API Keys
The Taptalent Partner API uses API keys to authenticate requests. API keys are scoped to your company and provide secure access to the Partner API endpoints.
API keys follow this format:
- Production:
sk_live_ followed by 22 base62 characters
- Test/Staging:
sk_test_ followed by 22 base62 characters
Example: sk_live_AbCdEfGhIjKlMnOpQrStUv
Authentication Method
All API requests must include your API key in the Authorization header using Bearer token authentication:
Authorization: Bearer sk_live_AbCdEfGhIjKlMnOpQrStUv
Generating API Keys
API keys are generated through the TapTalent dashboard:
- Log in to your Taptalent Dashboard
- Navigate to Account Settings > Developers > API Key Management
- Click Generate API Key
- Copy the API key immediately - it will only be shown once
API keys are sensitive credentials. Store them securely and never expose them in client-side code or public repositories. Treat them like passwords.
Authorization: Bearer YOUR_API_KEY - Your API keyContent-Type: application/json - For POST/PUT requests
Example Request
curl -X GET "https://partner-api.taptalent.io/v1/partner/jobs/job-id" \
-H "Authorization: Bearer sk_live_AbCdEfGhIjKlMnOpQrStUv" \
-H "Content-Type: application/json"
API Key Management Endpoints
Get API Key Status
Retrieve the status and metadata of your API key.
GET /v1/partner/api-key
Authentication: Firebase token (dashboard only)
Response:
{
"status": "ACTIVE",
"isApiKeyExists": true,
"createdAt": 1234567890,
"companyId": "company-uuid",
"partnerWebhookUrl": "https://your-domain.com/webhook"
}
{
"message": "API key not found",
"isApiKeyExists": false
}
Create/Regenerate API Key
Generate a new API key or regenerate an existing one.
POST /v1/partner/api-key
Authentication: Firebase token (dashboard only)
Request Body: {} (empty)
Response:
{
"status": "success",
"message": "API key created successfully",
"apiKey": "sk_live_AbCdEfGhIjKlMnOpQrStUv"
}
The raw API key is only returned once during creation. Store it securely immediately. If you lose it, you’ll need to regenerate a new key.
Update API Key Status
Activate or deactivate your API key.
PUT /v1/partner/api-key
Authentication: Firebase token (dashboard only)
Request Body:
or
Response:
Security Best Practices
Store Keys Securely
- Never commit API keys to version control
- Use environment variables or secure secret management systems
- Use different keys for different environments (dev, staging, production)
Rotate Keys Regularly
- Change your API keys periodically for security
- Regenerate keys if you suspect they’ve been compromised
- Deactivate unused keys immediately
Monitor Usage
- Regularly check your API usage in the dashboard
- Set up alerts for unusual activity
- Review access logs regularly
Environment Isolation
- Use
sk_test_ keys for development and testing
- Use
sk_live_ keys only in production
- Never mix test and production keys
Error Responses
Invalid API Key
If you receive a 401 Unauthorized or 403 Forbidden error:
{
"message": "Invalid API key"
}
- API key is incorrect or missing
- API key has been revoked or deactivated
- Using wrong Bearer token format
Inactive Subscription
If your subscription is inactive:
{
"code": "ACCOUNT_INACTIVE",
"message": "Your subscription is inactive. Please renew your plan to continue using this feature."
}
API Key Not Found
When fetching API key status:
{
"message": "API key not found",
"isApiKeyExists": false
}
Troubleshooting
401 Unauthorized
- Verify your API key is correct
- Check that you’re using
Bearer token format
- Ensure the API key hasn’t been revoked
- Verify the API key is active (status: ACTIVE)
403 Forbidden
- Check your subscription status
- Verify your API key is active
- Ensure you have the necessary permissions
Key Not Working After Regeneration
- Old API keys are immediately invalidated when regenerated
- Update all applications using the old key
- Verify the new key is active
Next Steps