This guide is for partners building on Connect. Internal Humanly engineers adding first-party vendor namespaces should follow the internal engineer playbook (MS9 / PLAT-44).
Before you start
- Provision customer accounts with your partner master key.
- Implement the three standardized vendor endpoints for your vendor namespace.
- Add vendor-specific read/write routes following MS7 conventions when available.
Namespace
Your routes live under:ukg, bamboohr). It maps to an IntegrationType enum value on the Humanly side.
Authentication
Auth depends on which Connect routes you implement:| Route type | Auth |
|---|---|
| Meta routes (integrations, health, config validation) | Customer x-api-key with integrations scope only |
| Data routes (orders, catalog, results, …) | Customer x-api-key or legacy integration Authorization: Basic |
Platform health (GET /connect/health) | No auth |
Dual auth on data routes (legacy parity)
Data routes that mirror legacy ATS integrations accept either:- Partner path:
x-api-keywith a Connect customer key (integrationsscope) — for partners who provision customers through Connect - Direct path:
Authorization: Basicwith the customer’s integration credentials — for customers still on the legacy direct-integration auth model Humanly used before Connect (per-vendor routes on the integration host, historically under/qsi/{vendor}/*)
x-api-key is valid for the route scope (customer key with integrations scope on data routes), it takes precedence over Basic auth. A wrong-scope key (for example a partner master accounts key on vendor routes) returns 403 — Connect does not fall back to Basic auth.

