WEMS HRM API Integration

Quick Start

Production API Base URL:

https://hrm.sun-bd.com

Public integration JSON:

GET https://hrm.sun-bd.com/api/v1/public/integration

Swagger:

https://hrm.sun-bd.com/swagger

Public pages do not require sign-in. HRM business APIs require a centralized member token or an API Key.

Centralized Member API

Member login, logout, refresh, permissions, and JWKS are managed by the centralized member API. HRM does not create members, update member profiles, or issue member tokens locally.

POST https://hrm.sun-bd.com/api/v1/member-auth/login
POST https://hrm.sun-bd.com/api/v1/member-auth/refresh
POST https://hrm.sun-bd.com/api/v1/member-auth/logout
GET  https://hrm.sun-bd.com/api/v1/member-auth/me/permissions

The browser calls the HRM same-origin proxy, and the backend forwards requests to the centralized Login API. Official member API guide:

https://loginapi.sun-bd.com/docs/integration/member-login-logout.html

API Key

Backend-to-backend integrations can call HRM APIs with an API Key.

X-API-Key: whrm_xxxxxxxxxxxxxxxxxxxxx

• API Keys are for system integrations.
• Human sign-in remains centralized through the member API.
• Invalid keys return 401; insufficient scope returns 403.

Common Endpoints

Examples

const response = await fetch("https://hrm.sun-bd.com/api/v1/employees?page=1&pageSize=20", {
  headers: { "X-API-Key": process.env.WEMS_HRM_API_KEY }
});
if (!response.ok) throw new Error(`HRM API failed: ${response.status}`);
const body = await response.json();

Error Handling