15Five User Management API Guide

Auth method: API Key (token-based). Pass the 32-character access token in the Authorization header as a plain token value: Authorization: . No Bearer prefix.

Setup steps

1. Sign in to 15Five as an Account Admin.
2. Click the Settings gear in the top-right corner and select 'Integrations' from the dropdown.
3. Click 'Enable' to the right of the 'Public API' option.
4. On the 'Company API keys' page, click 'Create new key'.
5. Enter a short, identifiable name for the key. Optionally restrict access to High Fives only.
6. Click Save. Copy the 32-character access token displayed on the keys page.
7. Use the token in all API requests: Authorization: .
8. API keys expire after 1 year. A 14-day warning email is sent before expiry. Rotate keys proactively.

Required scopes

List Users

• Method: GET
• URL: https://my.15five.com/api/public/user/
• Watch out for: API docs are behind SSO login at my.15five.com/api/public/. Exact query filter parameters are not publicly documented.

Request example

GET /api/public/user/ HTTP/1.1
Host: my.15five.com
Authorization: <access_token>

Response example

{
  "count": 2,
  "results": [
    {"id": 6243, "email": "jane@acme.com", "first_name": "Jane"},
    {"id": 6244, "email": "john@acme.com", "first_name": "John"}
  ]
}

Get User

• Method: GET
• URL: https://my.15five.com/api/public/user/{id}/
• Watch out for: Use the 15Five internal integer user ID as the path parameter, not email or employee_id.

Request example

GET /api/public/user/6243/ HTTP/1.1
Host: my.15five.com
Authorization: <access_token>

Response example

{
  "id": 6243,
  "email": "jane@acme.com",
  "first_name": "Jane",
  "last_name": "Doe",
  "is_active": true
}

Update User

• Method: PATCH
• URL: https://my.15five.com/api/public/user/{id}/
• Watch out for: 15Five engineers recommend this endpoint for individual updates over bulk_user_import. Sync can take 10-20 minutes to reflect.

Request example

PATCH /api/public/user/6243/ HTTP/1.1
Host: my.15five.com
Authorization: <access_token>
Content-Type: application/json

{"job_title": "Senior Engineer"}

Response example

{
  "id": 6243,
  "job_title": "Senior Engineer"
}

Deactivate User

• Method: PATCH
• URL: https://my.15five.com/api/public/user/{id}/
• Watch out for: Deactivation retains all user data. Vacation/time-off data cannot be sent via the API.

Request example

PATCH /api/public/user/6243/ HTTP/1.1
Host: my.15five.com
Authorization: <access_token>
Content-Type: application/json

{"is_active": false}

Response example

{
  "id": 6243,
  "is_active": false
}

Bulk User Import (CSV)

• Method: POST
• URL: https://my.15five.com/api/public/bulk_user_import/
• Watch out for: If status stays 'Scheduled', there is likely a CSV formatting error. Reviewer assignments are applied after user creation; allow extra minutes before verifying.

Request example

POST /api/public/bulk_user_import/ HTTP/1.1
Host: my.15five.com
Authorization: <access_token>
Content-Type: multipart/form-data

[CSV file attachment]

Response example

{
  "status": "scheduled",
  "import_id": "abc123"
}

List Groups

• Method: GET
• URL: https://my.15five.com/api/public/group/
• Watch out for: Group admin cannot be assigned via API; the group admin field will be blank after API-based group creation.

Request example

GET /api/public/group/ HTTP/1.1
Host: my.15five.com
Authorization: <access_token>

Response example

{
  "count": 1,
  "results": [
    {"id": 101, "name": "Engineering", "group_type": "Department"}
  ]
}

Get Check-in (15Five Report)

• Method: GET
• URL: https://my.15five.com/api/public/report/{id}/
• Watch out for: Returns no results if the API key does not have the correct permissions configured.

Request example

GET /api/public/report/9001/ HTTP/1.1
Host: my.15five.com
Authorization: <access_token>

Response example

{
  "id": 9001,
  "user": 6243,
  "submitted_at": "2024-01-15T10:00:00Z"
}

List High Fives

• Method: GET
• URL: https://my.15five.com/api/public/high_five/
• Watch out for: A key scoped to High Fives only at creation time cannot access any other endpoints.

Request example

GET /api/public/high_five/ HTTP/1.1
Host: my.15five.com
Authorization: <access_token>

Response example

{
  "count": 5,
  "results": [
    {"id": 201, "giver": 6243, "receiver": 6244}
  ]
}

• Rate limits: 15Five enforces rate limits per server per IP address. Specific numeric thresholds are not publicly documented. The platform has indicated plans to implement more granular per-API-key rate limits in the future.
• Rate-limit headers: Unknown
• Retry-After header: Unknown
• Rate-limit notes: No publicly documented numeric thresholds or rate-limit response headers found in official docs. Implement exponential backoff on HTTP 429. Granular per-key rate limits were noted as planned but not yet released as of available documentation.
• Pagination method: offset
• Default page size: 0
• Max page size: 0
• Pagination pointer: Not documented

• Webhooks available: No
• Webhook notes: 15Five does not offer a native outbound webhook system with configurable event subscriptions. No webhooks management API is documented in official sources.
• Alternative event strategy: Use polling against the REST API (e.g., GET /user/, GET /report/) to detect changes. Third-party platforms like Pipedream offer trigger-based polling sources for new check-ins, 1-on-1s, and High Fives against the 15Five API.

