How to authenticate API requests using Bearer tokens.
TalentScreen API uses Bearer token authentication. All API requests must include a valid API token in the Authorization header.
Generate API tokens from your dashboard under Settings > API Access. Each token has specific permissions and can be revoked at any time.
Store API tokens securely. Never commit tokens to version control or expose them in client-side code. Treat them like passwords.
Include your token in the Authorization header as a Bearer token with every request.
GET /api/v1/exams HTTP/1.1
Host: talentscreens.org
Authorization: Bearer sk_live_abc123xyz789...
Content-Type: application/json| Scope | Description |
|---|---|
| read:exams | View exam templates and settings |
| write:exams | Create and modify exams |
| read:candidates | View candidate profiles and data |
| write:invitations | Send exam invitations |
| read:results | Access exam results and reports |
| write:webhooks | Configure webhook endpoints |
| admin:all | Full administrative access |
Invalid or missing tokens return 401 Unauthorized. Insufficient permissions return 403 Forbidden. Check the error response for details.
{
"error": {
"code": "invalid_token",
"message": "The API token provided is invalid or expired",
"status": 401
}
}Was this article helpful?