Client credentials flow (2-legged OAuth)

Authenticate your app to act on behalf of the Indeed user that registered the app and that user's associated employer accounts.



By using this API and its documentation and building an integration, you agree to the Additional API Terms and Guidelines.

Overview of the client credentials flow (2-legged OAuth)

Use this flow to authorize your app to act on behalf of the Indeed account that registers your app to get client ID and secret credentials. To use this flow, complete these steps:



Register your app to get a client ID and secret, which identify your app.

For each app


Get an access token. You include this token in each API call to prove that your app is authorized to make calls on behalf of the Indeed account that the token identifies. You exchange your client ID and secret for an access token.

For each API call


Pass your access token each time that you call an Indeed API.

Step 1. Get a client ID and secret

  1. Go to Manage app credentials, sign in to your Indeed account, then click Register new application.

  2. Enter your app name and description, select the OAuth 2.0 credential type, then click Save and continue.

    📘 Note: Add these suffixes to these versions of your app:

    • Test: -dev
    • Production: -prod

    For example, AceRecruitersApp-dev and AceRecruitersApp-prod.

  1. Select the client credentials grant type, then click Save and continue.

  2. Optionally, provide your company name, homepage, support email address and link to your public privacy policy, then click Save and continue.

  3. Preview your app information, then click Complete registration.

    The page shows information about your app, including the client ID, and if your app is not a public client, your client secret.

    📘 Important: Store your client ID and secret securely. Other than including these credentials in API calls, never share your credentials or store them in a public Git repository.

Step 2. Get an access token

To get an access token, make a POST request to the endpoint with the Content-Type and Accept request headers and request body parameters:

curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' -H 'Accept: application/json' \
  -d 'grant_type=client_credentials' \
  -d 'scope=employer_access' \
  -d 'client_id=<your-client_id>' \
  -d 'client_secret=<your-client_secret>' \



When you get an access token, you can use the basic authentication scheme instead of passing your client ID and secret in the /oauth/v2/tokens request body. To use this scheme, you encode and pass these credentials in an Authorization Basic header.

The response includes the access token, scope, token type, and the expires_in field, which indicates the duration, in seconds, that the access token is valid. The access token expires after one hour, or 3600 seconds. After the access token expires, use the refresh token to get a new access token.

  "access_token": "eyJraWQiOiI1OTdjYTgxNC0YdVBLkWfA",
  "scope": "employer_access",
  "token_type": "Bearer",
  "expires_in": 3600

Step 3. Call an Indeed API

To call an Indeed API, use the access token.

You can continue to use the access token for an hour. After an hour, get a new access token.



Not all Indeed APIs support the client credentials flow.

Additional tasks

Associate user account with employer account

An Indeed API might require you to represent an employer with an access token. An access token represents only one employer. You can build a UI that enables users to switch between employer accounts.

To get an access token for an employer:

  1. Get an access token with the employer_access scope.

  2. To list employers associated with the user account that registered the app, call the appinfo endpoint:

    With each API call, pass the access token in an Authorization header with the Bearer authentication scheme:

    curl -H 'Authorization:Bearer eyJraWQiOiI1OTdjYTgxNCImEwzjgselIuEYGlJxsERATA' \

    This query lists the id and name fields for each employer:

      "employers": [{
          "id": "084a39249af95beedfb90cc5d2b8833c",
          "name": "Dharma Initiative"
          "id": "865e08b649774436ee1f410b611fad7c",
          "name": "Umbrella Corporation"
          "id": "4bc393648e880bc94dd6cef8efbc8486",
          "name": "US Robotics and Mechanical Men"
  3. Build a user interface that enables the user to select an employer from the list of employers.

Get and manage scopes

When you request an access token, you request Indeed-supported scopes that define your app's permissions.

See also

  • OAuth glossary for common OAuth term descriptions
  • OAuth reference for request headers, request body parameters, response fields, Indeed-supported scopes, and the basic authentication scheme