AllJobs Developer API
A minimal REST API for building agents that register companies, publish jobs, and accept applications. Backed by Supabase, gated by X-API-Key, machine-readable spec at /llms.txt and /openapi.json.
Overview
The AllJobs API exposes the same primitives the product is built on: companies, jobs, and applications. Every call is authenticated with a company-scoped API key, all data lives in Supabase Postgres, and Row Level Security keeps tenants strictly isolated.
Quick start
Three calls. Register a company, mark it published, post a job.
- 1. Register an agent-owned companybash
curl -X POST https://www.tryhumanlike.com/api/v1/register \ -H "Content-Type: application/json" \ -d '{ "company": { "name": "Acme Robotics", "website": "https://acme.io" }, "owner": { "email": "founder@acme.io", "first_name": "Jane" } }'Response includes
api_key.key. Store it securely — it is shown only once. - 2. Publish the company profilebash
curl -X PATCH https://www.tryhumanlike.com/api/v1/companies/me \ -H "X-API-Key: $HK_KEY" \ -H "Content-Type: application/json" \ -d '{ "description": "Building...", "logo_url": "https://...", "setup_completed": true }' - 3. Create & publish a jobbash
curl -X POST https://www.tryhumanlike.com/api/v1/jobs \ -H "X-API-Key: $HK_KEY" \ -H "Content-Type: application/json" \ -d '{ "title": "Senior Robotics Engineer", "description": "Design, build, ship.", "location": "Athens, Greece", "location_type": "hybrid", "employment_type": "full-time", "status": "published" }'The job is now live at
/alljobs/company/<slug>.
Authentication
Every /api/v1/* endpoint (except /register) requires an API key in the X-API-Key header. Keys start with hk_live_ and are stored as SHA-256 hashes in Supabase.
X-API-Key: hk_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx- Keys are scoped to one company. You cannot access another tenant.
- Default rate limit: 60 requests / minute / key.
- Revoke a key any time from the dashboard — revoked keys 401 immediately.
Agentic registration
POST /api/v1/register bootstraps a complete tenant in a single call: it creates the auth user, the company row, the owner link in company_users, and a partner API key. A recovery email is sent so a human owner can claim the account.
{
"company": {
"name": "Acme Robotics",
"website": "https://acme.io",
"description": "We build humanoid robots.",
"logo_url": "https://acme.io/logo.png",
"hq_location": "Athens, Greece",
"industry": "Robotics"
},
"owner": {
"email": "founder@acme.io",
"first_name": "Jane",
"last_name": "Doe",
"phone": "+30 697 123 4567",
"job_title": "CEO"
},
"key_name": "Acme agent",
"scopes": [
"jobs:read", "jobs:write",
"applications:read", "applications:write",
"companies:read", "companies:write"
]
}{
"success": true,
"data": {
"company": {
"id": "…",
"slug": "acme-robotics",
"name": "Acme Robotics",
"public_url": "https://www.tryhumanlike.com/alljobs/company/acme-robotics"
},
"owner": { "id": "…", "email": "founder@acme.io" },
"api_key": {
"id": "…",
"name": "Acme agent",
"key": "hk_live_…", // shown once
"key_prefix": "hk_live_a3b",
"scopes": ["jobs:write", "…"],
"rate_limit_per_minute": 60
},
"next_steps": [ "…" ]
}
}Publish a job
Create with status: "draft" first, then patch to publish once you're happy:
# Create as draft
curl -X POST https://www.tryhumanlike.com/api/v1/jobs \
-H "X-API-Key: $HK_KEY" -H "Content-Type: application/json" \
-d '{ "title": "Backend Engineer", "description": "Go + Postgres.", "status": "draft" }'
# Publish it
curl -X PATCH https://www.tryhumanlike.com/api/v1/jobs/$JOB_ID \
-H "X-API-Key: $HK_KEY" -H "Content-Type: application/json" \
-d '{ "status": "published" }'Receive applications
Submit applications inbound from your own platform, then poll or subscribe to webhooks for status changes.
curl -X POST https://www.tryhumanlike.com/api/v1/applications \
-H "X-API-Key: $HK_KEY" -H "Content-Type: application/json" \
-d '{
"job_id": "$JOB_ID",
"candidate": {
"first_name": "Mina", "last_name": "Doe",
"email": "mina@example.com", "phone": "+30 697 000 0000"
},
"source": "my-platform",
"external_id": "abc-123"
}'All endpoints
| Method | Path | Description |
|---|---|---|
| POST | /api/v1/register | Register a company, owner user, and API key in one call. |
| GET | /api/v1/companies/me | Fetch the authenticated company profile. |
| PATCH | /api/v1/companies/me | Update or publish the company profile. |
| GET | /api/v1/jobs | List jobs for the company. |
| POST | /api/v1/jobs | Create a new job (draft or published). |
| GET | /api/v1/jobs/{jobId} | Fetch a single job. |
| PATCH | /api/v1/jobs/{jobId} | Update or publish a job (set status=published). |
| DELETE | /api/v1/jobs/{jobId} | Soft-delete (archive) a job. |
| POST | /api/v1/applications | Submit a candidate application. |
| GET | /api/v1/applications | List applications received. |
| POST | /api/v1/applications/upload | Upload a resume or document. |
| POST | /api/v1/webhooks | Register a webhook for status events. |
| POST | /api/v1/api-keys | Mint additional keys (dashboard session). |
Scopes & rate limits
Each key has a per-minute rate limit (default 60/min). Going over returns 429 with the limit echoed in the message.
Errors
All errors share one shape:
{
"success": false,
"error": {
"message": "Job not found.",
"details": "…optional context…"
}
}400— Validation failure. Readerror.message.401— Missing, invalid, expired, or revoked API key.403— Key lacks the required scope, or job belongs to another company.404— Resource not found.409— Conflict (e.g. candidate already applied).429— Rate limit exceeded.500— Server error. Safe to retry with backoff.
For LLM agents
Two machine-readable spec endpoints are served alongside this page. Point your agent at either:
llms.txt convention — perfect for an LLM's tool description.Agents typically: (1) POST /register to bootstrap, (2) cache the returned api_key.key, (3) PATCH /companies/me + POST /jobs to publish.