This content is still in draft.
- If the
seek-prefill-idparameter is present, skip ahead to handle authorization in the Allow access scenario. - If the
seek-prefill-idparameter is not present, display the Apply with SEEK button with aredirectUriback to the current page.
- When a candidate links out from a SEEK job ad to your apply form, and they manually click the Apply with SEEK button on the form.
- When a candidate links out from a SEEK job ad to your apply form, and they have pre-authorized your software to pre-fill the form.
- When a candidate arrives on your apply form directly or through another channel, and they manually click the Apply with SEEK button on the form.
seek-token parameter appended to the query string of the applicationUri:Text
Copy
https://example.com/position/123/?seek-token=eyJqb2JJZCI6MCwiY2FuZGlkYXRlSWQiOjAsInNlc3Npb25JZCI6IiJ9applyWithSeekButton query and subsequent signals like apply form submission.
It is unique to that specific candidate, job ad, and session,
and must not be reused outside of the context of their current application.QueryVariablesResult
CopyGraphQL Explorer
{"input": {
// The HTTPS URL to redirect the candidate to after authorization.
// Your software may embed dynamic state in the query string for CSRF protection.
"redirectUri": "https://example.com/position/123/apply",
// The identifier for the SEEK hirer that is filling the position.
// "<Partner Name> on behalf of <Hirer Name>" will be displayed on the authorization page.
"hirerId": "seekAnzPublicTest:organization:seek:93WyyF1h",
// The HTTPS URL of your apply form for the specific position.
"applicationUri": "https://example.com/position/123/apply",
// An optional hirer-provided free-text job reference.
"seekHirerJobReference": "REQ-65558",
// The seek-token received as part of the query string when the candidate arrived from SEEK.
"token": "eyJqb2JJZCI6MCwiY2FuZGlkYXRlSWQiOjAsInNlc3Npb25JZCI6IiJ9"
}
}
seek-prefill-id parameter in the query string,
skip ahead to handle authorization in the Allow access scenario.This is a variation of Scenario 1 where the candidate has linked out from a SEEK job ad,
but they have additionally pre-authorized your software to pre-fill the form using their SEEK Profile.
You may test this scenario by posting a job ad using your test hirer account with a position title that contains the string [PREAUTH].As with Scenario 1,
propagate the seek-token parameter to subsequent signals like apply form submission.
seek-token parameter will not be present in the query string and should be omitted from the applyWithSeekButton query.QueryVariablesResult
CopyGraphQL Explorer
{"input": {
// The HTTPS URL to redirect the candidate to after authorization.
// Your software may embed dynamic state in the query string for CSRF protection.
"redirectUri": "https://example.com/position/123/apply",
// The identifier for the SEEK hirer that is filling the position.
// "<Partner Name> on behalf of <Hirer Name>" will be displayed on the authorization page.
"hirerId": "seekAnzPublicTest:organization:seek:93WyyF1h",
// The HTTPS URL of your apply form for the specific position.
"applicationUri": "https://example.com/position/123/apply",
// An optional hirer-provided free-text job reference.
"seekHirerJobReference": "REQ-65558"
}
}applyWithSeekButton query each time your apply form is loaded without a seek-prefill-id parameter in the query string.
It provides display assets for the Apply with SEEK button and a single-use authorization URL to link to.
The authorization page prompts the candidate to share their SEEK Profile for the purpose of pre-filling your apply form.We recommend this option as it presents consistent and recognisable branding to the candidate while reducing ongoing maintenance effort.Take SEEK’s branded button by selecting one of the images.
You should use buttonLabel as an accessible aria-label or alt ,
and link the button to the supplied url.QueryVariablesResult
CopyGraphQL Explorer
query ($input: ApplyWithSeekButtonInput!) {
applyWithSeekButton(input: $input) {
buttonLabel
images {
accent
}
url
}
}form + inputa + imgbutton
Copy
<form action={applyWithSeekButton.url} method="GET">
<input
style={{ background: applyWithSeekButton.images.accent }}
type="submit"
value={applyWithSeekButton.buttonLabel}
/>
</form>
buttonLabel and url to the custom element.Make sure to exclude the images field from your query.
Your software should only select the fields it uses as a best practice to reduce the surface area of your integration.QueryVariablesResult
CopyGraphQL Explorer
query ($input: ApplyWithSeekButtonInput!) {
applyWithSeekButton(input: $input) {
buttonLabel
url
}
}Accept-Language HTTP request header when it executes the applyWithSeekButton query.
We support multiple brands and languages across our markets,
so providing accurate country information and language preferences enables us to provide a more familiar experience for the candidate.See content localisation for more information.The SEEK API implicitly trusts your software to provide a safe redirectUri.
This is the same treatment given to Job Posting applicationUris provided for linking out,
and avoids the maintenance burden of strict URL allowlists.Follow best practices around URL redirection to protect candidates from phishing attempts.
At a minimum,
your software must have server-side provisions to ensure the redirectUri points to a web resource that your organization manages,
and prevent bad actors from manipulating redirection behaviour.See the OWASP cheat sheet for best practices,
and our Terms of Use for more information about your obligations.This section is for integration partners who enforce strict content security policies in their web-based software.Content Security Policy (CSP) is a security feature that helps prevent various types of attacks, including Cross-Site Scripting (XSS) and data injection attacks.
Add the following directive to your CSP to load Apply with SEEK assets from the SEEK API:HTML
Copy
Content-Security-Policy: img-src 'self'https://integration.seek.com/awsk/button-images/;self) and our images directory.