FAQs
Frequently asked questions about authentication and OAuth.
Client credentials
Your OAuth credentials are a client ID and secret. You access these credentials in Partner Console. You exchange your client ID and secret for an access token, which is a long, garbled string. Include this token in every API call to authenticate your app's identity and its permissions. Access tokens are valid for one hour.
If you are an ATS that is building an integration that requires the authorization code flow (3-legged OAuth), and you do not have an OAuth application registered with Indeed, you must create an OAuth client ID.
When you become an Indeed partner, Indeed sets up an app that integrates Indeed APIs and services into your product. Indeed grants your Indeed user account access to Partner Console, which you use to access your app's OAuth credentials: a client ID and secret.
You need these OAuth credentials to exchange them for an access token. Then, you include your access token on Indeed API calls to authenticate your app's identity and its permissions.
Access tokens
Access tokens expire in one hour, so you exchange your OAuth credentials for an access token every hour.
For the authorization code flow (3-legged OAuth), your app must request an authorization code, which grants your app permission to act on behalf of a user and their associated employer account. For example, use this flow to create an Indeed interview or create a sponsored campaign.
The user of the account to which you want access grants you this code, which expires in 10 minutes. After you get an authorization code, log in to Partner Console with your Indeed user account.
On the Dashboard, select your app in the Apps list. The Credentials tab on the app details page lists your OAuth credentials: a client ID, secret, and authorization code. You exchange these credentials for an access token.
When you request an access token, you receive a response like this:
{ "access_token": "<access_token>", "refresh_token": "<refresh_token>", "id_token": "<id_token>", "scope": "offline_access employer_access email", "consented_scope": "offline_access employer_access email", "convid": "1er835qvtu54n800", "token_type": "Bearer", "expires_in": 3600}Access the JWT debugger.
Authorization code flow
Indeed redirects the user to the page at the redirect_uri endpoint with the code and state parameters appended. For example:
http://www.companyname.com/oauth/indeed?code=rXZSABCyYQHQ&state=employer12Make a POST request to the https://apis.indeed.com/oauth/v2/tokens endpoint.
You must provide the code, client_id, client_secret, redirect_uri, and grant_type parameters. Optionally, specify the employer parameter.
Employer access
See Get access token that represents an employer.
This authorization link triggers the display of these screens:
| Screen | Description |
|---|---|
| Authentication | Appears when the user is logged out of Indeed. |
| OAuth consent | Enables a user to grant consent for any scopes that the OAuth app requests, such as the employer_access scope. |
| Indeed employer selection | Enables a user to select an employer from a list of employers associated with the user account. |
If an employer is associated with the user account, you must specify prompt=select_employer when you request the authorization code. This parameter prompts the authorizing user with an Indeed employer selection screen, from which the user chooses the employer account.
An access token can represent only one employer. To switch employers, get an access token.
See also: