Client credentials flow (2-legged OAuth)

Authorize your app to act on behalf of itself.

legal notice

By using this API and its documentation and building an integration, you agree to the Additional API Terms and Guidelines.

Client credentials flow (2-legged OAuth) overview

Use the client credentials flow (2-legged OAuth) to authorize your app to act on behalf of itself.

For an overview of Indeed authorization and authentication, see OAuth at Indeed.

Not all Indeed APIs support the client credentials flow (2-legged OAuth). See OAuth at Indeed.

Client credentials flow (2-legged OAuth) steps

Complete these steps to authorize your app to act on behalf of itself and associated employer accounts:

Frequency	#	Step
Once	1.	Create an Indeed account. This is not required in Japan.
Once	2.	Ask Indeed to register your app.
For each app	3.	Get an access token.
For each app	4.	Refresh your access token.
For each API call	5.	Call Indeed APIs.

Approved partners use Partner Console to access testing tools and manage integrations, credentials, and associated APIs and services.

You can also complete these actions:

Action	Description
Get access token that represents employer	Build an employer selection screen that lists employers associated with the user that registered the app. Then, get an access token that represents the employer that the user selects from the employer selection screen.
Authorize an app to act on your behalf	Authorize an app to act on your behalf or remove that authorization.

Get access token that represents employer

An Indeed API might require you to represent an employer or an advertiser with an access token.

First, build an employer selection screen that lists employers associated with the user that registered the app.

After the user selects an employer from that screen, get an access token that represents that employer.

An access token can represent only one employer. To switch employers, refresh your access token.

Build employer selection screen

You can build an employer selection screen that lists employers associated with the user who registered the app.

Get an access token with scope=employer_access.

This scope enables you to list employer accounts associated with the user that registered the app.
Call the v2/api/appinfo endpoint.

Include your token in the Authorization header with the Bearer authentication scheme:
```
curl -H 'Authorization:Bearer eyJraWQiOiI1OTdjYTgxNCImEwzjgselIuEYGlJxsERATA' \
https://secure.indeed.com/v2/api/appinfo
```
The response shows id and name fields for each employer.

For example, the id field for US Robots and Mechanical Men is 4bc393648e880bc94dd6cef8efbc8486:
```
{
  "employers": [
    {
      "id": "084a39249af95beedfb90cc5d2b8833c",
      "name": "Dharma Initiative"
    },
    {
      "id": "865e08b649774436ee1f410b611fad7c",
      "name": "Umbrella Corporation"
    },
    {
      "id": "4bc393648e880bc94dd6cef8efbc8486",
      "name": "US Robotics and Mechanical Men"
    }
  ]
}
```
Build an employer selection screen that enables the user to select an employer from this list.

Get employer access token

Get an access token that represents the employer that the user selects from the employer selection screen.

Call the https://apis.indeed.com/oauth/v2/tokens endpoint with the employer parameter, and the HTTP Accept and Content-Type request headers.

Use the ID of the employer that the user selected to get an access token that represents that employer:
```
curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' -H 'Accept: application/json' \
  -d 'grant_type=client_credentials' \
  -d 'scope=employer_access' \
  -d 'client_id=b0c3b1092225d3e99f85d7aa3fe1e6001f9a0bb798717cbc2008e58fbda3ef16' \
  -d 'client_secret=1YFoyZOWmr83njlsIuyCL9QQq5jZkRCR4UtmHGp22MRzjIhe5RbynnAGmuYLFbYx' \
  -d 'employer=4bc393648e880bc94dd6cef8efbc8486' \
  https://apis.indeed.com/oauth/v2/tokens
```
Include these request body parameters for oauth/v2/tokens:

Request body parameter Required Value
grant_type ✔
client_credentials
scope ✔
employer_access
client_id ✔
Your client ID.
client_secret ✔
Your client secret.
employer ✔ An employer ID.

This request returns an access token that represents that employer.

If you request an access token for an employer that is not associated with the user that registered the app, this error occurs:
```
{
  "error_description": "Invalid request",
  "error": "invalid_request"
}
```
For an example of an error response, see Error response.

Request body parameter	Required	Value
`grant_type`	✔	`client_credentials`
`scope`	✔	`employer_access`
`client_id`	✔	Your client ID.
`client_secret`	✔	Your client secret.
`employer`	✔	An employer ID.

Authorize an app to act on your behalf

Use the Indeed Users page to authorize, or remove authorization from, an app to act on your behalf.

On the Indeed Users page, select an employer account, then select Add users.
Enter the user's email address.

Select the level of access, then select Save and notify new users.

The user receives an email invitation to join your organization on Indeed. If they accept, they are granted the selected permissions.

Enable another company to act on your behalf

To enable another company to act on your behalf, share your employer ID with the company.

This ID appears in a small font above the page footer on the Indeed Users page. The employer ID is not secret, so you can share it with other companies.

Client credentials flow (2-legged OAuth) overview​

Client credentials flow (2-legged OAuth) steps​

Get access token that represents employer​

Build employer selection screen​

Get employer access token​

Authorize an app to act on your behalf​

Enable another company to act on your behalf​

On this page