API Reference

Personalrampe Skills API allows external HR systems to manage employees, skills, ratings, and positions programmatically.

Authentication

All API requests require authentication via an API key. Include your key in the Authorization header.

http
Authorization: Bearer pr_live_<your_api_key_here>

You can manage API keys in the Settings page.

Download OpenAPI Spec

Employees

GET
/api/v1/employees

List all employees (paginated)

Query params: page, limit, search, departmentId, isActive

curl
curl -H "Authorization: Bearer pr_live_..." \
  "https://skills.personalrampe.de/api/v1/employees?page=1&limit=20"
GET
/api/v1/employees/{id}

Get employee by ID with skills summary

curl
curl -H "Authorization: Bearer pr_live_..." \
  "https://skills.personalrampe.de/api/v1/employees/abc-123"
POST
/api/v1/employees

Create a new employee

curl
curl -X POST \
-H "Authorization: Bearer pr_live_..." \
-H "Content-Type: application/json" \
-d '{
  "personnelNumber": "EMP-001",
  "firstName": "John",
  "lastName": "Doe",
  "businessEmail": "john@example.com",
  "title": "Software Engineer",
  "hiredAt": "2024-01-15T00:00:00Z"
}' \
"https://skills.personalrampe.de/api/v1/employees"
PATCH
/api/v1/employees/{id}

Update employee fields

curl
curl -X PATCH \
-H "Authorization: Bearer pr_live_..." \
-H "Content-Type: application/json" \
-d '{"title": "Senior Software Engineer", "leftAt": null}' \
"https://skills.personalrampe.de/api/v1/employees/abc-123"
DELETE
/api/v1/employees/{id}

Deactivate employee (soft delete)

curl
curl -X DELETE \
-H "Authorization: Bearer pr_live_..." \
"https://skills.personalrampe.de/api/v1/employees/abc-123"

Employee Skills

GET
/api/v1/employees/{id}/skills

List all skills for an employee with latest ratings

PUT
/api/v1/employees/{id}/skills/{skillId}

Upsert a skill rating for an employee

curl
curl -X PUT \
-H "Authorization: Bearer pr_live_..." \
-H "Content-Type: application/json" \
-d '{
  "score": 4,
  "ratingType": "MANAGER_EVALUATION",
  "comment": "Strong performance"
}' \
"https://skills.personalrampe.de/api/v1/employees/abc-123/skills/skill-456"
DELETE
/api/v1/employees/{id}/skills/{skillId}

Remove a skill from an employee


Ratings / Assessments

GET
/api/v1/employees/{id}/ratings

List ratings for an employee (filterable)

Query params: skillId, ratingType, from, to, page, limit

POST
/api/v1/employees/{id}/ratings

Create a new rating (alternative to PUT skills endpoint)

curl
curl -X POST \
-H "Authorization: Bearer pr_live_..." \
-H "Content-Type: application/json" \
-d '{
  "skillId": "skill-456",
  "score": 3,
  "ratingType": "SELF_ASSESMENT",
  "comment": "Developing"
}' \
"https://skills.personalrampe.de/api/v1/employees/abc-123/ratings"

Skills

GET
/api/v1/skills

List all available skills (paginated)

Query params: page, limit, search

GET
/api/v1/skills/{id}

Get skill details with usage statistics

POST
/api/v1/skills

Create a new skill

curl
curl -X POST \
-H "Authorization: Bearer pr_live_..." \
-H "Content-Type: application/json" \
-d '{
  "name": "Project Management",
  "description": "Ability to lead projects",
  "ratingScaleMin": 0,
  "ratingScaleMax": 5,
  "ratingScaleType": "NUMERIC"
}' \
"https://skills.personalrampe.de/api/v1/skills"
PATCH
/api/v1/skills/{id}

Update a skill

DELETE
/api/v1/skills/{id}

Delete a skill (only if no ratings exist)


Positions

GET
/api/v1/positions

List all positions (paginated)

Query params: page, limit, status

GET
/api/v1/positions/{id}

Get position with replacements and skills gap analysis


Webhooks

Webhooks let you receive real-time notifications in external systems whenever something changes in Personalrampe Skills. When an event occurs – for example, a new employee is created – the platform automatically sends an HTTP POST request to the URL you registered.

