Phase 1: Authentication

Phase 1: Authentication

Access tokens

While the deprecated Job Posting API and the SEEK API both use OAuth 2.0 , they have different sets of endpoints & client credentials.
SEEK will provide you with SEEK API client credentials as part of your development process. As with any sensitive credentials, you will need to store these securely in a system such as AWS Secrets Manager , Azure Key Vault , or an encrypted local filesystem.
Your software exchanges the client credentials for a partner token. A partner token grants access to the data of any SEEK hirer you have a relationship with. Your software can also exchange the partner token for a browser token to query the SEEK API directly from a hirer’s browser or mobile app.
For more information on how authentication works and how to generate an access token, see the auth documentation.

Authorisation

The SEEK API authorises operations based on a set of relationships between you and the SEEK hirers that use your software.
Internally, both the Job Posting API and the SEEK API use the same JobPosting hirer relationships. Once you authenticate to the SEEK API you’ll be able to post jobs on behalf of your existing SEEK hirers.

Exit criteria

The following criteria need to be met before moving to the next phase:
Criteria
Description
Credentials received
The SEEK support team has sent you an encrypted ZIP file with your client credentials (client ID & secret)
Credentials stored securely
The credentials have been stored in a secure cloud-based system or encrypted local filesystem
Credentials ready for consumption
Your software backend has the correct permissions & capability to securely retrieve the credentials at run time
Partner token obtained
Your software backend can successfully retrieve and cache a partner token from auth.seek.com
Browser token obtained
Your frontend can successfully retrieve a browser token via your software’s backend