Jobiflow LogoAPI Docs
ApiA P I Keys

Create an API key

Generates a new API key with the specified label and scopes. The `rawKey` in the response is the only time the full key is returned — store it securely. Requires OAuth2 Bearer token.

POST
/settings/api-keys

Generates a new API key with the specified label and scopes. The rawKey in the response is the only time the full key is returned — store it securely.

Requires OAuth2 Bearer token.

Authorization

oauth2
AuthorizationBearer <token>

OAuth2 Authorization Code flow. Used for dashboard-integrated flows and API key management endpoints.

In: header

Request Body

application/json

TypeScript Definitions

Use the request body type in TypeScript.

Response Body

application/json

application/json

application/json

application/json

curl -X POST "https://example.com/settings/api-keys" \  -H "Content-Type: application/json" \  -d '{    "label": "Production ATS Integration",    "scopes": [      "jobs:read",      "jobs:write",      "applications:read"    ]  }'
{
  "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
  "keyPrefix": "string",
  "label": "string",
  "scopes": [
    "string"
  ],
  "createdAt": "2019-08-24T14:15:22Z",
  "expiresAt": "2019-08-24T14:15:22Z",
  "revokedAt": "2019-08-24T14:15:22Z",
  "lastUsedAt": "2019-08-24T14:15:22Z",
  "active": true,
  "rawKey": "string"
}
{
  "status": 400,
  "error": "BAD_REQUEST",
  "message": "Malformed JSON body",
  "timestamp": "2026-05-17T12:00:00Z",
  "path": "/public/v1/job-listings"
}
{
  "status": 401,
  "error": "UNAUTHORIZED",
  "message": "Invalid or missing API key",
  "timestamp": "2026-05-17T12:00:00Z",
  "path": "/public/v1/job-listings"
}
{
  "status": 422,
  "error": "VALIDATION_ERROR",
  "message": "Request validation failed",
  "timestamp": "2026-05-17T12:00:00Z",
  "path": "/public/v1/job-listings",
  "details": [
    {
      "field": "position",
      "message": "must not be blank"
    }
  ]
}

List API keys GET

Returns all API keys for the authenticated company. The `rawKey` is never returned after creation — only the prefix and metadata are shown. Requires OAuth2 Bearer token.

Update an API key PATCH

Updates the label of an existing API key. Scopes are immutable after creation — revoke and create a new key to change scopes. Requires OAuth2 Bearer token.