Skip to main content

API Keys

  1. Obtain your production and test API keys from your JOFI representative. Your production key will be prefixed with sk_live. Your test key will be prefixed with sk_test.
  2. Include your API key in the headers of your requests, as an Authentication Bearer token (i.e. { Authentication: "Bearer sk_live_ELAbCDEfHijKl" }).
  3. Use the test API key for dev and QA testing.
  4. Warning: Do not commit your API key to your code repository or share it publicly, it should be considered a highly sensitive secret as it can be used to create and read participant data.

Every API response will include a mode property. mode: "live" indicates you are using a production key, and real resources will be created. mode: "test" indicates you are using a test key, so fake responses will be returned for most routes and no records are written to the JOFI database.

For HTTP status codes and error response shapes, see Errors and status codes.

Test mode behavior

Use your test API key (sk_test_...) during development. For most routes, the API returns a properly formed fake object and does not create or update real records.

Routes that return fake data in test mode include:

  • GET /accounts
  • GET /users, GET /teams, GET /email-templates
  • GET /invitations, POST /invitations, GET /invitations/:invitationId, PUT /invitations/:invitationId
  • GET /test-takers, GET /test-takers/:testTakerId
  • GET /test-takers/:testTakerId/scorecard?sp=...
  • GET /test-takers/:testTakerId/job-fit-report
  • GET /career-navigation-profiles, GET /career-navigation-profiles/:careerNavigationProfileId
  • GET /score-profiles

Exception: GET /assessments always returns the real assessment catalog, even with a test key. The response includes mode: "test", but the assessment IDs and names are live reference data.

Because test mode does not create records, sk_test API calls do not trigger webhook events. Production events are delivered to your live webhook URL only.

If you configure a test webhook URL and want to verify your handler, ask a JOFI Admin to send test events to that endpoint. Test event delivery is not available in the customer-facing JOFI UI.

tip

GET /healthcheck does not require an API key. Use it to verify that the API is reachable.