The ATS-API uses an OAuth2 application flow. We therefore have to obtain an access_token from an exchange endpoint. The exchange endpoint itself uses a Basic Authentication and we can retrieve a new session token with our mandator and token. 

As specified by the OAuth2 flow we send the access_token as a Bearer token and attach it to the header of every subsequent request.

TypeScript example:

Here's an example of how to authenticate and obtain an access token using TypeScript and node-fetch:

const mandator = '555';

const token = 'hereShouldBeYourTokenForAccessingTheHokifyAtsApi123456789PRRvsHpQ';

const basicAuthHeader = `Basic ${Buffer.from(`${mandator}:${token}`).toString('base64')}`;

async function authenticate(): Promise<{ access_token: string; expires_in: string }> {

const authUrl = '';

const headers = {

Accept: 'application/json',

Authorization: basicAuthHeader


const response = await fetch(authUrl, {

method: 'POST',



if (response.ok) {

return response.json();


throw new Error('Authentication failed');


Replace 'mandator' and 'token' with your actual credentials.

Upon successful authentication, the API will return an object similar to the one below:


"access_token": "123456789YourAccessTokenToTheHokifyAtsApi1234567",

"expires_in": 86400


Please note that the access token should be securely stored and used in subsequent API requests for authorization. (See details in "Tutorial 1 - Create a job" or "Tutorial 2 - Fetch applications")