SupportPartner

Log in with Indeed

Use Indeed-provided images to create Log In with Indeed buttons.

📘

Note:

By using this API and its documentation and building an integration, you agree to the Additional API Terms and Guidelines.

Overview

To enable users to log in to your website with their Indeed credentials:

1.

Use one of the button images to construct the button UI element.

2.

When the user clicks the button, redirect the user to the Indeed OAuth authentication server.

3.

After the user authorizes your app, query the userinfo endpoint to get a unique job seeker ID.

Button images

Use one of the following images to construct your UI element.

Name Light background Dark background
Default default light button default dark button
Hover light hover dark hover
Pressed light pressed dark pressed
Focused light focus dark focus
Disabled light disabled dark disabled

Redirect the user

Construct a button that redirects the user to the Indeed OAuth authentication server.

  1. Get an authorization code. When the user clicks Log In with Indeed, link the button to the Indeed authorization endpoint.

    For example:

    <a href="https://secure.indeed.com/oauth/v2/authorize?client_id=6nwwcdklwgktryjw2j5fxh5t2fyneule7zg7mvw3pf9jbx3wmewzlxkdz1jxvt7c&redirect_uri=http%3A%2F%2Fwww.acerecruitersllc.com%2Fgotcode.html&response_type=code&state=employer1234&scope=email+offline_access+employer_access"><img src="indeed-button.png" alt="default light"/></a>

  2. Receive the authorization code. After the user authorizes your app, Indeed returns an authorization code to the redirect URL that you specified in the redirect_uri parameter. Capture this authorization code.

    For example:

    http://www.acerecruitersllc.com/gotcode.html?state=employer1234&code=lXe_sN-A4sU

  3. Exchange the authorization code for an access token.

    For example:

    curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' -H 'Accept: application/json' \
 -d 'code=lXe_sN-A4sU' \
 -d 'client_id=6nwwcdklwgktryjw2j5fxh5t2fyneule7zg7mvw3pf9jbx3wmewzlxkdz1jxvs6b' \
 -d 'client_secret=02KKpg6yLXw2v3FKf5lqyFGtMQCvPBNbJIw89SoSd9fts1LAdlvwUQQ6dwhAhEXv' \
 -d 'redirect_uri=http://localhost:3000/oauth/callback' \
 -d 'grant_type=authorization_code' \
 https://apis.indeed.com/oauth/v2/tokens

    The response looks like this:

    {
  "access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV[...]",
  "id_token": "eyJraWQiOiJlMzEzZTc4My1lM2YwLTQ3ZWMtY[...]",
  "refresh_token": "rXZSMNyYQHQ",
  "expires_in": 3600,
  "token_type": "Bearer",
  "scope": "email offline_access",
  "consented_scope": "email offline_access"
}

  4. Use this access token to make API calls on behalf of the user.

Get the user ID

  1. Pass the access token to the v2/api/userinfo endpoint.

    This example request queries the user's account key and email address:

    GET /v2/api/userinfo HTTP/1.1
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
Host: secure.indeed.com

    The response shows the user's account key and email address:

    HTTP/1.1 200 OK
Content-Type: application/json

{
  "sub": "248289761001",
  "email": "min[email protected]",
  "email_verified": true
}

  2. Use this information to identify the logged-in user.

See also

Updated 3 days ago