Ceevee
CeeveeDocs
⌘K
DashboardAPI keysSign up

Get started

  • Introduction
  • Authentication
  • Errors
  • Pagination
  • Versioning

Core resources

  • Jobs
  • Scans (CVs)
  • Candidates
  • Pipeline & stages
  • Assessments
  • Applications

Webhooks

  • Overview
  • Events
  • Signatures

Reference

  • Rate limits
  • Idempotency
  • OpenAPI spec
  • Changelog

API Reference

Introduction

Learn how to integrate with the Ceevee API to manage job offers, upload CVs, run AI assessments, move candidates through your hiring pipeline, and react to events in real time.

Welcome to the Ceevee API. This API lets you programmatically run your recruitment workflows from any system you already use — your ATS, HRIS, career site, internal tooling, or a Zapier-style automation.

Overview

The Ceevee API is built on REST principles:

  • Predictable URLs — resource-oriented endpoints that are easy to understand.
  • JSON responses — every response is JSON with a stable schema versioned per release date.
  • Standard HTTP — uses conventional methods (GET, POST, PATCH, DELETE) and status codes.
  • Secure — all requests must be made over HTTPS with a valid API key or OAuth token.
  • Multi-tenant — every token is scoped to one organization; you can never read another tenant's data.

Base URL

All API requests should be made to:

https://api.ceevee.cc/v1

For testing, use the sandbox base URL with _test_ keys:

https://api.sandbox.ceevee.cc/v1

Authentication

Ceevee supports three kinds of credentials:

  • Publishable keys (ceevee_pk_live_…) — safe to embed in browser-side JavaScript and mobile apps. Origin-pinned and read-only on public job-portal data.
  • Secret keys (ceevee_sk_live_…) — full read + write access within the scopes you grant. Server-side only, shown to you exactly once at creation.
  • OAuth access tokens — issued to registered third-party apps after a Ceevee user authorizes them for one of their organizations.

Pass any of these in the Authorization header:

Authorization: Bearer ceevee_sk_live_...

Never send keys in URLs

Tokens passed as query parameters are captured by CDN logs, browser history, and proxies. Always use the Authorization header. The API rejects requests with auth-looking query params.

Request format

The API accepts JSON-encoded request bodies for POST and PATCH requests. Set the appropriate content type header:

Content-Type: application/json

All identifiers are prefixed strings (job_…, scan_…, cand_…, evt_…). Dates are ISO 8601 UTC.

Versioning

The major version (/v1) is in the URL. Additive, non-breaking changes are released behind a date-pinned header, Ceevee-Api-Version. Pin a version on your account to receive a stable response shape for every request.

Rate limits

The API enforces sliding-window rate limits per token, per organization, and per IP. If you exceed a limit you receive a 429 Too Many Requests response with a Retry-After header. Every response includes RateLimit-Limit, RateLimit-Remaining, and RateLimit-Reset headers so you can pace your traffic.

Errors

Every error returns a typed envelope:

{
  "error": {
    "type": "invalid_request",
    "code": "missing_field",
    "message": "Field 'title' is required.",
    "param": "title",
    "request_id": "req_..."
  }
}

Always include the request_id when contacting support — it lets us look up the exact call in our audit log.

Webhooks

Subscribe to events like scan.completed, candidate.stage_changed, and application.received to react to changes the moment they happen. Webhooks are signed with HMAC-SHA-256, retried on failure with exponential backoff, and queryable from the dashboard.

Documentation index

Use the sidebar to navigate the full reference. The OpenAPI spec is available at https://api.ceevee.cc/v1/openapi.json and powers the Ceevee SDKs and Postman collection.

Need help?

If you have questions or run into issues, reach out to duke@ceevee.cc or browse the rest of these docs for endpoint references, examples, and changelogs.