bamboohr-security-basics

Featured

Apply BambooHR security best practices for API keys, webhook verification, and PII data handling compliance. Use when securing API keys, implementing webhook signature validation, or handling sensitive employee data from BambooHR. Trigger with phrases like "bamboohr security", "bamboohr secrets", "secure bamboohr", "bamboohr PII", "bamboohr data protection".

AI & Automation 2,266 stars 315 forks Updated today MIT

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# BambooHR Security Basics ## Overview Security best practices for BambooHR API integrations covering API key management, webhook HMAC verification, PII handling, and access control. BambooHR contains highly sensitive employee data (SSNs, salaries, addresses) — treat every integration as PII-critical. ## Prerequisites - BambooHR API access configured - Understanding of environment variables and secrets management - Access to BambooHR admin settings ## Instructions ### Step 1: API Key Security ```bash # .env (NEVER commit to git) BAMBOOHR_API_KEY=your-api-key BAMBOOHR_COMPANY_DOMAIN=yourcompany BAMBOOHR_WEBHOOK_SECRET=your-webhook-hmac-secret # .gitignore — MUST include these .env .env.local .env.*.local *.pem ``` **Key management rules:** - Each environment (dev/staging/prod) uses a separate API key - Create API keys under service accounts, not personal accounts - API keys inherit the permissions of the user who created them - Rotate keys quarterly; immediately rotate if exposed **Key rotation procedure:** ```bash # 1. Generate new key in BambooHR: Profile > API Keys > Add New Key # 2. Update secret store aws secretsmanager update-secret --secret-id bamboohr/api-key --secret-string "new-key" # Or for GCP: echo -n "new-key" | gcloud secrets versions add bamboohr-api-key --data-file=- # 3. Deploy with new key # 4. Verify new key works curl -s -o /dev/null -w "%{http_code}" \ -u "new-key:x" \ "https://api.bamboohr.com/api/gateway.php/${DOMAIN}/v1/employees/direct...

Details

Author
jeremylongshore
Repository
jeremylongshore/claude-code-plugins-plus-skills
Created
7 months ago
Last Updated
today
Language
Python
License
MIT

Integrates with

Anthropic · AI

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

bamboohr-install-auth

Install and configure BambooHR API authentication with HTTP Basic Auth. Use when setting up a new BambooHR integration, configuring API keys, or initializing BambooHR REST API access in your project. Trigger with phrases like "install bamboohr", "setup bamboohr", "bamboohr auth", "configure bamboohr API key", "bamboohr credentials".

2,266 Updated today
jeremylongshore
AI & Automation Featured

bamboohr-common-errors

Diagnose and fix BambooHR API errors and exceptions. Use when encountering BambooHR errors, debugging failed requests, or troubleshooting HTTP 400/401/403/404/429/500/503 responses. Trigger with phrases like "bamboohr error", "fix bamboohr", "bamboohr not working", "debug bamboohr", "bamboohr 401", "bamboohr 429".

2,266 Updated today
jeremylongshore
AI & Automation Featured

bamboohr-ci-integration

Configure CI/CD pipelines for BambooHR integrations with GitHub Actions, automated testing, and secret management. Use when setting up automated testing, configuring CI pipelines, or integrating BambooHR API tests into your build process. Trigger with phrases like "bamboohr CI", "bamboohr GitHub Actions", "bamboohr automated tests", "CI bamboohr", "bamboohr pipeline".

2,266 Updated today
jeremylongshore
AI & Automation Featured

bamboohr-prod-checklist

Execute BambooHR production deployment checklist and rollback procedures. Use when deploying BambooHR integrations to production, preparing for launch, or implementing go-live procedures with BambooHR API. Trigger with phrases like "bamboohr production", "deploy bamboohr", "bamboohr go-live", "bamboohr launch checklist", "bamboohr prod ready".

2,266 Updated today
jeremylongshore
AI & Automation Featured

clay-security-basics

Apply Clay security best practices for API keys, webhook secrets, and data access control. Use when securing Clay integrations, rotating API keys, auditing access, or implementing webhook authentication. Trigger with phrases like "clay security", "clay secrets", "secure clay", "clay API key security", "clay webhook security".

2,266 Updated today
jeremylongshore