Authentication
All API requests must include your API key in the x-api-key header.
curl -H "x-api-key: YOUR_API_KEY" https://www.jobzyn.com/api/integrations/jobGetting Your API Key
API keys are managed from the Jobzyn backoffice:
- Log in to the backoffice as a Company Admin
- Go to Settings > API Keys
- Click Generate New Key
- Copy the key immediately — it will only be shown once
Key Format
API keys follow the format:
jz_Ab3dEfG4hIjKl5mNoPqRsT6uVwXyZ8a- Prefix:
jz_ - Followed by 32 random characters
Scopes
Each API key has scopes that control what it can do:
| Scope | Allows |
|---|---|
read | Retrieve candidates (GET /job/{id}/candidates) |
write | Create, update, and unpublish jobs (POST, PUT, DELETE) |
By default, new keys are created with both read and write scopes. You can request a read-only key if you only need to pull candidates.
If a key lacks the required scope, the API returns 403 with an “Insufficient permissions” message.
Security
- Keys are stored as SHA-256 hashes — Jobzyn never stores your key in plaintext
- Each key is bound to a specific company — you can only manage jobs belonging to your company
- Keys do not expire, but can be revoked at any time from the backoffice
- If a key is compromised, revoke it and generate a new one
Error Responses
| Status | Meaning |
|---|---|
403 | Missing API key, invalid key, or insufficient scopes |
Last updated on