Access-Token

Description

The access-token endpoint is used to create and delete session tokens that can be used in subsequent calls to other endpoints using the API.

The retrieved session token can be used with an Authorization header as a BEARER token or can be included in the URL with the SessionID parameter.

Required parameters when retrieving an access token

• Username: The username of the account (e.g., "johndoe123").
• Password: The account's password
• DatabaseId: Unique identifier for the database (e.g., "SampleDB.SampleProfile").

To create a session token, you can use a POST call to the access-token endpoint with the required parameters. The session token will be present in the response body. A DELETE call can also be sent to the access-token endpoint with the SessionId parameter to remove an active session.

Security Considerations

• Always use HTTPS (required for PCRecruiter API) to encrypt communication.
• Avoid logging sensitive data such as passwords and session tokens.
• Ensure tokens are stored securely and invalidated upon logout or timeout.

Examples

------------------ REQUEST -------------------

POST /rest/api/access-token

{
  "Username": "{Username}",
  "Password": "***********",
  "DatabaseId": "{DatabaseId}"
}

------------------ RESPONSE ------------------

{
"SessionId": {SessionId here}
}

TIP

This API call is to the access-token endpoint and requests an access token which can be used to authorize subsequent API calls to other endpoints.

------------------ REQUEST -------------------

DELETE /rest/api/access-token
Authorization Header sent with Session Token

{
"method": "DELETE",
"url":"https://www2.pcrecruiter.net/rest/api/access-token",
"headers" :{
  "Content-Type": "application/json",
  "Authorization": "BEARER {SessionId}"
}
}

------------------ RESPONSE ------------------

Success: true

TIP

This API call is to the access-token endpoint and is used to remove the active session for the sessionId provided in the DELETE call.