Skip to main content

Bearer-token authentication

The Candidate Profile API uses bearer-token authentication. Every endpoint requires a valid bearer token except POST /auth/token.
Call POST /auth/token first. Then send Authorization: Bearer YOUR_TOKEN on every protected request.

Get a token

1

Send your email address

Call POST /auth/token with the email address you want to use for the request.
Request body
2

Receive a signed token

The server sends an auth-request email notification and returns a signed bearer token.
Success response
3

Use the token on protected endpoints

Add the token to the Authorization header for every endpoint except POST /auth/token.
Authorization header

Example protected request

GET /candidate

Authentication errors

If the bearer token is missing, invalid, or altered, protected endpoints return 401 Unauthorized.
401 Unauthorized

Token validation errors

POST /auth/token validates the email field before the API issues a token.

Missing email

Status: 400 Bad Request
Missing email error

Invalid email

Status: 400 Bad Request
Invalid email error

POST /auth/token reference

Review the generated schema, request body, and response examples for the token endpoint.