Public REST API · v1
Resume Ground API
Build automations on top of your resumes, applications and analytics. Authenticate with a personal API key from your settings.
Authentication
All requests require an Authorization header with a Bearer token:
curl https://resumeground.co/api/v1/resumes \ -H "Authorization: Bearer rco_xxxxxxxxxxxxxxxxxxxxxxxx"
Generate keys at /api-keys. Treat keys like passwords - they grant access to your account.
Rate limits
60 requests per minute per key. Exceeded calls return 429 Too Many Requests with a Retry-After header.
Endpoints
GET
/api/v1/resumes- List your resumes.scope: readGET
/api/v1/resumes/:id- Fetch a single resume.scope: readPOST
/api/v1/resumes- Create a new resume from JSON content.scope: writePOST
/api/v1/ats-score- Score a resume against a job description. Body: { resume_id, job_description }.scope: writeGET
/api/v1/applications- List job applications across all resumes.scope: readPOST
/api/v1/applications- Add a new application to your tracker.scope: writeGET
/api/v1/analytics/views- Aggregate share views (last 30 days).scope: readPOST
/api/v1/webhooks/test- Send a sample event to all your webhook endpoints.scope: adminWebhooks
Outbound webhooks deliver real-time events (application created, status changed, view recorded). Each request includes:
X-Resumeco-Signature- HMAC-SHA256 of body using your endpoint's secretX-Resumeco-Event- event type (e.g.application.created)X-Resumeco-Delivery- unique delivery id (use for dedup)
// Verify signatures (Node.js)
import crypto from "crypto";
const expected = crypto.createHmac("sha256", secret).update(body).digest("hex");
const valid = crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(expected));Errors
All errors return JSON: { error: string, code: string }.
- 400 - validation error
- 401 - missing or invalid API key
- 403 - key lacks required scope
- 404 - resource not found
- 429 - rate limit exceeded
- 500 - internal error (please report)