Authentication

All API requests require authentication via an API key.

Getting an API Key

1. Log in to jobko.ai/dashboard
2. Go to the Integrations tab (or use #agent anchor)
3. Click "Create API Key"
4. Give it a name (e.g., "My AI Agent")
5. Copy the key immediately - it won't be shown again

Using Your API Key

HTTP Header (Recommended)

Include your API key in the Authorization header:

Authorization: Bearer jk_your_api_key_here

Example

curlPythonJavaScript

curl https://jobko.ai/api/mcp/tools \
  -H "Authorization: Bearer jk_abc123def456"

import requests

headers = {"Authorization": "Bearer jk_abc123def456"}
response = requests.get("https://jobko.ai/api/mcp/tools", headers=headers)

const response = await fetch("https://jobko.ai/api/mcp/tools", {
  headers: {
    "Authorization": "Bearer jk_abc123def456"
  }
});

API Key Scopes

API keys can be restricted to specific operations:

Scope	Allows
profile_read	Read user profile
credits_read	Check credit balance
jobs_read	List saved jobs
job_analysis	Analyze job postings
cv_generation	Generate CVs

By default, new API keys have all scopes enabled.

Security Best Practices

Never expose your API key

• Don't commit keys to git
• Don't include keys in client-side code
• Use environment variables

Use separate keys for different apps

Create a new API key for each integration. This way you can revoke access to one without affecting others.

Environment Variables

Store your key in an environment variable:

export JOBKO_API_KEY="jk_abc123def456"

Then use it in your code:

PythonJavaScript

import os
api_key = os.environ.get("JOBKO_API_KEY")

const apiKey = process.env.JOBKO_API_KEY;

Revoking API Keys

To revoke an API key:

1. Go to jobko.ai/dashboard#agent
2. Find the key in your list
3. Click "Revoke"

The key will stop working immediately.