CareerOS Partners API

Authentication

Every request must include a signed JWT in the Authorization header:

curl 'https://api.partners.thecareeros.com/v1/universities' \
  -H "Authorization: Bearer $TOKEN"

Tokens are issued by CareerOS during onboarding and delivered out of band. There is no self-service token endpoint — if you need a new token or a rotation, contact support@thecareeros.com.

What’s inside the token

ClaimValue
isshttps://api.partners.thecareeros.com
audcareeros-partners-api
roleapi_partner
partner_typeuniversity or consortium
partner_idYour university / consortium UUID
iat, expIssued-at / expiry — tokens are typically valid 1 year

Tenancy — what your token can see

partner_type + partner_id together control the rows every resource returns:

partner_typepartner_id is…What you see
universityA single university UUIDRecords belonging to that one university
consortiumA consortium UUIDRecords belonging to any member university — membership is resolved at request time, so consortium changes take effect immediately without re-issuing your token

The tenant boundary is enforced inside the database, underneath the API layer. The API will never return another partner’s data, no matter what filters you put in the query string.

Handling rules