HiringCenter

HiringCenter API Overview

HiringCenter REST API (v2)

The HiringCenter REST API (v2) is for managing prospects, notes, tasks, meetings, account metadata, and webhook integrations.

Base URL

https://api.hiringcenterpro.com/v2

Authentication

Create an API Key in your HiringCenter account by navigating to Settings -> API / Webhooks -> Add API Key.

Create an API Key (Video)

Send your API key as a Bearer token in the Authorization header:

  • Authorization header 
    Code
     
    Authorization: Bearer <YOUR_API_KEY>

All documented endpoints require authentication unless an operation explicitly overrides security.

API keys are hashed and stored securely. Each key is associated with an account and includes account-scoped permissions.

Example Requests

  • List prospects

    TerminalCode
     
    curl -X GET \
  'https://api.hiringcenterpro.com/v2/prospects?limit=1' \
  -H 'Authorization: Bearer <YOUR_API_KEY>' \
  -H 'Accept: application/json'

  • Create a prospect

    TerminalCode
     
    curl -X POST \
  'https://api.hiringcenterpro.com/v2/prospects' \
  -H 'Authorization: Bearer <YOUR_API_KEY>' \
  -H 'Content-Type: application/json' \
  -d '{
    "firstName": "Jane",
    "lastName": "Doe"
  }'

Rate Limiting

Requests are rate limited by API Key.

Dual-window limits are enforced:

  • 500 requests per minute (burst window)
  • 10000 requests per hour (sustained window)

Rate Limit Headers

Use these response headers to monitor usage:

  • RateLimit-Limit
  • RateLimit-Remaining
  • RateLimit-Reset

Rate Limit Exceeded Response

When limited, the API returns 429 Too Many Requests and includes Retry-After plus rate-limit headers for the exceeded window.

Example response body:

JSONCode
 
{
  "error": "Too many requests",
  "message": "Minute limit exceeded. Please try again later.",
  "retryAfter": 30
}

Request and Response Conventions

  • Request and response bodies use application/json unless noted
  • Timestamps are Unix time in milliseconds unless otherwise specified
    (Webhook poll payloads can include ISO 8601 timestamp strings in addition to Unix-millisecond fields.)
  • Standard error responses follow the Error schema

Idempotency

For POST and DELETE requests, send:

X-Idempotency-Key: <UNIQUE_CLIENT_REQUEST_KEY>

  • If the same request is retried with the same key and identical payload/query, the API replays the original response instead of executing the mutation again.
  • If the same key is reused with a different payload/query, the API returns 409 Conflict.
  • While the original request is still processing, duplicate requests with the same key return 409 Conflict.

Replay indicators

  • Idempotency-Status: processing|replayed
  • Idempotency-Replayed: true (present on replayed responses)
Last modified on
Reporting