Added two new optional security settings to the WebSSO SAML configuration:
Require signed assertions – enforces that the SAML assertion itself must be digitally signed. If the assertion is not signed, login attempts will be rejected.
Enable strict replay attack protection – ensures that every login response matches a specific request issued by SmartRecruiters, preventing replay attacks. This option disables IdP-initiated logins.
Impact
This enhancement is backward-compatible and does not require any changes to existing client implementations.
Both options are disabled by default for all existing configurations. Administrators can enable them as needed depending on their IdP setup and security requirements.
Updating the Interview Templates API with new endpoints and deprecated the old end points.
This API allow to create, update, delete and search for interview and manage job templates.
In interview templates API:
The following endpoints are added to replace the deprecated interview template endpoints:
GET templates
GET templates/{id}
POST templates
PUT templates/{id}
DELETE templates/{id}
GET templates/jobs/{jobId}
The following endpoints are added to replace the deprecated job level interview template endpoints:
GET job-templates/jobs/{jobId}
GET job-templates/job-applications/{applicationId}
PATCH job-templates/{jobInterviewTemplateId}
PUT job-templates/{jobInterviewTemplateId}
POST job-templates/jobs/{jobId}/search
GET job-templates/jobs/{jobId}/hiringStages/{hiringStage}
PUT job-templates/jobs/{jobId}/hiringStages/{hiringStage}
Impact
The Interview Templates API empowers users to interact with the interview templates, job level templates and interviewers scheduling preferences.
The previous end points are deprecated and replaced with new endpoints.
In interview templates API:
The following endpoints are deprecated:
GET interview/templates
GET interview/templates/{id}
POST interview/templates
PUT interview/templates/{id}
DELETE interview/templates/{id}
The following job level templates endpoints are deprecated:
GET interview/templates/jobs/{jobId}
GET interview/templates/job-applications/{applicationId}
Extending Jobs API by adding new optional integer request parameter delayPublicInDays used to postpone PUBLIC jobAd creation. The following endpoints are impacted:
POST jobs/{jobId}/jobads/{jobAdId}/postings
POST jobs/{jobId}/publication
Impact
This enhancement is backward-compatible and does not require any changes to existing client implementations.
This feature allows clients to add option to schedule INTERNAL jobAd to become PUBLIC after specified period of time. If the delayPublicInDays parameter is not specified, the default behavior is not to publish jobAd as PUBLIC.
Removed deprecated interviewers property from the Interview Templates API.
This property was deprecated in favor of the hiringTeamRoleToInterviewers property, which provides a more structured way to manage interviewers selection
in the context of hiring teams. It allows to specify interviewers based on their roles within the hiring team,
whereas the interviewers property was a flat list of interviewers with implicitly assigned ANY role.
Since now the hiringTeamRoleToInterviewers property is the only way to manage interviewers in the Interview Templates API.
It is removed from the request of the following endpoints:
This change enforces the removal of the interviewers property from any existing integrations and requires all the clients
to migrate from interviewers to hiringTeamRoleToInterviewers property.
It ensures that all interviewers are managed in a consistent way, and that the interviewers are always associated with their roles within the hiring
team.
The Jobs API now accepts job properties keys as values for the ids parameters in the request body of the following endpoints:
POST jobs
PUT jobs/{jobId}
PATCH jobs/{jobId}
Additionally, the job properties keys are now included in the responses of the following endpoints:
POST jobs
GET jobs/{jobId}
PUT jobs/{jobId}
PATCH jobs/{jobId}
Impact
This enhancement is backward-compatible and does not require any changes to existing client implementations. The feature brings new flexibility - the client can use the keys of the job properties instead of the ids to access and manage the job properties data.
Introduced a new field to the Interview Templates API called repeat. This field configures when and how many times
a candidate should be prompted to select a time slot for an interview if they haven't already done so.
If not provided, the default behavior is to not repeat the prompt.
It is added to request of the following endpoints:
Introduced a new field to the Self Scheduling API called repeat. This field configures when and how many times
a candidate should be prompted to select a time slot for an interview if they haven't already done so.
If not provided, the default behavior is to not repeat the prompt.
It is added to request of the following endpoints:
Extending Jobs API by adding new optional boolean request parameter includeInternal to include internal sources when publishing jobAd. The following endpoints are impacted:
POST jobs/{jobId}/jobads/{jobAdId}/postings
POST jobs/{jobId}/publication
Impact
This enhancement is backward-compatible and does not require any changes to existing client implementations. This feature allows clients to include/exclude internal sources when publishing jobAds. If the includeInternal parameter is not specified, the default behavior is to include internal sources.
Extending Candidates API by starting accepting the key of the application property as an id path parameter (and within the request body) of the following endpoints:
PUT candidates/{id}/jobs/{jobId}/properties
PUT candidates/{id}/properties/{propertyId}
PUT candidates/{id}/jobs/{jobId}/properties/{propertyId}
Extending Candidates API by adding the application property key to the response of the following endpoints:
GET candidates/{id}/properties
GET candidates/{id}/jobs/{jobId}/properties
Impact
This enhancement is backward-compatible and does not require any changes to existing client implementations. The feature brings new flexibility - the client can use the key of the application property instead of the id to access and manage the application properties data.
