Authentication

Use HTTP Basic Auth to authenticate with our API. You must send your API key with every request. Put your API key as the basic auth username and leave the password blank:

curl https://api.ashbyhq.com/application.list -u API_KEY: -H "Accept: application/json; version=1" --request POST --header 'Content-Type: application/json'

If your API key is missing, the API will respond with a 401 status code. When the provided key is wrong or deactivated, the API will respond with a 403 status code. All three situations will return a human-readable response specific to the situation.

API Key Endpoint Permissions

Each API key has a set of permissions that determine which endpoints it can read or write. If your API key does not have the necessary permissions to access an endpoint, the API will respond with a 403 status code explaining the missing permission in the response body.

Table of Permissions

API permissions are organized by module. You can grant an API key read or write access to each module. The following table lists the endpoints that are covered by read and write permission for each module:

ModuleRead EndpointsWrite Endpoints
Jobs
Candidates
Interviews
Hiring Process Metadata
Organization
Offers
Api Keys

Confidential Job Access

By default, API keys cannot access confidential job information. This includes both job data itself as well as candidates and job considerations for confidential jobs. To grant an API key access to confidential job information, you must select the "Allow access to confidential jobs" permission in the Ashby web app.

Managing API Key Permissions

An Ashby Admin can manage permissions for existing API keys in the Ashby web app:

Editing API Key Permissions