Partner tokens authenticate your software’s backend to the SEEK API.
A partner token grants access to the data of any SEEK hirer you have a relationship with.
Partner tokens must never be sent to a third-party system such as a hirer’s browser.
Exchange your client credentials for a partner token using
auth.seek.com.
This flow implements the OAuth 2.0 client credentials grant .
- Call the partner authentication endpoint with your client credentials.RequestCopy
POST https://auth.seek.com/oauth/token HTTP/1.1
Content-Type: application/json
User-Agent: YourPartnerService/1.2.3
{"audience": "https://graphql.seek.com",
"client_id": "CLIENT_ID_HERE",
"client_secret": "CLIENT_SECRET_HERE",
"grant_type": "client_credentials"
}The Playground environment uses a separatehttps://test.graphql.seek.comaudience. - Receive the issued partner token.ResponseCopy
HTTP/1.1 200 OK
Content-Type: application/json
{"access_token": "PARTNER_TOKEN_HERE",
"expires_in": 1800,
"token_type": "Bearer"
}Partner tokens must be cached for the number of seconds specified in the response’sexpires_in. The cache expiry must be read from each response; it cannot be hardcoded as the token lifetime is dynamic and may be updated without notice. Caching reduces the load on SEEK’s systems and improves your software’s response time. - Pass the partner token in the HTTP
Authorizationheader when making requests to the GraphQL endpoint.RequestCopyPOST https://graphql.seek.com/graphql HTTP/1.1
Accept-Language: en-AU
Authorization: Bearer PARTNER_TOKEN_HERE
User-Agent: YourPartnerService/1.2.3
Re-initiate the client credentials flow in the above section to obtain a new partner token.
Note that this flow does not feature a refresh token .
Using a partner token right up to its expiry may lead to expiration occurring mid-flight due to clock drift or request latency.
Consider leaving a reasonable buffer of around a minute, or obtaining a new partner token and retrying the request on an
UNAUTHENTICATED error.