Partner tokens

Partner tokens authenticate your software’s backend to the SEEK API.A partner token grants access to the data of any SEEK hirer you have a relationship with. Partner tokens must never be sent to a third-party system such as a hirer’s browser.

Requesting a partner token

Exchange your client credentials for a partner token using auth.seek.com. This flow implements the OAuth 2.0 client credentials grant .
  1. Call the partner authentication endpoint with your client credentials.
    Request
    Copy
    POST https://auth.seek.com/oauth/token HTTP/1.1
    Content-Type: application/json
    User-Agent: YourPartnerService/1.2.3
    {
      "audience": "https://graphql.seek.com",
      "client_id": "CLIENT_ID_HERE",
      "client_secret": "CLIENT_SECRET_HERE",
      "grant_type": "client_credentials"
    }
    The Playground environment uses a separate https://test.graphql.seek.com audience.
  2. Receive the issued partner token.
    Response
    Copy
    HTTP/1.1 200 OK
    Content-Type: application/json
    {
      "access_token": "PARTNER_TOKEN_HERE",
      "expires_in": 1800,
      "token_type": "Bearer"
    }
    Partner tokens must be cached for the number of seconds specified in the response’s expires_in. The cache expiry must be read from each response; it cannot be hardcoded as the token lifetime is dynamic and may be updated without notice. Caching reduces the load on SEEK’s systems and improves your software’s response time.
  3. Pass the partner token in the HTTP Authorization header when making requests to the GraphQL endpoint.
    Request
    Copy
    POST https://graphql.seek.com/graphql HTTP/1.1
    Accept-Language: en-AU
    Authorization: Bearer PARTNER_TOKEN_HERE
    User-Agent: YourPartnerService/1.2.3

Token expiration

Re-initiate the client credentials flow in the above section to obtain a new partner token. Note that this flow does not feature a refresh token .Using a partner token right up to its expiry may lead to expiration occurring mid-flight due to clock drift or request latency. Consider leaving a reasonable buffer of around a minute, or obtaining a new partner token and retrying the request on an UNAUTHENTICATED error.