Authorization
Employment Hero
Prerequisites
The Employment Hero API uses OAuth 2.0 to authenticate external integrations. Before creating a credential in Nexla, you must register an application in the Employment Hero Developer Portal to obtain your Client ID and Client Secret.
Subscription Requirements
API access is available on Platinum subscriptions and above. Organisations on Lite or Standard Plus plans will not have access to the Developer Portal or API credentials.
Register an Application in the Employment Hero Developer Portal
-
Log in to your Employment Hero HR platform.
-
Click your Profile Name in the top right-hand corner of the screen.
-
Select Developer Portal from the dropdown menu.
-
In the Developer Portal, click the Add Application button to register a new application.
-
Enter the following details for your application:
- Application Name: Enter a descriptive name (e.g.,
Nexla Integration). - Redirect URI: Enter the OAuth callback URL for Nexla. Refer to your Nexla instance configuration for the correct callback URL.
- Scopes: Select the data scopes your integration requires. Common scopes include
urn:mainapp:organisations:readandurn:mainapp:employees:read. Grant only the scopes needed for your specific use case.
- Application Name: Enter a descriptive name (e.g.,
-
Click Save to create the application.
-
On the application details page, locate and copy both the Client ID and Client Secret values. Store these values securely — you will need them when configuring the Nexla credential.
The Client Secret is shown only once after application creation. Copy and store it in a secure location before leaving the page. Additional details about the Developer Portal are available in the Employment Hero API documentation.
All configured OAuth 2.0 scopes for your application are visible in the Developer Portal. Ensure the scopes granted match the data your integration needs to access. Overly broad scopes increase security risk.
Create an Employment Hero Credential
- To create a new Employment Hero credential, after selecting the data source/destination type, click the Add Credential tile to open the Add New Credential overlay.
Credential Name & Description
-
Enter a name for the credential in the Credential Name field and a short, meaningful description in the Credential Description field.
Resource descriptions are recommended but are not required. They should be used to provide information about the resource purpose, data freshness, etc. that can help the owner and other users efficiently understand and utilize the resource.
OAuth 2.0 Authentication
Employment Hero uses the OAuth 2.0 Authorization Code flow to authenticate API integrations. This flow allows Nexla to securely request access on behalf of your organisation using the Client ID and Client Secret from your registered Developer Portal application.
Access tokens issued by Employment Hero expire after 15 minutes (900 seconds). Nexla automatically handles token refresh using the provided credentials, so your data flows remain uninterrupted.
-
Enter the Client ID from your Employment Hero Developer Portal application in the Client ID field. This value identifies your registered application to the Employment Hero authorization server.
-
Enter the Client Secret from your Employment Hero Developer Portal application in the Client Secret field. This value is used to securely authenticate your application when requesting tokens. Treat the Client Secret as a password — do not share it or expose it in plaintext.
Save the Credential
-
Once all of the relevant steps in the above sections have been completed, click the Save button at the bottom of the overlay to save the configured credential.
-
The newly added credential will now appear in a tile on the Authenticate screen during data source/destination creation and can be selected for use with a new data source or destination.