Skip to main content

Most important facts about OAuth in SmartRecruiters



  • If the user, who granted me access to data, has credentials or permissions that change will that affect our authorization?

    Changing the user's credentials won't affect your authorization (you rely on the Authorization Code Grant). Changing the user's permissions (user roles) won't change your authorization as well - it'll have an impact on what data you're able to access though.

  • If the user who granted me access to data is deleted will that affect our authorization?

    Yes. It'll break the authorization grant. It's recommended then for the customer to create a dedicated "integration" user.

  • Is it possible to register a different redirect uri for different environment?

    Yes, up to 3 redirect_uris are allowed (e.g. for development, staging, and production environments).

  • Is it possible to update an already registered application’s name and/or redirect uri?

    Yes by sending a request to Partner Operations Consultant you have started working with. Note that your client_id and client_secret will remain the same.

  • What is the expiration time for access token?

    30 minutes.

  • What is the expiration time for refresh token?

    28 days. Note that the refresh_token is one-time use only.

  • What redirect uri's I can register?

    Your redirect_uri should be either on the https:// protocol or http://localhost for development environments.

  • Will the client id and client secret change for every client? If we need to integrate a new Company to SmartRecruiters will these credentials change?

    No. These values have been generated upon registering your redirect_uri on our authorization server and they correspond to your redirect_uri. These are your credentials (not customer’s/user’s) that you use to authenticate on our server (as an OAuth client/application) for all customers. 

    Pro tip: you can use the state parameter in your requests to distinguish customers/users.