with the next steps until HiBob grants Developer Portal access.
Register Your App in the HiBob Developer Portal
Once you have Developer Portal access, register your application to obtain the credentials required for OAuth 2.0 authentication.
Access the HiBob Developer Portal
Log in to your HiBob account and navigate to the Developer Portal.
- Click the + Create app button and enter the required fields such as App Name (e.g.
StackOne Integration) and App description, then click Create.
Configure OAuth Settings
Configure the OAuth application to represent your StackOne integration.
- Click the created app — you will be directed to the app configuration page.
- You can navigate between pages using the left-side menu.
- In the Basic Information section, upload your app logo and review any remaining fields, then click Save in the bottom-right corner.
- Navigate to the OAuth page. Copy the App ID, Client ID, and Client Secret (for both Development and Production) — you will need these when configuring the StackOne Connector Profile.
- Scroll down to the Redirect URI section and add the StackOne OAuth callback URL, i.e.
https://api.stackone.com/connect/oauth2/hibob/callback, then click Save in the bottom-right corner. - Navigate to the Scopes page, click + Manage scopes to select the required scopes, then click Apply to close the selection popup. After that, click the Save button at the bottom-right of the Scopes page to persist your changes.
- (Optional) The App listing details and Submission information pages are only required if you intend to publish your app to the HiBob Marketplace. You can skip these for development and testing.
- NOTE: If you want to publish your app in the HiBob Marketplace, you need to fill out the details on the Submission information page and submit your app for review. However, to test the app before publishing, you can use the Development Credentials.
- When configuring the StackOne Connector Profile, select the Environment based on your app’s publication status in HiBob. Select Sandbox if your app has not yet been submitted for review or is still unpublished in the HiBob Marketplace — this will use your Development credentials. Select Production once your app has been approved and published in the Marketplace — this will use your Production credentials.
OAuth Scopes
HiBob uses granular OAuth scopes to control which data and actions StackOne can access on behalf of your organisation. Scopes are grouped by feature area — select only the scopes required for your integration to follow the principle of least privilege.
The minimum required scope to connect your account is employee_data:read. If you do not specify custom scopes, StackOne will request the following core scopes by default:
- employee_data:read
- employee_data:write
- employee_data.history:read
- company.metadata:read
- company.metadata:write
- documents:read
- documents:write
- reports:read
- tasks:write
- timeoff:read
- timeoff:write
Additional module-specific scopes (Goals, Hiring, Job Catalogue, Attendance, and Workforce Planning) are only available if your HiBob account includes the corresponding subscription.
Note: Scopes entered in the Scopes field under the Connector Profile form must be pre-configured on your OAuth app within the HiBob Developer Portal for the connection to succeed.
Core employee data scopes
Required for reading and managing employee profiles, work history, lifecycle data, and avatars.
Sensitive employee data scopes
Required for accessing sensitive personal data such as salary records, equity grants, variable pay, and bank accounts. Only request these scopes if your integration requires payroll or compensation data.
Employee history scopes
Required for accessing bulk employment, lifecycle, and work history records via the bulk history endpoints.
Company metadata scopes
Required for reading and managing company-level configuration such as named lists, custom employee fields, and onboarding wizards.
Documents scopes
Required for accessing and managing employee documents across shared, confidential, and custom folders.
Time off scopes
Required for reading and managing employee time off requests, balances, policy types, and reason codes.
Tasks scope
Required for listing, retrieving, and completing employee tasks. Note that HiBob requires the write scope even for read operations on tasks.
Goals scopes (Talent Module)
Required for accessing and managing employee, team, and company goals and key results. Only available with a HiBob Talent Module subscription.
Hiring scope (Hiring Module)
Required for searching and retrieving active job advertisements from the HiBob career page. Only available with a HiBob Hiring Module subscription. Note that HiBob requires the write scope for all hiring endpoints, including read operations.
Job Catalogue scope
Required for accessing job profiles, job roles, job families, and job family groups. Only available with the new Job Catalogue feature in HiBob (the legacy Job Catalogue is not supported via API).
Attendance scope
Required for importing employee attendance punch records. Only available with a HiBob Attendance Module subscription.
Re-authenticating or Editing Your HiBob Connection
HiBob does not support re-installing an already-installed app via the OAuth flow. If you need to re-authenticate or edit your connection, you must manually uninstall the app from the Bob Marketplace before reconnecting.
Uninstall the app from Bob Marketplace
Before re-authenticating, remove the existing app installation from HiBob.
- Log in to your HiBob account.
- Navigate to Marketplace from the top-left corner (waffle menu).
- Locate your installed app by searching in the top-right Search field or the category tabs to find your installed app. Open the app by clicking on it, then click Uninstall on the left side of the detail view.
Creating the StackOne Connector Profile
To create the Connector Profile in StackOne for HiBob:Navigate to Connector Profiles
Create New Connector Profile
- Click + Connector Profile
- Search for and select HiBob
- Select Type as OAuth 2.0
- Fill out the fields using details retrieved from your provider:
- App ID
- Client ID
- Client Secret
- OAuth Scopes (Optional)
- (Optional) Select Actions to be enabled for this Connector Profile
- Click Create profile