authorization.md

Authorization

To perform most API requests, an access token must be transferred. Authorization is done via the OAuth 2.0 protocol.

Registered application can ask hh.ru users for permission to access their personal data without getting and storing their user name and password.

The API supports the following authorisation levels:

• application authorization
• user authorization

Attention! For authorization, you need to use the hh.ru domain, the m.hh.ru domain is no longer available.

• Getting an access token
• Using an access token
• Checking an access token
• Useful links

Getting an access token

• Getting an application token
• Getting a user token

Using an access token

The application must use the access_token for authorisation by transferring it in the header in the following format:

Authorization: Bearer ACCESS_TOKEN

Description of authorization errors.

Checking an access token

It is convenient to use the /me method to test the token:

• for the authorised application
• for the authorised employer manager
• for the authorised applicant

Useful links

• Detailed documentation on the protocol: RFC 6749
• Framework ScribeJava