To perform most API requests, an access token must be transferred. Authorization is done via the OAuth 2.0 protocol.
Registered application can ask hh.ru users for permission to access their personal data without getting and storing their user name and password.
The API supports the following authorisation levels:
Attention! For authorization, you need to use the hh.ru domain, the m.hh.ru domain is no longer available.
- Getting an application token
- Getting a user token
The application must use the access_token
for authorisation
by transferring it in the header in the following format:
Authorization: Bearer ACCESS_TOKEN
Description of authorization errors.
It is convenient to use the /me
method to test the token:
- Detailed documentation on the protocol: RFC 6749
- Framework ScribeJava