[The Long Dark V1.39 No Survey No Password 2019
Tilo Chopin
A password management vault is owned and managed by either an individual or an enterprise. A vault is used to store items securely, such as passwords, usernames, logins, company credit cards, and other important notes or files.
The exposed passwords report is a particularly useful tool. Using a trusted web service, it identifies passwords that have been uncovered in known data breaches that were released publicly or sold on the dark web by hackers. Should you receive notice your password was exposed, your next step is to create a new one.
As mentioned above, the best password is a password that is strong and unique - as in, not easily guessed or reused. It should also include a combination of uppercase and lowercase letters, numbers, special characters, and words unrelated to your personal information and be at least 14 characters or longer (an 8-character password will take a hacker 39 minutes to crack while a 16-character password will take a hacker a billion years to crack).
There are no individual endpoint specific limits. By default, we allow a steady state number of 10 requests/second per API key. When possible, we allow bursts of requests up to 20 requests/second.
These defaults are not guaranteed, as they may vary with server load and may change in the future. We recommend retrying using exponential backoff. Rate limits are important to prevent abuse and keep the service available to everyone.
Sometimes requests to the API are not successful. Failures can occur for a wide range of reasons. In all cases, the API should return a HTTP Status Code that will indicate the nature of the failure, with a response body in JSON format containing additional information.
An API key that has been granted access to confidential data may retrieve it via the /postings, /opportunities, /candidates, and /requisitions endpoints, granted that the API key also has permission to access the endpoint itself. If the API key in use has not been granted access, any request to retrieve confidential data will return an access error.
You can customize the response from an endpoint in two ways: you can adjust the attributes included in a response with the include parameter and you can specify which attributes are included as full objects with the expand parameter.
Note: In cases where the desired outcome is that an uploaded file be parsed for information (such as in the Creating an Opportunity endpoint), image files are not supported and will not be successfully parsed for information. They will, however, still be uploaded and referenced in the opportunity.
Here you can specify exactly what events you would like to enable webhooks for. You can also test your webhook URL from this page. Lever will send a sample request and will indicate whether the request succeeds (2xx) or fails. Our test POST request looks like this:
If your test request happens to fail because you have not set up your service yet or it is not yet running, do not worry. We will still send webhooks to your configured URL even if the test request fails. But please do try and enter a valid URL.
Since we are sending confidential candidate information outside of Lever, we need to ensure all traffic is encrypted. For this reason, we only support HTTPS enabled endpoints. We verify the SSL certificate against a Certificate Authority and, as such, the use of self-signed SSL certificates is not supported. For local development, we suggest using a reverse proxy that supports HTTPS termination such as ngrok.
To ensure the authenticity of webhook requests, Lever signs them and includes the signature within the body of the POST request. A signature body parameter will be included with all requests if a signing token has been generated in the integrations settings admin page. You can regenerate your signing token at any time.
Optionally, you can cache the token value locally and not honor any subsequent request with the same token. This will prevent replay attacks. You can also check if the timestamp is not too far from the current time.
With webhooks, your server is the server receiving the request. Configuring your server to receive a new webhook is no different from creating any other route. You can configure any URL you would like to receive events. Webhooks events are sent as POST requests with the data sent as a JSON object on the request body.
The following is a list of the different events you can enable from the integration settings page. It also provides additional detail on what properties will be provided within each event's data object.
To acknowledge you received the webhook without any problem, your server should return a 2xx HTTP status code. Any other information you return in the request headers or request body will be ignored. Any response code outside the 2xx range, including 3xx codes, will indicate to Lever that you did not receive the webhook. When a webhook is not received for whatever reason, Lever will continue trying to send the webhook five times, waiting longer and longer in between tries.
We show the most recent webhooks from (up to 1,000 requests) from the past two weeks on the webhook configuration page. If you click on one of the deliveries, the detail view for that delivery will open. Here you will be able to see the request and response associated with that delivery. Furthermore, if the webhook request failed, you can view additional information about the error here.
Lever is candidate-centric, meaning that candidates can exist in the system without being applied to a specific job posting. However, almost all candidates are applied to job postings, and thus almost all candidates have one or more applications.
Candidates can be applied to multiple job postings, meaning that candidates can have multiple applications. A candidate or contact may have multiple applications, each of which will be on a unique Opportunity. An Opportunity will have no more than one Application.
To create an application for a candidate, please use the Apply to a posting endpoint. If you need to upload a file as part of the application, please use the Upload a file endpoint. To view all application fields for a given posting, please use the Retrieve posting application questions endpoint.
Archive reasons provide granularity behind to candidates who have exited your active hiring pipeline. Candidates exit your active pipeline either due to being hired at your company or due to being rejected for a specific reason. These dispositions allow you to track each and every candidate who is no longer active within your pipeline. Check out this article for further information about Archive reasons.
Lever tracks certain activity by recording audit events. This endpoint exposesthose events to help security teams monitor sensitive activity within Lever andinvestigate past activity when there may have been a violation.
An account's suite configuration defines the authorization provider, calendar provider, and email provider for each of their domains (such as google for G Suite). Most accounts will use the same provider across features and use the default configuration for that provider, but Lever also allows a custom suite provider option where each feature (authorization, email, and calendar) are configured separately.
A user changed their password after a password reset or from their own usersettings. The "from" and "to" values are always redacted and stored as"****" because they're sensitive data. (Redacted properties make it easier todisplay :changed events in a consistent way.)
Feedback forms are added to Opportunities as they are completed after interviews by interviewers or they can be manually added directly to the profile. Learn more about customizing your feedback form templates in Lever.
These endpoints are for files that have been uploaded to an Opportunity. If you're looking specifically for the candidates' resumes see the Resumes endpoint. Files may include cover letters, portfolios, or images.
These are the currently supported field types in Lever. Note that most forms (e.g. referrals, feedback) only support a subset of available field types. Visit the docs for that specific form type to see what is available.
A customized evaluation of a candidate that may involve one or more skills assessed during the interview. Scorecard fields are only available on feedback forms. Scorecards allow a specific set of skills or experiences like accountability, self-awareness, humility, etc. to be evaluated. Interviewers rate each of these skills on the thumbs scale. They can also add an additional note or comment for each score.
Create a note and add it to a candidate profile. If you'd like to @-mention a user and trigger notifications, you can do so in the value field by including @username in the text. You can retrieve usernames with the Users endpoint.
Update an existing note. This is an atomic call, meaning the entirety of the note object will be replaced with the values specified. In order to pass a note with multiple comments, please pass multiple items in the values array. This call will only work on notes originally created via the API. Updating a note via API will alter the updatedAt timestamp for the associated opportunity.
Offers capture the data sent to a candidate about an Opportunity for a position they have been offered using Lever's offers feature. The status, creation date, creator, sent document, signed document, and all fields of an offer are exposed by the API.
You can view the state of an offer, signature progress, and retrieve a downloadUrl using the List all offers endpoint. A signed document will be available as soon as any signature is completed and doesn't guarantee all signatures are present.
A "Contact" is an object that our application uses internally to identify an individual person and their personal or contact information, even though they may have multiple opportunities. From this API, the "Contact" is exposed via the contact field, which returns the unique ID for a Contact across your account. Contact information will be shared and consistent across an individual person's opportunities, and will continue to be aggregated onto individual opportunities in the responses to all GET and POST requests to /opportunities.
795a8134c1