API Reference
Personalrampe Skills API allows external HR systems to manage employees, skills, ratings, and positions programmatically.
Authentication
All API requests require authentication via an API key. Include your
key in the Authorization header.
Authorization: Bearer pr_live_<your_api_key_here> You can manage API keys in the Settings page.
Download OpenAPI SpecEmployees
/api/v1/employees List all employees (paginated)
Query params: page, limit, search, departmentId, isActive
curl -H "Authorization: Bearer pr_live_..." \
"https://skills.personalrampe.de/api/v1/employees?page=1&limit=20" // JavaScript (fetch)
const response = await fetch(
"https://skills.personalrampe.de/api/v1/employees?page=1&limit=20",
{ headers: { Authorization: "Bearer pr_live_..." } }
);
const data = await response.json(); # Python (requests)
import requests
response = requests.get(
"https://skills.personalrampe.de/api/v1/employees",
params={"page": 1, "limit": 20},
headers={"Authorization": "Bearer pr_live_..."}
)
data = response.json() /api/v1/employees/{id} Get employee by ID with skills summary
curl -H "Authorization: Bearer pr_live_..." \
"https://skills.personalrampe.de/api/v1/employees/abc-123" /api/v1/employees Create a new employee
curl -X POST \
-H "Authorization: Bearer pr_live_..." \
-H "Content-Type: application/json" \
-d '{
"personnelNumber": "EMP-001",
"firstName": "John",
"lastName": "Doe",
"businessEmail": "john@example.com",
"title": "Software Engineer",
"hiredAt": "2024-01-15T00:00:00Z"
}' \
"https://skills.personalrampe.de/api/v1/employees" /api/v1/employees/{id} Update employee fields
curl -X PATCH \
-H "Authorization: Bearer pr_live_..." \
-H "Content-Type: application/json" \
-d '{"title": "Senior Software Engineer", "leftAt": null}' \
"https://skills.personalrampe.de/api/v1/employees/abc-123" /api/v1/employees/{id} Deactivate employee (soft delete)
curl -X DELETE \
-H "Authorization: Bearer pr_live_..." \
"https://skills.personalrampe.de/api/v1/employees/abc-123" Employee Skills
/api/v1/employees/{id}/skills List all skills for an employee with latest ratings
/api/v1/employees/{id}/skills/{skillId} Upsert a skill rating for an employee
curl -X PUT \
-H "Authorization: Bearer pr_live_..." \
-H "Content-Type: application/json" \
-d '{
"score": 4,
"ratingType": "MANAGER_EVALUATION",
"comment": "Strong performance"
}' \
"https://skills.personalrampe.de/api/v1/employees/abc-123/skills/skill-456" /api/v1/employees/{id}/skills/{skillId} Remove a skill from an employee
Ratings / Assessments
/api/v1/employees/{id}/ratings List ratings for an employee (filterable)
Query params: skillId, ratingType, from, to, page, limit
/api/v1/employees/{id}/ratings Create a new rating (alternative to PUT skills endpoint)
curl -X POST \
-H "Authorization: Bearer pr_live_..." \
-H "Content-Type: application/json" \
-d '{
"skillId": "skill-456",
"score": 3,
"ratingType": "SELF_ASSESMENT",
"comment": "Developing"
}' \
"https://skills.personalrampe.de/api/v1/employees/abc-123/ratings" Skills
/api/v1/skills List all available skills (paginated)
Query params: page, limit, search
/api/v1/skills/{id} Get skill details with usage statistics
/api/v1/skills Create a new skill
curl -X POST \
-H "Authorization: Bearer pr_live_..." \
-H "Content-Type: application/json" \
-d '{
"name": "Project Management",
"description": "Ability to lead projects",
"ratingScaleMin": 0,
"ratingScaleMax": 5,
"ratingScaleType": "NUMERIC"
}' \
"https://skills.personalrampe.de/api/v1/skills" /api/v1/skills/{id} Update a skill
/api/v1/skills/{id} Delete a skill (only if no ratings exist)
Positions
/api/v1/positions List all positions (paginated)
Query params: page, limit, status
/api/v1/positions/{id} Get position with replacements and skills gap analysis
Webhooks
Webhooks let you receive real-time notifications in external systems whenever something changes in Personalrampe Skills. When an event occurs – for example, a new employee is created – the platform automatically sends an HTTP POST request to the URL you registered.
How Webhooks Work
When an event is triggered, Personalrampe Skills sends a POST request to all endpoints in your organisation that are subscribed to that event. The request body is JSON and contains the event name, a timestamp and the relevant data. Delivery is asynchronous – your system does not need to wait for the platform to respond.
Requirements
- The target URL must use HTTPS. Plain HTTP URLs are rejected.
- Your endpoint should respond with an HTTP success status code (e.g. 200 OK) in a timely manner. Errors are logged to the console; there are currently no automatic retries.
- Authentication uses an API key (Bearer Token) that you manage in the application under Settings → API Keys.
Available Events
There are exactly five events you can subscribe to:
| Event | Description |
|---|---|
| employee.created | A new employee record was created |
| employee.updated | An employee's data was changed |
| employee.deactivated | An employee was deactivated |
| skill.rated | A skill rating was submitted or updated |
| position.updated | A position was changed (e.g. status, assignment) |
One webhook endpoint can be subscribed to one or multiple events simultaneously. At least one event is required.
Payload Structure
Every webhook request contains a JSON body with the following shape:
{
"event": "employee.created",
"timestamp": "2026-06-26T09:30:47.000Z",
"data": { ... }
} -
event– The event name (e.g. employee.created) -
timestamp– ISO 8601 timestamp of when the event occurred -
data– The actual payload object (e.g. employee data)
Signature Verification (Recommended)
When creating a webhook you can optionally provide a secret. If you
do, Personalrampe Skills will sign every outgoing request using
HMAC-SHA256 and send the signature in the HTTP header X-Personalrampe-Signature.
The header value follows the format: sha256=<hex-digest>
On your end, you can verify the request by computing the HMAC-SHA256 of the raw JSON request body using your secret and comparing the result to the header value. If they match, the request is authentic and has not been tampered with.
The secret is optional – if you do not provide one, the request is still sent but the signature is computed using an empty string as the key.
Managing Webhook Endpoints
List all webhooks
/api/v1/webhooks Returns a list of all webhook endpoints for the organisation, ordered by creation date. Each object contains id, url, events and createdAt.
Register a new webhook
/api/v1/webhooks The request body must include url (HTTPS), events (array with at least one event) and optionally secret.
curl -X POST \
-H "Authorization: Bearer pr_live_..." \
-H "Content-Type: application/json" \
-d '{
"url": "https://your-system.com/webhooks/personalrampe",
"events": ["employee.created", "skill.rated"],
"secret": "your-webhook-secret"
}' \
"https://skills.personalrampe.de/api/v1/webhooks" On success the new endpoint is returned with HTTP 201 Created containing id, url, events and createdAt.
Delete a webhook
/api/v1/webhooks/{id} Deletes the webhook endpoint with the given ID. Only endpoints belonging to your own organisation can be deleted.
Typical Setup Flow
- Create an API key in the application under Settings → API Keys
- Register a webhook via POST /api/v1/webhooks with your URL, desired events and optionally a secret
- Configure your receiving endpoint to respond with 200 OK
-
Optionally verify the
X-Personalrampe-Signatureheader on every incoming request
Error Handling
All errors return a consistent JSON structure:
{
"success": false,
"error": {
"message": "Employee not found",
"code": "NOT_FOUND"
}
}