Resumez

OAuth

Draft

Resumez uses OAuth 2.0 authorization code flow with PKCE. Tokens are scoped so users grant exactly the access your app needs.

The /oauth/authorize and /oauth/token endpoints belong to the authorization server. They are not part of the versioned /v1 API and so don't appear in the API Reference or Roadmap.

Authorization code flow

  1. Redirect the user to the authorize endpoint with your requested scopes and a PKCE challenge.
  2. The user reviews and grants consent for those scopes.
  3. Resumez redirects back to your redirect_uri with a short-lived authorization code.
  4. Exchange the code (plus PKCE verifier) for an access and refresh token.
Authorization request
https://api.resumez.ai/oauth/authorize
  ?response_type=code
  &client_id=$CLIENT_ID
  &redirect_uri=$REDIRECT_URI
  &scope=profile:read%20ai:generate%20artifacts:write
  &code_challenge=$PKCE_CHALLENGE
  &code_challenge_method=S256
  &state=$STATE

Token types

  • User tokens (oauth_user) act on behalf of a signed-in user and can read and write their profile and artifacts.
  • Client tokens (oauth_client) act as your app itself — used for things like webhook management.

Scopes

Request the narrowest set of scopes your integration needs. Current scopes:

ai:generateapplications:readapplications:writeartifacts:exportartifacts:readartifacts:writecatalog:readcatalog:writejobs:analyzeoperations:readprofile:importprofile:readprofile:writewebhooks:manage