How Webhooks Work

When an event is triggered, Personalrampe Skills sends a POST request to all endpoints in your organisation that are subscribed to that event. The request body is JSON and contains the event name, a timestamp and the relevant data. Delivery is asynchronous – your system does not need to wait for the platform to respond.

Requirements

  • The target URL must use HTTPS. Plain HTTP URLs are rejected.
  • Your endpoint should respond with an HTTP success status code (e.g. 200 OK) in a timely manner. Errors are logged to the console; there are currently no automatic retries.
  • Authentication uses an API key (Bearer Token) that you manage in the application under Settings → API Keys.

Available Events

There are exactly five events you can subscribe to:

Event Description
employee.created A new employee record was created
employee.updated An employee's data was changed
employee.deactivated An employee was deactivated
skill.rated A skill rating was submitted or updated
position.updated A position was changed (e.g. status, assignment)

One webhook endpoint can be subscribed to one or multiple events simultaneously. At least one event is required.


Payload Structure

Every webhook request contains a JSON body with the following shape:

json
{
  "event": "employee.created",
  "timestamp": "2026-06-26T09:30:47.000Z",
  "data": { ... }
}
  • event – The event name (e.g. employee.created)
  • timestamp – ISO 8601 timestamp of when the event occurred
  • data – The actual payload object (e.g. employee data)

Signature Verification (Recommended)

When creating a webhook you can optionally provide a secret. If you do, Personalrampe Skills will sign every outgoing request using HMAC-SHA256 and send the signature in the HTTP header X-Personalrampe-Signature.

The header value follows the format: sha256=<hex-digest>

On your end, you can verify the request by computing the HMAC-SHA256 of the raw JSON request body using your secret and comparing the result to the header value. If they match, the request is authentic and has not been tampered with.

The secret is optional – if you do not provide one, the request is still sent but the signature is computed using an empty string as the key.


Managing Webhook Endpoints

List all webhooks

GET
/api/v1/webhooks

Returns a list of all webhook endpoints for the organisation, ordered by creation date. Each object contains id, url, events and createdAt.

Register a new webhook

POST
/api/v1/webhooks

The request body must include url (HTTPS), events (array with at least one event) and optionally secret.

curl
curl -X POST \
-H "Authorization: Bearer pr_live_..." \
-H "Content-Type: application/json" \
-d '{
  "url": "https://your-system.com/webhooks/personalrampe",
  "events": ["employee.created", "skill.rated"],
  "secret": "your-webhook-secret"
}' \
"https://skills.personalrampe.de/api/v1/webhooks"

On success the new endpoint is returned with HTTP 201 Created containing id, url, events and createdAt.

Delete a webhook

DELETE
/api/v1/webhooks/{id}

Deletes the webhook endpoint with the given ID. Only endpoints belonging to your own organisation can be deleted.


Typical Setup Flow

  1. Create an API key in the application under Settings → API Keys
  2. Register a webhook via POST /api/v1/webhooks with your URL, desired events and optionally a secret
  3. Configure your receiving endpoint to respond with 200 OK
  4. Optionally verify the X-Personalrampe-Signature header on every incoming request

Error Handling

All errors return a consistent JSON structure:

json
{
  "success": false,
  "error": {
    "message": "Employee not found",
    "code": "NOT_FOUND"
  }
}
400 Bad Request – Invalid input
401 Unauthorized – Missing or invalid API key
404 Not Found – Resource does not exist
409 Conflict – Resource already exists or has dependencies
429 Too Many Requests – Rate limit exceeded
500 Internal Server Error