API Key
Making API requests with API Key
An application that holds the API key is assumed to be authorized and trusted. More importantly, the application will also have full access to the organization's resources in SmartRecruiters.
This guide provides information on:
- The steps required to make an API requests using API Key
- Tips to use and manage your API Keys
1. Obtaining an API Key
In SmartRecruiters Credential Manager, click the button 'New Credential' and choose the option 'API Key'.

You will need to define the Credential name
and the Description
your new API key.
As best practices, we recommend you to provide a name and a description that help you and your admins to understand the function and purpose of the API key.
Click the 'Generate' button on the bottom of the page once you defined the name and the description. A value of API key
will be displayed on a pop-up, this is your new API key.
Keeping your API key safe and secure
The
API key
value displayed on the pop-up will only be shown once. For security consideration, admins will not be able to retrieve or see the after the initial pop-up is closed.Because an API key provide full access to the organization's resource in SmartRecruiters, we strongly recommend the generator of the credential to keep these Client Credentials safe and secure to prevent the API key from falling into the wrong hands.
2. Making an API request
To make an API request to SmartAPIs, include the API key in the header of the request as X-SmartToken 'your-api-key-value'
like the following example request:
curl -X POST "https://api.smartrecruiters.com/jobs" \
-H "Content-Type: application/json" \
-H "X-SmartToken: DCRA1-d0b1128084fb427ea**************" \
-d '{
"firstname": "Susan",
"lastname": "Santos",
"systemRole": {"id": "ADMINISTRATOR"},
"language": {"code":"en"},
"location": {"countryCode": "US", "city":"San Francisco"}
}'
3. Revoking access
The API Key does not have an expiration date. And in scenario where an API key is not used, lost or suspected to be used maliciously by a third party, admins can revoke the key simply by clicking the 'Revoke' button in Credential Manager.

Updated almost 2 years ago