Auth

Authentication

SEEK uses OAuth 2.0  access tokens to authenticate access to the SEEK API.You are provided with client credentials which are exchanged for an expiring partner token. Partner tokens can be exchanged again for a restricted browser token to use from a hirer’s browser.

Client credentials

Your OAuth 2.0  client credentials authenticate your organization to SEEK. They grant full access to the data of your authorized SEEK hirers and their candidates.You may issue your credentials on the Developer Dashboard’s credentials page. You may also rotate your credentials there if they are lost or compromised.Store your client credentials securely in a system such as AWS Secrets Manager  or an encrypted local filesystem. Never send your unencrypted credentials over an insecure channel such as email or Slack.

Partner and browser tokens

The SEEK API issues two types of access tokens depending on the calling system:
  • Partner tokens authenticate your software’s backend to the SEEK API. A partner token grants access to the data of any SEEK hirer you have a relationship with.
  • Browser tokens allow you to query the SEEK API directly from a hirer’s browser or mobile app. A browser token is scoped to a SEEK hirer and a set of actions that can be performed on the hirer’s behalf.

Hirer relationships

The SEEK API authorizes operations based on a set of relationships between you and your SEEK hirers. Each use case requires a corresponding relationship to allow you to act on behalf of the hirer. SEEK’s support team must explicitly configure these relationships as part of onboarding a SEEK hirer to your software.