Skip to main content

Introduction

Understanding Authentication and Authorization in Our API

Our API allows you to perform certain actions without needing a user account, specifically through what we call "anonymous flows." Currently, these flows let you create candidates and create assessments easily. To ensure that only authorized users can access these features, we use Basic Authentication combined with an API key.

What Are Anonymous Flows?

Anonymous flows are processes that let you interact with our system without logging in. This means you can create candidate profiles or set up assessments directly through the API without having a registered account.

info

Note: that API username and password go through a separate authentication and authorization system. In this context registered account are meant for Customer users or Candidates.

Why Authentication and Authorization Matter

  1. Authentication confirms your identity. It ensures that the person or system making a request is who they claim to be.
  2. Authorization determines what you're allowed to do. Once authenticated, the system checks if you have permission to perform certain actions.

By using both, we keep our system secure while providing flexibility to our users.

Using Basic Authentication and API Keys

To access the anonymous flow endpoints, you'll need to use Basic Authentication and your API key. Here's how it works:

  1. API Key This is the identifier for your specific SaaS Portal. Each portal has it’s own API-key as identifier for that portal. Each request should contain an api-key property in the header as such: api-key: <mykey>
  2. Username and Password: The user credentials which the system or person uses to access the API using Basic Auth HTTP protocol.

This combination helps us verify that requests are coming from a trusted source.

Basic Auth HTTP protocol

Basic authentication involves sending a verified username and password with your request. In the request Headers, the Authorization header passes the API a Base64 encoded string representing your username and password values, appended to the text Basic as follows: Basic <Base64 encoded username and password>

Making API Requests

Once authenticated, you can make requests to our API endpoints to create candidates or assessments. Here's a simple example for developers: Example: Creating a Candidate

POST /api/anonymous/candidate HTTP/1.1
Host: api.tmatalents.com
Authorization: Basic <Base64 encoded username and password>
api-key: <your-api-key>
Content-Type: application/json

{
    "ExternalId": "JohnDoe001",
    "Email": "j.doe@example",
    "FirstName": "John",
    ...
}

Provided example assets

Postman Collection v2.1 - including Environments

  1. Anonymous API - TMA.postman_collection.json
  2. Anonymous API - TMA - Env Variables.postman_environment.json