How to receive job applications from us via HTTP POST
We are able to send job applications directly to your server by HTTP POST.
All you need to do is implement an endpoint on your web or API server that can take an HTTP POST using multipart/form-data encoding with the following parameters:
| Param | Description |
|---|---|
| job_id | Reference of the job the candidate is applying for We use the reference that is supplied to us in the XML feed |
| firstname | Firstname of the candidate |
| lastname | Lastname of the candidate |
| Email of the candidate | |
| phone_number | Phone number of the candidate This might be empty |
| cv | File containing the candidate's CV/resume |
| cover_letter | Text accompanying the CV/resume This might be empty |
| uuid | Unique identifier of job application |
| candidate_ip | IP address of candidate This is useful if you need to geolocate the candidate |
| candidate_user_agent | User agent of candidate This is useful for analytics or debugging purposes |
| source_signature | Signature that allows to verify if the job application has really been pushed by us |
On your side you will need to read the parameter values, process them, and return a status message with an associated HTTP code. The status message should be returned as JSON.
Example:
{ "status": "application appected"}Depending on the result one of the following status codes with associated status message should be returned:
| Status Code | Message | Description |
|---|---|---|
| 200 | application accepted | This is to return if the application has been processed without problems |
| 403 | invalid source | This is to return if you have checked the source_signature field and you are sure the job application has not been send by us |
| 409 | application period closed | This is to return if the recruiter or company has decided to no longer accept applications |
| 410 | job not found | This is to return if the job has been deleted or taken off-line |
| 451 | region not accepted | This is to return if the candidate is located in a region or country that doesn't fulfill the location requirements of the company or recruiter |
| 418 | unexpected error | This is to use if you have encountered an unexpected error |
Securing your endpoint
Even though not strictly necessary, we strongly recommend that you make use of source_signature to protect your server from requests that have not been sent by us.
The way to use is to compare this signature with the MD5 of the uuid concatentated by the API secret that has been communicated to you, so essentially MD5(uuid + api_secret).
If the MD5 fails to match source_signature, or if source_signature is not present at all, please return a 403 with the status message "invalid source".
Testing your endpoint
The best way to test your endpoint is to use curl. Here is an example:
curl -X POST -H "Content-Type: multipart/form-data" \
-F "uuid=12345678-aaaa-bbbb-cccc-123456789abc" \
-F "job_id=20240107-123456-7890" \
-F "candidate_ip=9.9.9.9" \
-F "candidate_user_agent=Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0" \
-F "firstname=Joe" \
-F "lastname=Smith" \
-F "email=joe.smith@example.com" \
-F "phone_number=(212) 555-1234" \
-F "cv=@test_cv.pdf" \
-F "cover_letter=Please find attached my CV." \
http://example.com/apply/careerjet
Please note that test_cv.pdf needs to be a file in your current directory.
Also please note that if you want to test the source signature, you will need to include the line:
-F "source_signature=XXXXXX" \
where XXXXXX should be replaced by the MD5 of UUID (in this case 12345678-aaaa-bbbb-cccc-123456789abc) concatenated by the API secret that has been supplied to you.