Authentication
The Prepzo API uses Bearer token authentication. Every request must include your API key in the Authorization header.
Getting Your API Key
- Log into your Prepzo account
- Go to Settings → API Keys
- Click Generate New Key
- Select the scopes you need
- Copy the key immediately (it won't be shown again)
You can also manage keys programmatically via the /api/v1/api-keys endpoint.
Making Requests
curl -H "Authorization: Bearer pk_live_YOUR_API_KEY" \
https://prepzo.ai/api/v1/candidatesAPI Key Format
All Prepzo API keys start with pk_live_ followed by a base64url-encoded random string:
pk_live_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6Scopes
API keys support granular scopes to limit access:
| Scope | Description |
|---|---|
candidates:read | Read candidate data |
candidates:write | Create, update, delete candidates |
jobs:read | Read job listings |
jobs:write | Create, update, delete jobs |
applications:read | Read applications |
applications:write | Create, update, manage applications |
interviews:read | Read interview data |
interviews:write | Schedule, update, cancel interviews |
analytics:read | Read analytics and reports |
webhooks:read | Read webhook endpoints |
webhooks:write | Manage webhook endpoints |
offers:read / offers:write | Manage offers |
bulk:write | Perform bulk operations |
read | Read all data (legacy broad scope) |
write | Write all data (legacy broad scope) |
* | Full access (all scopes) |
Error Responses
401 Unauthorized: Missing or invalid API key
{
"success": false,
"data": null,
"errors": [{ "code": "unauthorized", "message": "Invalid or missing API key" }]
}403 Forbidden: API key lacks the required scope
{
"success": false,
"data": null,
"errors": [{ "code": "forbidden", "message": "Insufficient permissions" }]
}Security Best Practices
- Never expose API keys in client-side code or public repositories
- Use the minimum scopes needed for your integration
- Set expiration dates on keys when possible
- Rotate keys regularly
- Revoke compromised keys immediately via the API or dashboard