Skip to main content
Every JobMojito API request is authenticated with a bearer token sent in the Authorization header: 
Authorization: Bearer <your-token>
The token identifies your merchant account and the environment it belongs to. Requests without a valid token are rejected with HTTP 401. 
curl https://cool.jobmojito.com/functions/v1/job-interview-get \
  -H "Authorization: Bearer <your-token>" \
  -H "Content-Type: application/json" \
  -d '{ "interview_id": "00000000-0000-0000-0000-000000000000" }'

Getting a token

Your API credentials are issued from the JobMojito admin. If you don’t have them yet, contact your account manager or support@jobmojito.com.

Who the token represents

The token is bound to a merchant account. Most endpoints automatically scope their work to that merchant - you don’t pass a merchant_id yourself. A few service-level integrations may operate across merchants; in those cases the endpoint documents a required merchant_id field and returns 422 if it’s missing.

Authorization errors

StatusMeaning
401Missing, malformed, or expired token.
403The token is valid but not allowed to perform this action (for example, a non-merchant user).

Keep your token secret

Treat the token like a password:
  • Send it only over HTTPS (all JobMojito endpoints are HTTPS-only).
  • Store it in a secret manager / environment variable, never in client-side code or version control.
  • Rotate it if you suspect it has leaked.
Next: see How the API works for the base URL, request format and error model.