PCRecruiter API
Search... K

Appearance

Access-Token

Description

The access-token endpoint is used to create and delete session tokens. The retrieved session token will then be used with an Authorization header as a BEARER token on all subsequent calls.

Required parameters when retrieving an access token

  • Username: The username of the account (e.g., "johndoe123").
  • Password: The account's password
  • DatabaseId: Unique identifier for the database (e.g., "SampleDB.SampleProfile").
  • ApiKey: Can be retrieved after signing up to use the PCRecruiter API.
  • AppId: Can be retrieved after signing up to use the PCRecruiter API.

To create a session token, you can use a POST call to the access-token endpoint with the required parameters. The session token will be present in the response body.

NOTE

The PCRecruiter API requires an App Id and API Key to create an access-token and session with the PCRecruiter API. You can sign up and find more information at these links API Interest Form and Developer API Page

Session Reuse

Once a session token has been created, it should be reused for all subsequent API calls within that session. Do not request a new session token for every API call. Creating a new session for each request is unnecessary, adds latency, and consumes additional resources. Instead, store the SessionId token and contunie to include it in the Authorization header of each request until that session is no longer needed or has expired.

Session Timeout

A session token will expire automatically after a period of inactivity. The length of this inactivity period is determined by the Global Timeout setting configured in the database. Each successful API call resets the inactivity timer. Once a session has expired, a new session token must be created by calling the access-token endpoint again.

Security Considerations

  • Always use HTTPS (required for PCRecruiter API) to encrypt communication.
  • Avoid logging sensitive data such as passwords and session tokens - use an enviroment variable or other secure storage.
  • Ensure tokens are stored securely and invalidated upon logout or timeout.
  • When a session is no longer needed, send a DELETE call to the access-token endpoint to explicitly end it rather than waiting for the timeout.

Examples

------------------ REQUEST -------------------

json
POST /rest/api/access-token

{
  "Username": "{Username}",
  "Password": "***********",
  "DatabaseId": "{DatabaseId}",
  "ApiKey":"{API Key}",
  "AppId":"{App ID}"
}
------------------ RESPONSE ------------------
json
{
"SessionId": {SessionId here}
}

TIP

This API call is to the access-token endpoint and requests an access token which can be used to authorize subsequent API calls to other endpoints.

------------------ REQUEST -------------------
request
DELETE /rest/api/access-token
Authorization Header sent with Session Token
json
{
"method": "DELETE",
"url":"https://www2.pcrecruiter.net/rest/api/access-token",
"headers" :{
  "Content-Type": "application/json",
  "Authorization": "BEARER {SessionId}"
}
}
------------------ RESPONSE ------------------
json
Success: true

TIP

This API call is to the access-token endpoint and is used to remove the active session for the sessionId provided in the DELETE call.