SEEK uses OAuth 2.0 access tokens to authenticate access to the SEEK API.
You are provided with client credentials which are exchanged for an expiring partner token. Partner tokens can be exchanged again for a restricted browser token to use from a hirer’s browser.
Your OAuth 2.0 client credentials authenticate your organisation to SEEK. They grant full access to the data of your authorised SEEK hirers and their candidates.
SEEK will provide your client credentials in a password-protected ZIP file. The ZIP file’s password will be sent over a separate form of communication such as SMS. This reduces the risk of the client credentials being stolen if one communication channel is compromised.
Store your client credentials securely in a system such as AWS Secrets Manager or an encrypted local filesystem. Never send your unencrypted credentials over an insecure channel such as email or Slack. If your credentials are lost or compromised, please contact SEEK immediately for a managed credential rotation.
The SEEK API issues two types of access tokens depending on the calling system:
- Browser tokens allow you to query the SEEK API directly from a hirer’s browser or mobile app. A browser token is scoped to a SEEK hirer and a set of actions that can be performed on the hirer’s behalf.
The SEEK API authorises operations based on a set of relationships between you and your SEEK hirers. Each use case requires a corresponding relationship to allow you to act on behalf of the hirer. SEEK’s support team must explicitly configure these relationships as part of onboarding a SEEK hirer to your software.