Access Scopes

Overview

Most of the Customer API endpoints require prior authorization by your app’s user. To get that authorization, your application will first need to make a call to the SmartRecruiters dedicated endpoint (see OAuth 2.0 page for details), passing along a list of the scopes for which access permission is sought.

How many scopes should I request?

Scopes let you specify exactly what types of data your app wants to access, and the set of scopes you pass in your call determines what access permissions the user is asked to grant.
Note: Not passing a list of scopes with the authorization call with use default scopes you have defined when registering your App.

You should only request the scope you need at the time of authorization. If in the future you require additional scope, you may forward the user to the authorization URL with that additional scope to be granted. If you attempt to perform a request with an access token that is not authorized for that scope, you will receive an OAuthPermissionsException error return.

Separating multiple scopes

To request multiple scopes at once, simply separate the scopes by a space. In the url, this equates to an escaped space (“%20”). So if you are requesting candidate read and write permission, the parameter will look like this:

scope=candidates_read%20candidates_create

Note that an empty scope parameter (scope=) is invalid; you must either omit the scope, or specify a non-empty scope list.

Example confirmation page

Take a look at example Java and Node.js Apps to find out how to use the scopes and how to implement the OAuth 2.0 flow.

On execution of the authorization request call, user is redirected to a page explaining what information has been requested by an App:

Sought Confirmation Page

List of available Access Scopes

Scope Access permissions sought Prompt shown to user
candidates_read Read access to user’s candidates list, details. attachments and status history Access Candidates
candidates_create Add new candidate records on behalf of a user and assign to a General Application or to a Job by uploading a resume or by passing a JSON object. Add attachments. Create Candidates
candidates_offers_read Read access to candidates’ offers and get offer terms. Access Offer Terms
candidates_manage Write access to candidate’s status. Manage Candidate Status
candidate_status_read Read access to candidate’s status history Access Candidate’s status
configuration_read Read access to all company configuration settings for departments, hiring processes, job properties and offer properties. (NOTE: Requires an Admin user role) Access Company Settings
configuration_manage Write / delete access to all company configuration settings for departments and job properties. (NOTE: Requires an Admin user role) Manage Company Settings
jobs_read Read access to user’s jobs list and details. Access Jobs
jobs_manage Write access to user’s jobs, its hiring team and notes. Manage jobs
jobs_publications_manage Write / delete access to user’s jobs publications. Publish Jobs
users_read Read access to users in a company. (NOTE: Requires an Admin user role) Access Users
users_manage Write / delete access to users in a company. (NOTE: Requires an Admin user role) Manage Users
messages_write Create messages to other users Message Users
company_read Get company information Access Company Information