- Client credentials grant type (2-legged OAuth) overview
- Become an Indeed partner
- Get your OAuth credentials
- Get an access token
- Call Indeed APIs
- Get an access token that represents an employer
- Build employer selection screen
- Get employer access token
- Authorize an app to act on your behalf
- Enable another company to act on your behalf
- See also
Client credentials grant type (2-legged OAuth)
Authorize your app to act on behalf of itself.
By using this API and its documentation and building an integration, you agree to the Additional API Terms and Guidelines.
Client credentials grant type (2-legged OAuth) overview
When you become an Indeed partner, Indeed sets up an app that integrates Indeed APIs and services into your product. To view your app and its OAuth credentials, log in to Partner Console. Your OAuth credentials are a client ID and secret. You exchange these credentials for an access token that you include in your Indeed API calls for authentication.
You can also complete these tasks:
- Get an access token that represents an employer.
- Authorize an app to act on your behalf.
- Enable another company to act on your behalf.
Become an Indeed partner
If you are not already a partner, become an Indeed partner.
Get your OAuth credentials
-
Log in to Partner Console with your Indeed user account.
-
On the Dashboard, select your app in the Apps list.
The Credentials tab on the app details page lists your OAuth credentials: a client ID and secret.
Get an access token
To get an access token, send a POST request to https://apis.indeed.com/oauth/v2/tokens with these headers and body parameters, using a command-line tool like curl or a UI tool like Insomnia.
Don't expose the client secret to end users. Indeed recommends generating tokens in the backend.
curl -L 'https://apis.indeed.com/oauth/v2/tokens' \ -H 'Accept: application/json' \ -H 'Content-Type: application/x-www-form-urlencoded' \ -d 'client_id=<client_id>' \ -d 'client_secret=<client_secret>' \ -d 'grant_type=client_credentials' \ -d 'scope=employer_access'The request headers are:
| Header | Value |
|---|---|
Accept |
|
Content-Type |
|
The request body parameters are:
{ "access_token": "<access_token>", "scope": "employer_access", "token_type": "Bearer", "expires_in": 3600}Your token expires in one hour (3600 seconds). Refresh your token hourly.
Call Indeed APIs
To call an Indeed GraphQL API, send a POST request to https://apis.indeed.com/graphql with these headers and your GraphQL query or mutation:
curl -L 'https://apis.indeed.com/graphql' \ -H 'Authorization: Bearer <access_token>' \ -H 'Content-Type: application/json' \ -d '{"query":"query {\n jobSearch(\n location: { radius: 5, radiusUnit: MILES, where: \"Austin\" }\n what: \"Nurse\"\n limit: 5\n ) {\n results {\n job {\n title\n sourceEmployerName\n }\n }\n }\n}","variables":{}}'Request headers:
| Header | Value | Description |
|---|---|---|
|
| Authenticate with the server to access protected resources. Pass the access token in this header using the note For the See Get an access token and Authorization header. |
|
| The media type of the resource. See Content-Type header. |
The -d parameter specifies the GraphQL query:
query { jobSearch(location: { radius: 5, radiusUnit: MILES, where: "Austin" } what: "Nurse" limit: 5) { results { job { title sourceEmployerName } } }}{ "errors": [{ "message": "The client does not have access to the 'job-retrieval-service' service.", "extensions": { "code": "INTERNAL_SERVER_ERROR" } }], "data": null}Get an access token that represents an employer
Some Indeed APIs require an access token that represents an employer or advertiser.
Build an employer selection screen that lists employers associated with the user who registered the app. After the user selects an employer, get an access token for that employer.
Each access token represents one employer. To switch employers, get a new access token.
Build employer selection screen
You can build an employer selection screen that lists employers associated with the user who registered the app.
-
Get an access token with
scope=employer_access.This scope enables you to list employer accounts associated with the user that registered the app.
-
To list employer accounts associated with the user, call the
https://secure.indeed.com/v2/api/appinfoendpoint with theAuthorization: Bearer <access_token>header, where<token>is your access token:If the user has associated employer accounts, the response shows
idandnamefields for each employer.{"employers": [{"id": "084a39249af95beedfb90cc5d2b8833c","name": "Dharma Initiative"},{"id": "865e08b649774436ee1f410b611fad7c","name": "Umbrella Corporation"},{"id": "4bc393648e880bc94dd6cef8efbc8486","name": "US Robotics and Mechanical Men"}]}In this example, the
idfield for US Robots and Mechanical Men is4bc393648e880bc94dd6cef8efbc8486. -
Build an employer selection screen that enables the user to select an employer from this list.
Get employer access token
After the user selects an employer from the employer selection screen, get an access token that represents that employer.
To get an employer access token, POST to the https://apis.indeed.com/oauth/v2/tokens endpoint with Accept and Content-Type request headers, and request body parameters:
curl -L 'https://apis.indeed.com/oauth/v2/tokens' \ -H 'Accept: application/json' \ -H 'Content-Type: application/x-www-form-urlencoded' \ -d 'grant_type=client_credentials' \ -d 'scope=employer_access' \ -d 'client_id=<client_id>' \ -d 'client_secret=<client_secret>' \ -d 'employer=<employer_id>'The request headers are:
| Header | Value |
|---|---|
Accept |
|
Content-Type |
|
The request body parameters for oauth/v2/tokens are:
| Request body parameter | Required | Value |
|---|---|---|
grant_type | ✔ |
|
scope | ✔ |
|
client_id | ✔ | Your client ID. |
client_secret | ✔ | Your client secret. |
employer | ✔ | The ID of the employer that the user selected from the employer selection screen. |
The response contains an access token that represents that employer.
{ "access_token": "<access_token>", "scope": "employer_access", "token_type": "Bearer", "expires_in": 3600}If you request an access token for an employer that is not associated with the user who registered the app, an error occurs:
{ "error_description": "Invalid request", "error": "invalid_request"}Authorize an app to act on your behalf
Use the Indeed Users page to authorize, or remove authorization from, an app to act on your behalf.
-
On the Indeed Users page, select an employer account, then select Add users.
-
Enter the user's email address.
Select the level of access, then select Save and notify new users.
The user receives an email invitation to join your organization on Indeed. If they accept, they are granted the selected permissions.
Enable another company to act on your behalf
To enable another company to act on your behalf, share your employer ID with the company.
This ID appears in a small font above the page footer on the Indeed Users page. The employer ID is not secret, so you can share it with other companies.
See also
- Credentials
- HTTP request headers
- oauth/v2/tokens endpoint
- v2/api/appinfo endpoint
- Basic authentication scheme
- Troubleshoot OAuth errors
- Troubleshoot GraphQL errors