Skip to main content

Authentication

Every endpoint requires an API key sent as a Bearer token:
API keys are issued by your organization admin. Each key is bound to your account and the jobs you own — calls made with the key will only see and operate on those jobs. Keys begin with the qint_ prefix. Treat them like passwords: store securely, never embed in client-side code, and rotate immediately if you suspect compromise. If you need a key rotated or revoked, contact your organization admin.

Response envelope

Successful responses return JSON of the form:
Errors return:
errors is either a string or, on validation failure, an array of issue objects describing which fields were wrong.

HTTP status codes

CV handling

POST /interviews accepts a cv_link that points to the candidate’s CV. Plain HTTPS links and Google Drive sharing links are both supported.

Idempotency

POST /interviews is not idempotent. Calling it twice with the same payload creates two interviews. If you need at-most-once semantics, dedupe on your side before calling.