Skip to main content

Bearer-token authentication

The Candidate Profile API uses bearer-token authentication. Every endpoint requires a valid bearer token except POST /auth/token.
Call POST /auth/token first. Then send Authorization: Bearer YOUR_TOKEN on every protected request.

Get a token

1

Send your email address

Call POST /auth/token with the email address you want to use for the request.
Request body
{
  "email": "recruiter@example.com"
}
2

Receive a signed token

The server sends an auth-request email notification and returns a signed bearer token.
Success response
{
  "access_token": "YOUR_TOKEN",
  "token_type": "Bearer"
}
3

Use the token on protected endpoints

Add the token to the Authorization header for every endpoint except POST /auth/token.
Authorization header
Authorization: Bearer YOUR_TOKEN

Example protected request

GET /candidate
curl https://api.jonahanderson.me/candidate \
  -H "Authorization: Bearer YOUR_TOKEN"

Authentication errors

If the bearer token is missing, invalid, or altered, protected endpoints return 401 Unauthorized.
401 Unauthorized
{
  "error": {
    "code": "UNAUTHORIZED",
    "message": "A valid bearer token is required"
  }
}

Token validation errors

POST /auth/token validates the email field before the API issues a token.

Missing email

Status: 400 Bad Request
Missing email error
{
  "error": {
    "code": "BAD_REQUEST",
    "message": "email is required"
  }
}

Invalid email

Status: 400 Bad Request
Invalid email error
{
  "error": {
    "code": "BAD_REQUEST",
    "message": "email must be a valid email address"
  }
}

POST /auth/token reference

Review the generated schema, request body, and response examples for the token endpoint.