API Documentation

API Authorization

EF API uses fine-grained authorization model based on logical entities and operations. This allows you to control what each API key can do by granting specific permissions related to certain entities (e.g., users, orders) and operations (e.g., READ, WRITE).

Suggest Edits

Permission Structure

Each endpoint in our API is described by the following elements:

  • Entity: The primary resource the endpoint operates on (e.g., profile, user, application).
  • Subentity (optional): A more granular resource the endpoint operates on (e.g., application under the profile entity).
  • Operation: The action the endpoint performs i.e READ orWRITE

Scope Definition

The scope required for an endpoint is a combination of the above elements and is written in one of the formats:

  • <entity>:<subentity>:<operation>
  • <entity>:<operation>

For example:

  • profile:application:READ – This scope refers to the permission required to read the application resource under the profile entity.
  • profile:READ – This scope refers to the permission required to read the profile resource.

A key can be granted one or more of these scopes to determine the level of access it has to different parts of the API.

Managing API keys and permissions

API keys can be generated from the Admin Console of your application. The Admin Console allows you to manage which permissions are assigned to each API key. Each key can be granted one or more scopes, depending on what level of access you want to provide.

  1. Generate API Key: To generate an API key, navigate to Admin Console->Integration->Eightfold APIand click Generate a new API key button

  2. Configure Permissions: Each API key can be configured with an Authorization matrix similar to below. Each row corresponds to an entity, with expandable child rows for subentities. The columns, Read and Write, define the operations allowed for each entity or subentity. Checkboxes in the table let you enable or disable these permissions, ensuring precise control over access.


Endpoints Reference and Authorization Scopes

Below is a list of API scopes and their associated permissions:

Endpoint SummaryPathRequired Scope
ATS Position Get/ats-systems//ats-positions/ats_position:READ
ATS Position Update/ats-systems//ats-positions/ats_position:WRITE
ATS Position Patch/ats-systems//ats-positions/ats_position:WRITE
ATS Position List/ats-systems//ats-positionsats_position:READ
ATS Position Create/ats-systems//ats-positionsats_position:WRITE
Position Get/positions/position:READ
Position Update/positions/position:WRITE
Position Patch/positions/position:WRITE
Position List/positionsposition:READ
Position Create/positionsposition:WRITE
Position Matched Candidates/positions//matched-candidatesprofile:READ
Profile Get/profiles/profile:READ
Profile Update/profiles/profile:WRITE
Profile Delete/profiles/profile:WRITE
Profile List/profilesprofile:READ
Profile Matched Positions/profiles//matched-positionsposition:READ
Career Hub Suggest Skills Get/careerhub/suggest-skills/profile:skills:READ
Career Hub Career Planner Roles Get/career-planner//roles/profile:role:READ
Career Hub Career Planner Roles Patch/career-planner//roles/profile:role:WRITE
Career Hub Skill Gap Analysis Get/career-planner//skills/skill-gap-analysisprofile:role:READ
Career Hub Recommended Courses Get/career-planner//courses/recommended-coursesprofile:course:READ
Profile Feedback Get/profile-feedbacks/profile:feedback:READ
Profile Feedback Batch Fetch/profile-feedbacks/batch-fetchprofile:feedback:READ
Profile Application Get/profile-applications/profile:application:READ
Profile Application Batch Fetch/profile-applications/batch-fetchprofile:application:READ
Profile Application List/profile-applicationsprofile:application:READ
Profile Application Create/profile-applicationsprofile:application:WRITE
Profile Application Patch/profile-applications/profile:application:WRITE
Position Matched Candidates Batch Fetch/positions//matched-candidates/batch-fetchprofile:READ
Profile Batch Fetch/profiles/batch-fetchprofile:READ
Position Batch Fetch/positions/batch-fetchposition:READ
Batch Position Update/positions/batch-updateposition:WRITE
Position Delete/positions/position:WRITE
ATS Position Delete/ats-systems//ats-positions/ats_position:WRITE
User Profile Fetch/users//profileuser:READ
Career Hub Get/careerhub//profileprofile:READ
Career Hub Role Patch/career-planner//roleprofile:role:WRITE
Career Hub Skill Patch/career-planner//skillsprofile:role:WRITE
Batch Profile Feedback/profile-feedbacks/batch-fetchprofile:feedback:READ
Position Summary/positions//summaryposition:READ
Position Skills/positions//skillsprofile:READ
User Profile Update/users//profileuser:WRITE
Transaction Get/transactions/transaction:READ
Transaction List/transactionstransaction:READ
Batch Transaction Fetch/transactions/batch-fetchtransaction:READ
Job Profile Fetch/jobs//profilesprofile:READ
Job Position Get/positions//jobposition:READ
Position Job Fetch/positions//jobjob:READ
Candidate Profile Get/candidates//profileprofile:READ
Candidate Profile Update/candidates//profileprofile:WRITE
Candidate Profile List/candidatesprofile:READ
Candidate Profile Delete/candidates//profileprofile:WRITE
Role Fetch/roles/role:READ
Role List/rolesrole:READ
Batch Role Fetch/roles/batch-fetchrole:READ
Role Assign/roles//assignrole:WRITE
Role Revoke/roles//revokerole:WRITE
Candidate Apply/candidates//applyapplication:WRITE
Candidate Status/candidates//statusapplication:READ
Batch Candidate Apply/candidates/batch-applyapplication:WRITE
Profile Skill Update/profiles//skillsprofile:skill:WRITE
Candidate Skill Update/candidates//skillsprofile:skill:WRITE

Note: Ensure that API keys are kept secure and are not exposed in client-side code or logs. Misuse of an API key can result in unauthorized access to sensitive data.

Updated 9 days ago