• SCIM available: Yes

• SCIM version: 2.0

• Plan required: All pricing packages

• Endpoint: https://.15five.com/scim/v2/

• Supported operations: Create Users (POST /Users), Update User Attributes (PATCH /Users/{id}), Deactivate Users (PATCH /Users/{id} active=false), List Users (GET /Users), Create Groups (POST /Groups), Update Group Membership (PATCH /Groups/{id}), Delete Groups (DELETE /Groups/{id}), Import Users from IdP to 15Five

Limitations:

• SSO must be configured before SCIM; SSO only passes Email and Name ID - all other attributes are managed by SCIM.
• JIT (Just-in-Time) provisioning must be disabled when SCIM is active to prevent duplicate accounts.
• SCIM cannot update custom attributes in 15Five; use bulk CSV import or manual profile edits instead (Okta exception: custom_ prefix with 15Five:2.0:User namespace).
• Employee timezones cannot be synced via SCIM.
• Group admin cannot be passed via SCIM; the group admin field will be blank after SCIM group creation.
• Group types are not managed by SCIM; only group creation, naming, membership, and deletion are supported.
• Manual user addition via 'Manage people' page is disabled when SCIM is active; CSV bulk import requires contacting support to enable.
• Users added to 15Five before SCIM was enabled must be reimported so SCIM can begin managing them.
• SCIM key is 30 characters; Public API key is 32 characters - do not confuse them.
• User identity resolution order: SCIM ID → User ID → Email → Employee ID.
• Custom attribute SCIM sync (custom_ prefix, urn:ietf:params:scim:schemas:extension:15Five:2.0:User namespace) is Okta-only; not supported in Azure AD or Google Workspace.
• Start Date extension URN: urn:ietf:params:scim:schemas:extension:15Five:2.0:User:startDate (format: MM/DD/YYYY).
• Location extension URN: urn:ietf:params:scim:schemas:extension:15Five:2.0:User:location.
• Groups created in 15Five cannot be imported into Google Workspace.
• Removing a user from a group in Azure AD does not deprovision them from 15Five; users must be individually unassigned from the application.

Three integration patterns are well-documented. First, individual user provisioning via REST: POST or bulk_user_import to create users, explicitly set reviewer_email (it is not auto-derived from manager_email), and allow 10–20 minutes for sync before verifying group and reviewer assignments.

Second, at-scale provisioning via SCIM with Okta: configure SSO before enabling SCIM, generate the 30-character SCIM OAuth token, disable JIT in SSO settings, and import pre-SCIM users from the Okta Import tab - users added before SCIM was enabled are not automatically managed by Okta until explicitly imported.

Third, custom attribute sync via Okta SCIM: prefix attribute external names with custom_ and set the namespace to urn:ietf:params:scim:schemas:extension:15Five:2. 0:User - this is Okta-only; Azure AD and Google Workspace SCIM do not support custom attribute sync to 15Five.

Onboard a new employee via REST API

1. Generate a 32-character Public API key in Settings > Integrations > Public API.
2. POST to bulk_user_import or use the User - Update endpoint to create the user with required fields: email, first_name, last_name.
3. Include reviewer_email explicitly (not auto-derived from manager_email).
4. Set send_welcome_from to the desired inviter email or 15fivebot@15five.com.
5. Wait 10-20 minutes for sync to complete before verifying reviewer and group assignments.

Watch out for: Omitting send_welcome_from or having company invite settings set to 'Don't send invites immediately' will suppress the welcome email silently.

Provision users at scale via SCIM with Okta

1. Configure SSO (SAML) in 15Five before enabling SCIM.
2. In 15Five, navigate to Features > Integrations > SCIM 2.0 and click 'Generate OAuth token' to obtain the 30-char SCIM key and base URL.
3. In Okta, add the 15Five app, enable API Integration under Provisioning, and enter the subdomain and SCIM token.
4. Map Okta attributes to 15Five fields including managerId/managerEmail and optionally startDate.
5. Disable JIT provisioning in 15Five SSO settings to prevent duplicate accounts.
6. Import existing 15Five users into Okta via the Import tab to bring pre-SCIM users under Okta management.
7. Enable Create Users, Update Attributes, and Deactivate Users in Okta's To App provisioning settings.

Watch out for: Users added to 15Five before SCIM was enabled will not be managed by Okta until explicitly imported. Group admin fields will be blank after SCIM group pushes and must be set manually in 15Five.

Sync custom attributes from Okta to 15Five via SCIM

1. In the 15Five Okta app profile, add a new attribute with external name prefixed with custom_ (e.g., custom_costCenter).
2. Set the external namespace to urn:ietf:params:scim:schemas:extension:15Five:2.0:User.
3. Map the Okta user profile attribute to the new custom_ app attribute.
4. Trigger a sync by updating a user field in Okta.

Watch out for: Custom attribute SCIM sync is only supported via Okta. Azure AD and Google Workspace SCIM integrations do not support syncing custom attributes to 15Five - use bulk CSV import instead for those IdPs.

Several non-obvious constraints create integration debt. API keys expire after exactly one year with no auto-rotation - a 14-day warning email is sent, but expired keys stop working silently. Rate limits are enforced per IP per server but exact numeric thresholds are undocumented; implement exponential backoff on HTTP 429 responses.

Webhooks are not available natively; change detection requires polling against /user/ or /report/. Group admin assignment cannot be set via API or SCIM - it will be blank after programmatic group creation and must be set manually in the UI.

Azure AD initial SCIM sync can take up to 40 minutes, and subsequent syncs are field-change triggered rather than scheduled. Vacation and time-off data cannot be written to 15Five via the API at all.