Authentication
All API requests are authenticated with scoped API keys.
Bearer Token
Add your API key to the HTTP header Authorization using the scheme Bearer.
HTTP header
curl example
Available scopes
Each API key is associated with a set of scopes that define the accessible resources. Apply the principle of least privilege by selecting only the scopes you need.
| Paramètre | Type | Requis | Description |
|---|---|---|---|
interviews:read | string | Non | Read interviews and their details. |
interviews:write | string | Non | Create and update interviews. |
candidates:read | string | Non | Read candidate profiles. |
candidates:write | string | Non | Create and update candidates. |
jobs:read | string | Non | Read job postings. |
jobs:write | string | Non | Create and manage job postings. |
campaigns:read | string | Non | Read hiring processes. |
campaigns:write | string | Non | Create and manage hiring processes. |
stages:read | string | Non | Read pipeline stages. |
stages:write | string | Non | Manage pipeline stages. |
tests:read | string | Non | Read technical tests. |
tests:write | string | Non | Create and manage tests. |
reports:read | string | Non | Read results (tests and interviews). |
agents:read | string | Non | Read AI agents (config, voice, tone). |
agents:write | string | Non | Create and update AI agents. |
Key management
- Create your keys from Integrations → API keys.
- A key is shown only once at creation, so copy it immediately.
- Revoke a compromised key instantly from the interface (icon
...→ Revoke). - There is no limit on the number of active keys per organization.
Common errors
401 Unauthorized The key is missing, invalid, or has been revoked.
403 Forbidden The key is valid but does not have the scope required for this resource.
Usage examples
bash
Frequently asked questions
No. Scopes are defined at creation and cannot be changed. Revoke the key and create a new one with the scopes you want.
Store it in an environment variable or a secrets manager (AWS Secrets Manager, Vault, etc.). Never commit it to your source code or your logs.
Keys do not expire automatically. They stay active until manually revoked. We recommend rotating them every quarter.