Making API requests with API Key

The SmartRecruiters API key is a 32-characters string that can be generated by a user with Administrator access.

An application that holds the API key is assumed to be authorized and trusted. More importantly, the application will also have full access to the organization's resources in SmartRecruiters.

API Keys are easy to use, but they provide full access to the key provider's resources in SmartRecruiters. So we recommend using API Key only if you are:

  • Customer testing out SmartRecruiters APIs
  • Partner testing out SmartRecruiters APIs
  • Customer building your own hiring solution

Obtaining an API Key

In SmartRecruiters Credential Manager, click the button New Credential and choose the option API Key'.


You will need to define the Credential name and the Description of your new API key.

As best practices, we recommend you provide a name and a description that help you and your admins to understand the function and purpose of the API key.

Click the Generate button on the bottom of the page once you defined the name and the description. A value of API key will be displayed on a pop-up, this is your new API key.


Keeping your API key safe and secure

The API key value displayed on the pop-up will only be shown once. For security consideration, admins will not be able to retrieve or see it after the initial pop-up is closed.

Because an API key provide full access to the organization's resource in SmartRecruiters, we strongly recommend the generator of the credential to keep these credentials safe and secure to prevent the API key from falling into the wrong hands.

Making an API request

To make an API request to SmartAPIs, include the API key in the header of the request as X-SmartToken 'your-api-key-value' like the following example request:

curl -X POST "https://api.smartrecruiters.com/jobs" \
-H "Content-Type: application/json" \
-H "X-SmartToken: DCRA1-d0b1128084fb427ea**************" \
-d '{
    "firstname": "Susan",
    "lastname": "Santos", 
    "systemRole": {"id": "ADMINISTRATOR"}, 
    "language": {"code":"en"},
    "location": {"countryCode": "US", "city":"San Francisco"}

Revoking access

The API Key does not have an expiration date. And in a scenario where an API key is not used, lost, or suspected to be used maliciously by a third party, admins can revoke the key simply by clicking the Revoke button in Credential Manager.