Authenticate every request with an Authorization header:
curl https://www.sorce.jobs/api/external/v1/jobs \
-H "Authorization: Bearer sk_ext_..."
Partner keys
Partner keys (sk_ext_…) are bound to exactly one company when issued.
They can create, read, edit, publish, pause, resume, and close your
company’s jobs, set per-job spend budgets, and search locations.
Requests for another company’s jobs return 404. From the API’s point of
view, those jobs don’t exist for your key.
Keys are shown once at issuance and stored hashed. We cannot recover a
lost key, only issue a new one and revoke the old. Treat keys like
passwords: server-side only, never in client code or repositories.
Failures
A missing, malformed, unknown, or revoked key always returns the same
response, with HTTP status 401:
{
"error": {
"code": "INVALID_SERVICE_KEY",
"message": "Invalid service key."
}
}
Rate limits
Each key gets 60 requests per minute (sliding window). Past that,
requests return 429 RATE_LIMITED with a retryAfterSeconds hint in the
body. Back off and retry after that many seconds. 