Setting up automations using Make.com with the Vincere API allows you to create powerful workflows that connect directly with your Vincere data.
This guide walks you through the steps to authenticate via the Vincere API and use it inside Make.com, including how to resolve the Client Secret limitation.
⚠️ Important: You need Administrator permissions and access to Vincere’s API documentation to complete this setup.
Set Up Vincere API Automations in Make.com
Follow these steps to configure and authenticate your Vincere API calls on Make.com.
When configuring Vincere API operations, it’s essential to identify the correct endpoint and base URL. Access endpoint URLs, such as those for job postings, in Vincere’s official API documentation to ensure up-to-date integration. Avoid using “public” URLs for API requests to maintain secure communication with Vincere’s backend.
Step 1: Generate a Refresh Token (One-Time Setup)
Open Postman (or your preferred OAuth client).
In Vincere’s API documentation, follow the first three steps under How to Use – Vincere API Manual Authentication Process:
During the Authorization step, you will receive a refresh_token in the response.
Copy the refresh_token and store it securely.
Step 2: Create a Token Refresh Module in Make.com
In your Make.com scenario, add an HTTP → Make a Request module.
Configure the request as follows:
Method: POST
URL: Use the endpoint provided in Step 4 of the Vincere API docs (“Refresh ID Token”).
Add the request headers:
Content-Type: application/json
In the body, include these parameters:
client_id
refresh_token (from Step 1)
grant_type: refresh_token
When executed, this module returns a new id_token, valid for approximately 30 minutes.
Step 3: Call Vincere API Endpoints
Add another HTTP → Make a Request module in Make.com.
Set the Method to GET.
Input the required headers exactly as outlined in Vincere’s APIv2 documentation:
Run the module. You should now receive a valid API response.
When specifying your base URL in API GET calls, ensure it does not contain the word public. Use the latest non-public endpoint versions for seamless communication.
📌 Note: Remember to refresh the id_token regularly using Step 2, especially if your Make.com scenario runs more than once every 30 minutes.
💡 Best Practices
Store your refresh_token securely; it only needs to be generated once.
Use Make.com’s built-in variables to manage the id_token dynamically between modules.
Avoid hardcoding sensitive values like client_id and API key directly in modules. Use Make.com secrets or environment variables instead.
Test each module independently to verify token validity and header setup.
Set up error handling in Make.com to catch token refresh failures.
Always confirm the correct endpoint and base URL using the latest Vincere API documentation.
Avoid deprecated or “public” base URLs to ensure smooth API calls.
Important note:
We do not provide client secret for any integration, but we have a specific workaround only for make.com.
🤔 FAQs
Q1: Why do I need a refresh token instead of just an API key?
Answer: Vincere uses OAuth 2.0 authentication, which relies on token-based access rather than a single static API key.
Q2: How long is the id_token valid?
Answer: The id_token is valid for approximately 30 minutes before it must be refreshed.
Q3: Can I reuse the refresh_token indefinitely?
Answer: Yes, unless it is manually revoked or regenerated. Keep it safe.
Q4: Why am I getting an “unauthorized” response from the API call?
Answer: This occurs if the id_token has expired or is not passed correctly in the header.
Q5: What tool should I use to get the refresh_token?
Answer: You can use Postman or any OAuth-compatible API client to perform the manual authentication process.
Q6: How do I determine the correct endpoint to use?
Answer: Refer to Vincere’s official API documentation or endpoint directory. Contact Vincere Support if you need help locating specific endpoints.
Q7: What considerations are there for configuring the base URL?
Answer: Always use the non-‘public’ version of the base URL and confirm it against the most recent API documentation.
Happy Recruitment #TheVinnyWay🤩




