This change adds an optional scope property to the callbackAuthentication object of type oauth2 in the POST /webhooks-api/v201907/subscriptions request body params.
It allows customers to define scopes that will be passed to the token service used by SmartRecruiters to obtain an access token for the webhook callback URL.
Impact
This is a non-breaking change, as it only adds a parameter to the request of a single endpoint.
Clients do not need to update or modify anything in their existing codebase.
The response of the GET /interviews/{interviewId} and GET /interviews endpoints now includes a new field: refId. For interviews created via Self Schedule, the refId corresponds to the Self Schedule ID.
Impact
This enhancement is backward-compatible and does not require any changes to existing client implementations.
Introducing new public API - Self Scheduling API.
This API allows to manage interview self schedules in SmartRecruiters.
To use this API, you will need the following access scopes: self_schedules_read or self_schedules_manage.
Impact
The Self Schedule API allows to create, delete and search for interview self schedules, providing similar functionality as the UI.
Self scheduling allows candidate to pick up the time slot for the interview, and interview would be created as a result.
The Apply API now supports OAuth 2.0 as an authorization method. This update enhances the security and flexibility of integrations by allowing the use of OAuth 2.0 authorization flows for accessing these APIs.
OAuth 2.0 authorization is now available for the following endpoints:
Create a New Candidate Application POST https://api.smartrecruiters.com/postings/{uuid}/candidates Required OAuth 2.0 Scope:candidate_applications_manage
Get Application Configuration for Posting GET https://api.smartrecruiters.com/postings/{uuid}/configuration Required OAuth 2.0 Scope:candidate_applications_manage
Get Candidate Status GET https://api.smartrecruiters.com/postings/{uuid}/candidates/{candidateId}/status Required OAuth 2.0 Scope:candidate_applications_manage
The previously available authorization methods remain unchanged and supported, ensuring backward compatibility and no breaking changes.
Impact
This change introduces an additional, more secure way to authenticate requests to the Apply API. Existing authorization methods continue to function as before, ensuring no breaking changes. Adopting OAuth 2.0 is optional but recommended for improved security.
Introducing a new way to authenticate with SmartRecruiters APIs using the client_secret_basic OAuth client authentication method.
This change enables the method based on the client ID and client secret, which are sent in the Authorization header of the token exchange request.
This method can be used for the OAuth 2.0. Client Credentials and Authorization Code grants.
Impact
This change provides an additional way to authenticate with SmartRecruiters APIs using the client_secret_basic method.
This change does not affect existing authentication methods.
Introducing our new public API - Message Templates API.
This API enables you to manage message templates within SmartRecruiters, allowing you to create, update, delete, and retrieve templates.
To use this API, you will need the following access scopes: message_templates_read or message_templates_write.
Impact
The Message Templates API empowers you to handle message templates in SmartRecruiters, providing similar functionality as the UI.
We have launched a new API endpoint that allows users to retrieve detailed job criteria for each position. This feature delivers structured information, including specific criteria, related questions, and the workflow steps assigned to each job.
GET /reviews-api/v201910/jobs/{jobId}/criteria
Impact
This feature will help standardize interviews and improve hiring consistency.
We resolved an issue where the compensation field could not be updated using the PATCH /jobs/{jobId} endpoint.
The bug occurred when users attempted to nullify or delete the compensation value.
Impact
The change is backward compatible, and the fix restores the documented functionality.
We have introduced enhanced validation measures to prevent the creation of duplicate records during candidate updates.
Validation is not passed when an attempt is made to update a candidate's email address or last name to one already
associated with another candidate. In our system, the combination of email and last name must be unique, and it is not
possible to have two candidates with the same email address and last name.
Impact
This change affects the PATCH /candidates/id endpoint (operationId: candidates.update) in the Candidates API. If users try to update a candidate's e-mail
or last name to one that another candidate already owns, they will receive a 409 Conflict status code with
the code CANDIDATE_DATA_CONFLICT.
