Skip to main content

Set Up Automations on Make.com Using the Vincere API

Learn how to set up Vincere API automations in Make.com, including how to authenticate, refresh tokens, and call API endpoints without using a client secret.

Jason avatar
Written by Jason
Updated this week

Setting up automations using Make.com with the Vincere API allows you to create powerful workflows that connect directly with your Vincere data.

  • This guide walks you through the steps to authenticate via the Vincere API and use it inside Make.com, including how to resolve the Client Secret limitation.

⚠️ Important: You need Administrator permissions and access to Vincere’s API documentation to complete this setup.


Set Up Vincere API Automations in Make.com

Follow these steps to configure and authenticate your Vincere API calls on Make.com.

  • When configuring Vincere API operations, it’s essential to identify the correct endpoint and base URL. Access endpoint URLs, such as those for job postings, in Vincere’s official API documentation to ensure up-to-date integration. Avoid using “public” URLs for API requests to maintain secure communication with Vincere’s backend.


Step 1: Generate a Refresh Token (One-Time Setup)

  1. Open Postman (or your preferred OAuth client).

  2. In Vincere’s API documentation, follow the first three steps under How to Use – Vincere API Manual Authentication Process:

    • Generate ID Token.

    • Authentication.

    • Authorization.

  3. During the Authorization step, you will receive a refresh_token in the response.

  4. Copy the refresh_token and store it securely.


Step 2: Create a Token Refresh Module in Make.com

  1. In your Make.com scenario, add an HTTP → Make a Request module.

  2. Configure the request as follows:

    • Method: POST

    • URL: Use the endpoint provided in Step 4 of the Vincere API docs (“Refresh ID Token”).

  3. Add the request headers:

    • Content-Type: application/json

  4. In the body, include these parameters:

    • client_id

    • refresh_token (from Step 1)

    • grant_type: refresh_token

  5. When executed, this module returns a new id_token, valid for approximately 30 minutes.


Step 3: Call Vincere API Endpoints

  1. Add another HTTP → Make a Request module in Make.com.

  2. Set the Method to GET.

  3. Input the required headers exactly as outlined in Vincere’s APIv2 documentation:

    • id-token: {{id_token from Step 2}}.

    • x-api-key: your API key.

    • Content-Type: application/json.

  4. Run the module. You should now receive a valid API response.

When specifying your base URL in API GET calls, ensure it does not contain the word public. Use the latest non-public endpoint versions for seamless communication.

📌 Note: Remember to refresh the id_token regularly using Step 2, especially if your Make.com scenario runs more than once every 30 minutes.


💡 Best Practices

  • Store your refresh_token securely; it only needs to be generated once.

  • Use Make.com’s built-in variables to manage the id_token dynamically between modules.

  • Avoid hardcoding sensitive values like client_id and API key directly in modules. Use Make.com secrets or environment variables instead.

  • Test each module independently to verify token validity and header setup.

  • Set up error handling in Make.com to catch token refresh failures.

  • Always confirm the correct endpoint and base URL using the latest Vincere API documentation.

  • Avoid deprecated or “public” base URLs to ensure smooth API calls.

Important note:

We do not provide client secret for any integration, but we have a specific workaround only for make.com.


🤔 FAQs

Q1: Why do I need a refresh token instead of just an API key?

  • Answer: Vincere uses OAuth 2.0 authentication, which relies on token-based access rather than a single static API key.

Q2: How long is the id_token valid?

  • Answer: The id_token is valid for approximately 30 minutes before it must be refreshed.

Q3: Can I reuse the refresh_token indefinitely?

  • Answer: Yes, unless it is manually revoked or regenerated. Keep it safe.

Q4: Why am I getting an “unauthorized” response from the API call?

  • Answer: This occurs if the id_token has expired or is not passed correctly in the header.

Q5: What tool should I use to get the refresh_token?

  • Answer: You can use Postman or any OAuth-compatible API client to perform the manual authentication process.

Q6: How do I determine the correct endpoint to use?

  • Answer: Refer to Vincere’s official API documentation or endpoint directory. Contact Vincere Support if you need help locating specific endpoints.

Q7: What considerations are there for configuring the base URL?

  • Answer: Always use the non-‘public’ version of the base URL and confirm it against the most recent API documentation.


Happy Recruitment #TheVinnyWay🤩

Did this answer your question?