API Authentication Update
URL-based authentication makes it easier for bad actors to intercept API keys and secrets and use those to make unauthorized requests. By supporting only the header-based authentication and SSL, the Jobvite team can better ensure credentials are secure.
Currently, there are three methods to input Jobvite API credentials:
- URL (no longer supported as of April 1, 2024)
- Header with Encryption
- Header without Encryption (send plain text value of API key and API secret)
After April 1, 2024, Jobvite will only support Header-based authentication. An example of a Header without Encryption is below. Content-Type : application/json x-jvi-api : <Your API Key> x-jvi-sc : <Your Secret Key>
All customers currently using the URL method to provide their Jobvite API credentials must alter their API calls to move this information into the Header of the API call instead of the URL.
In order to identify which API keys are associated with API calls still using URL authentication, customers can reach out to our support team. We will provide the list of API key for review. These API keys can fall into a few groups.
- If the key is a partner key for a Jobvite Partner Integration, the partner is
responsible for API authentication changes, and customers do not need to take action.
- If the key is associated with an integration built by the Jobvite Integration Services team on behalf of a customer, our services team will be responsible for API authentication changes. Customers do not need to take action. This includes most HRIS integrations.
- If the API key is built by a customer or a 3rd party on behalf of a customer, it is up to them to ensure that the URL-based Authentication is updated to Header-based authentication. You can provide them the attached API document for reference.
|
Purpose
This document (attached) aims to provide customers and/or ATS (Application Tracking System) integration partners the information required to integrate with both Jobvite’s Hire and Engage products.
The document is categorized by each API type.
Intended Audience
This document is primarily intended for technical integration teams.