Setting up automations using Make.com with the Vincere API allows you to create powerful workflows that integrate directly with your Vincere data.
This guide walks you through the exact steps to authenticate via the Vincere API and use it inside Make.com, even when you run into the Client Secret issue.
Click on the link ⏬ to skip to the section you're interested in:
⭕ How to Set Up Vincere API Automations in
Make.com
Follow the steps below to configure and authenticate your Vincere API calls on Make.com.
Step 1: Generate a Refresh Token (One-Time Setup)
Open Postman (or your preferred OAuth client).
In Vincere’s API documentation, follow the first three steps under "How to Use – Vincere API Manual Authentication Process":
Generate ID Token.
Authentication.
Authorization.
During the Authorization step, you'll receive a refresh_token in the response.
Copy the refresh_token and store it securely.
Step 2: Create a Token Refresh Module in Make.com
In your Make.com scenario, add an HTTP → Make a request module.
Configure it as follows:
Method: POST.
URL: Use the endpoint provided in Step 4 of the Vincere API docs ("Refresh ID Token").
Add the request headers:
Content-Type: application/json
In the body, add these parameters:
client_idrefresh_token(from Step 1)grant_type:refresh_token
When executed, this module returns a new id_token, valid for approximately 30 minutes.
Step 3: Call Vincere API Endpoints
Add another HTTP → Make a request module in Make.com.
Method: GET
You would have to input the headers again on that module, but this time following the headers required from our API Documentation under the section "Calling the Vincere APIv2".
Add the headers exactly as required by Vincere’s APIv2 documentation:
id-token:{{id_token from Step 2}}x-api-key:<your API key>Content-Type:application/json
Run the module — you should now receive the expected API response.
👉 Make sure the id_token is refreshed regularly using Step 2, especially if your scenario runs more than once every 30 minutes.
💡 Best Practices
Always store your refresh_token securely; it only needs to be generated once.
Use Make.com’s built-in variables to manage the id_token dynamically between modules.
Avoid hardcoding sensitive values like the client_id and API key directly in modules. Use Make.com secrets or environment variables when possible.
Test each module independently to ensure the correct token and headers are being used.
Set up error handling in Make.com in case token refresh fails.
Important note:
We do not provide client secret for any integration, but we have a specific workaround only for make.com.
🤔 FAQs
Q1: Why do I need a refresh token instead of just an API key?
Answer: Vincere uses OAuth 2.0 for authentication, requiring a token-based system to secure data access, rather than just an API key.
Q2: How long is the id_token valid?
Answer: The id_token is typically valid for about 30 minutes before needing to be refreshed.
Q3: Can I reuse the refresh_token indefinitely?
Answer: Yes, unless it's manually revoked or regenerated. Keep it safe.
Q4: Why am I getting an "unauthorized" response from the API call?
Answer: This usually happens if the id_token has expired or was not passed correctly in the header.
Q5: What tool should I use to get the refresh_token?
Answer: You can use Postman or any OAuth-compatible API client to perform the manual authentication steps.
Happy Recruitment #TheVinnyWay🤩