Anatomy of a call

Let's see how a Talenteca API call is componsed for getting the list of job ads of a Talenteca recruiter.

Once you got your security credentials from Talenteca, the steps to perform are:

  1. Obtain a challenge code

  2. Request permission to the recruiter

  3. Get a valid access token

  4. Call the job ads endpoint using the valid access token

1. Obtain a challenge code

Once you have your app ID and secret you can request a new challenge code, for this, please send a post message to: http://www.talenteca.com/api/v1/oauth/recruiter/challenge-code

with the body similar to:

{
  "app_id" : "MY_APP_ID",
  "app_secret" : "MY_APP_SECRET"
}

Please find a reference in the code at RecruiterApp::getChallengeCode() on how to do it.

This is only necessary once per new recruiter you want to connect and authorize

2. Request permission to the recruiter

Using the new challenge code you can request authorization to the recruiter for using your app, for this, redirect the recruiter to:

http://www.talenteca.com/auth/recruiter-app?recruiter_app_id=MY_APP_ID&challenge_code=NEW_CHALLENGE_CODE&redirect=$MY_CALLBACK_PAGE

For recruiter_app_id use your assigned app ID.

For challenge_code use the challenge code obtained in the previous step.

For redirect, use the page that will receive the result of the authorization (only registered domains are valid)

3. Get a valid access token

Once the recruiter authorize your application you can get the access token sending a post message to:

https://www.talenteca.com/api/v1/oauth/recruiter/access-token

with the body similar to:

{
  "app_id" : "MY_APP_ID",
  "app_secret" : "MY_APP_SECRET",
  "challenge_code" : "CHALLENGE_CODE"
}

Once you get the access token, please store it encrypted and safely associated to your recruiter user.

This is only necessary one per recruiter you want to connect using your app

IMPORTANT: If you compromise or leak one or more access tokens or receive an attack, please inform Talenteca immediatly to support@talenteca.com for regenerating new tokens, the access tokens are very sensible and should be stored and kept safe.

4. Call the job ads endpoint using the valid access token

With the access token you can make calls to Talenteca in behalf of your recruiter users, simple include the access token per recruiter as the header Bearer in each request.