Description

Added two new optional security settings to the WebSSO SAML configuration:

  • Require signed assertions – enforces that the SAML assertion itself must be digitally signed. If the assertion is not signed, login attempts will be rejected.
  • Enable strict replay attack protection – ensures that every login response matches a specific request issued by SmartRecruiters, preventing replay attacks. This option disables IdP-initiated logins.

Impact

This enhancement is backward-compatible and does not require any changes to existing client implementations.
Both options are disabled by default for all existing configurations. Administrators can enable them as needed depending on their IdP setup and security requirements.

References

Description

Removing the following BETA Sandbox Public API endpoints:

  • getting list of available entity names: /configuration/entity-mapping/entity-names
  • getting entity mappings by configuration ID: /configuration/entity-mapping/entity-name/{entityName}/by-configuration-id
  • getting entity mappings by entity ID: /configuration/entity-mapping/entity-name/{entityName}/by-entity-id

Impact

There is no impact of this change on the users.

References

Description

Updating the Interview Templates API with new endpoints and deprecated the old end points.
This API allow to create, update, delete and search for interview and manage job templates.

In interview templates API:

The following endpoints are added to replace the deprecated interview template endpoints:

  • GET templates
  • GET templates/{id}
  • POST templates
  • PUT templates/{id}
  • DELETE templates/{id}
  • GET templates/jobs/{jobId}

The following endpoints are added to replace the deprecated job level interview template endpoints:

  • GET job-templates/jobs/{jobId}
  • GET job-templates/job-applications/{applicationId}
  • PATCH job-templates/{jobInterviewTemplateId}
  • PUT job-templates/{jobInterviewTemplateId}
  • POST job-templates/jobs/{jobId}/search
  • GET job-templates/jobs/{jobId}/hiringStages/{hiringStage}
  • PUT job-templates/jobs/{jobId}/hiringStages/{hiringStage}

Impact

The Interview Templates API empowers users to interact with the interview templates, job level templates and interviewers scheduling preferences.
The previous end points are deprecated and replaced with new endpoints.

In interview templates API:

The following endpoints are deprecated:

  • GET interview/templates
  • GET interview/templates/{id}
  • POST interview/templates
  • PUT interview/templates/{id}
  • DELETE interview/templates/{id}

The following job level templates endpoints are deprecated:

  • GET interview/templates/jobs/{jobId}
  • GET interview/templates/job-applications/{applicationId}
  • PATCH interview/templates/job/{jobInterviewTemplateId}
  • PUT interview/templates/job/{jobInterviewTemplateId}

References

Description

Extending Jobs API by adding new optional integer request parameter delayPublicInDays used to postpone PUBLIC jobAd creation. The following endpoints are impacted:

  • POST jobs/{jobId}/jobads/{jobAdId}/postings
  • POST jobs/{jobId}/publication

Impact

This enhancement is backward-compatible and does not require any changes to existing client implementations.
This feature allows clients to add option to schedule INTERNAL jobAd to become PUBLIC after specified period of time. If the delayPublicInDays parameter is not specified, the default behavior is not to publish jobAd as PUBLIC.

References

Description

Removed deprecated interviewers property from the Interview Templates API.
This property was deprecated in favor of the hiringTeamRoleToInterviewers property, which provides a more structured way to manage interviewers selection
in the context of hiring teams. It allows to specify interviewers based on their roles within the hiring team,
whereas the interviewers property was a flat list of interviewers with implicitly assigned ANY role.
Since now the hiringTeamRoleToInterviewers property is the only way to manage interviewers in the Interview Templates API.

It is removed from the request of the following endpoints:

It is removed from the response of the following endpoints:

Impact

This change enforces the removal of the interviewers property from any existing integrations and requires all the clients
to migrate from interviewers to hiringTeamRoleToInterviewers property.
It ensures that all interviewers are managed in a consistent way, and that the interviewers are always associated with their roles within the hiring
team.

References

Description

The Jobs API now accepts job properties keys as values for the ids parameters in the request body of the following endpoints:

  • POST jobs
  • PUT jobs/{jobId}
  • PATCH jobs/{jobId}

Additionally, the job properties keys are now included in the responses of the following endpoints:

  • POST jobs
  • GET jobs/{jobId}
  • PUT jobs/{jobId}
  • PATCH jobs/{jobId}

Impact

This enhancement is backward-compatible and does not require any changes to existing client implementations. The feature brings new flexibility - the client can use the keys of the job properties instead of the ids to access and manage the job properties data.

References

Description

Introduced a new field to the Interview Templates API called repeat. This field configures when and how many times
a candidate should be prompted to select a time slot for an interview if they haven't already done so.
If not provided, the default behavior is to not repeat the prompt.

It is added to request of the following endpoints:

Impact

This enhancement is backward-compatible and does not require any changes to existing client implementations.

References

Description

Introduced a new field to the Self Scheduling API called repeat. This field configures when and how many times
a candidate should be prompted to select a time slot for an interview if they haven't already done so.
If not provided, the default behavior is to not repeat the prompt.

It is added to request of the following endpoints:

Impact

This enhancement is backward-compatible and does not require any changes to existing client implementations.

References

Description

Extending Jobs API by adding new optional boolean request parameter includeInternal to include internal sources when publishing jobAd. The following endpoints are impacted:

  • POST jobs/{jobId}/jobads/{jobAdId}/postings
  • POST jobs/{jobId}/publication

Impact

This enhancement is backward-compatible and does not require any changes to existing client implementations. This feature allows clients to include/exclude internal sources when publishing jobAds. If the includeInternal parameter is not specified, the default behavior is to include internal sources.

References

Description

Extending Candidates API by starting accepting the key of the application property as an id path parameter (and within the request body) of the following endpoints:

  • PUT candidates/{id}/jobs/{jobId}/properties
  • PUT candidates/{id}/properties/{propertyId}
  • PUT candidates/{id}/jobs/{jobId}/properties/{propertyId}

Extending Candidates API by adding the application property key to the response of the following endpoints:

  • GET candidates/{id}/properties
  • GET candidates/{id}/jobs/{jobId}/properties

Impact

This enhancement is backward-compatible and does not require any changes to existing client implementations. The feature brings new flexibility - the client can use the key of the application property instead of the id to access and manage the application properties data.

References