Register your app and call Indeed APIs

Register your app to authorize its access to resources, then call Indeed APIs.

 

legal notice

By using this API and its documentation and building an integration, you agree to the Additional API Terms and Guidelines.

OAuth at Indeed

An app represents the integration of Indeed APIs and services into your product.

Approved partners use Partner Console to access testing tools and manage integrations, credentials, and associated APIs and services. For 3-legged OAuth apps, approved partners also use Partner Console to configure redirect URLs and view what the OAuth consent screen looks like to users.

After you authorize your app's access to resources, you authenticate its identity and permissions when you call Indeed APIs:

Authorize your app's access to resources
1.	Create an Indeed account that your team can reuse for testing.
2.	Set up your app with your Indeed account.
3.	If Indeed authorizes your app to act on behalf of a user, you must get an authorization code.
Authenticate your app's identity and permissions
4.	Exchange your OAuth credentials for an access token.
5.	Refresh your access token after an hour.
6.	When you call Indeed APIs, include your access token to authenticate your app's identity and permissions.
Troubleshoot errors
7.	To troubleshoot OAuth or GraphQL errors, see Troubleshoot errors.

1. Create an Indeed account

Create an Indeed account. Indeed recommends that you use an email account that the administrators in charge of your integration can access.

2. Set up your app

As part of onboarding, you ask Indeed to register your app with your Indeed account. Indeed grants your account access to Partner Console, which you use to access your OAuth credentials: a client ID and secret. When you register your app, Indeed sets it up with the correct type of OAuth for your use case. For more information, see Credentials.

Approved partners use Partner Console to access testing tools and manage integrations, credentials, and associated APIs and services. For 3-legged OAuth apps, approved partners also use Partner Console to configure redirect URLs and view what the OAuth consent screen looks like to users.

Indeed authorizes your app to act on behalf of itself and, optionally, to act on behalf of a user. Indeed uses OAuth 2.0 for authorization.

For partners who integrate with the Employer Data API, Indeed provides an employerIdType value, which you provide in the type field in the patchEmployer and createSourcedJobPostings mutations.

For an example of patchEmployer, see Create an example employer.

For an example of createSourcedJobPostings, see Create an example job.

3. Get authorization code

If Indeed authorizes your app to act on behalf of a user, you must get an authorization code. The owner of an Indeed account sends this OAuth credential to your app to enable calling the API on their behalf.

See the get an authorization code example.

4. Get access token

Exchange your OAuth credentials for an access token.

You cannot use these OAuth credentials for Indeed Apply.

1. Make a POST request to the https://apis.indeed.com/oauth/v2/tokens endpoint with the HTTP Accept and Content-Type request headers and the request body parameters for oauth/v2/tokens for your authorization flow.

   See these examples:

   • Get or refresh 2-legged access token
   • Get 3-legged access token

   To request scopes that grant permissions to your app, include the scope parameter.

2. Securely store the access token and, if you have one, the refresh token.

5. Refresh access token

Access tokens are valid for one hour. To refresh your access token:

1. Make a POST request to the https://apis.indeed.com/oauth/v2/tokens endpoint with the HTTP Accept and Content-Type request headers and the request body parameters for oauth/v2/tokens for your authorization flow.

   See these examples:

   • Get or refresh 2-legged access token
   • Refresh 3-legged access token

2. Securely store the access token and, if you have one, the refresh token.

6. Call Indeed APIs

1. In each API call, pass the access token in the Authorization header with the Bearer authentication scheme.

   Authorization: Bearer <token>

2. For GraphQL APIs, POST the request to the following endpoint:

   POST https://apis.indeed.com/graphql 

   Use the POST method for all queries and mutations. The GraphQL APIs do not support the GET method.

   In the POST request body, include the mutation or query, an optional operation name, and variable inputs:

   {
     "query": "...",
     "operationName": "...",
     "variables": {
       "myVariable": "someValue",
       ...
     }
   }

7. Troubleshoot errors

To troubleshoot OAuth errors that can occur before you access GraphQL, see Troubleshoot OAuth errors.

To troubleshoot GraphQL errors, see Troubleshoot GraphQL errors.