API Introduction

Overview

The DEVision Job Manager API provides programmatic access to company registration, authentication, profile management, job posting, applicant search, and premium subscription features. This API is designed for the Job Manager subsystem of the DEVision job portal platform.

Authentication

Company registration, login, SSO, and token management

Company Profile

Profile CRUD operations and media management

Job Posts

Job lifecycle management and application tracking

Subscription

Premium subscriptions and payment processing

Base URL

All API requests should be made to the following base URL:

https://api.jm.saintgiong.ttr.gg/api/v1/sgjm

For development and testing:

http://localhost:8080/api/v1/sgjm

Authentication

The DEVision API uses JWE (JSON Web Encryption) tokens for authentication. All authenticated endpoints require a valid Bearer token in the Authorization header.

Token Format

Authorization: Bearer <jwe_token>

Token Lifecycle

Authenticate via credentials or SSO to receive access and refresh tokens

Access Token

Short-lived token (15 minutes) for API requests

Refresh Token

Long-lived token (7 days) to obtain new access tokens

Token Revocation

Tokens can be revoked on logout or security events via Redis blocklist

Security Scheme

{
  "securitySchemes": {
    "bearerAuth": {
      "type": "http",
      "scheme": "bearer",
      "bearerFormat": "JWE"
    }
  }
}

Error Response Format

All API errors follow a consistent format:

{
  "error": {
    "code": "VALIDATION_ERROR",
    "message": "Email format is invalid",
    "details": {
      "field": "email",
      "constraint": "must be a valid email address"
    }
  },
  "timestamp": "2025-11-28T10:30:00Z",
  "path": "/api/v1/auth/register"
}

Error Codes

Code	HTTP Status	Description
`VALIDATION_ERROR`	400	Request validation failed
`UNAUTHORIZED`	401	Invalid or expired token
`FORBIDDEN`	403	Insufficient permissions
`NOT_FOUND`	404	Resource not found
`CONFLICT`	409	Resource already exists
`RATE_LIMITED`	429	Too many requests
`INTERNAL_ERROR`	500	Server error

Rate Limiting

API requests are rate-limited to ensure fair usage:

Tier	Requests per Minute	Burst Limit
Free	60	10
Premium	300	50

Rate limit headers are included in all responses:

X-RateLimit-Limit: 60
X-RateLimit-Remaining: 45
X-RateLimit-Reset: 1701234567

API Versioning

The API uses URL-based versioning. The current version is v1:

/api/v1/sgjm/auth/login
/api/v1/sgjm/companies/{id}/profile
/api/v1/sgjm/jobs/{id}

Content Types

All requests and responses use JSON:

Content-Type: application/json
Accept: application/json

For file uploads (media), use multipart form data:

Content-Type: multipart/form-data

Pagination

List endpoints support cursor-based pagination:

{
  "data": [...],
  "pagination": {
    "limit": 20,
    "offset": 0,
    "total": 150,
    "hasMore": true
  }
}

Query parameters:

limit - Number of items per page (default: 20, max: 100)
offset - Number of items to skip

API Endpoints Overview

Authentication

Method	Endpoint	Description
POST	`/api/v1/sgjm/auth/register`	Register new company
POST	`/api/v1/sgjm/auth/login`	Login with credentials
POST	`/api/v1/sgjm/auth/sso/google`	Google SSO authentication
POST	`/api/v1/sgjm/auth/logout`	Revoke tokens
POST	`/api/v1/sgjm/auth/refresh`	Refresh access token

Company Profile

Method	Endpoint	Description
GET	`/api/v1/sgjm/companies/{id}/profile`	Get company profile
PUT	`/api/v1/sgjm/companies/{id}/profile`	Update company profile
POST	`/api/v1/sgjm/companies/{id}/media`	Upload media files
DELETE	`/api/v1/sgjm/companies/{id}/media/{mediaId}`	Delete media

Job Posts

Method	Endpoint	Description
GET	`/api/v1/sgjm/jobs`	List company job posts
POST	`/api/v1/sgjm/jobs`	Create job post
GET	`/api/v1/sgjm/jobs/{id}`	Get job post details
PUT	`/api/v1/sgjm/jobs/{id}`	Update job post
DELETE	`/api/v1/sgjm/jobs/{id}`	Delete job post
GET	`/api/v1/sgjm/jobs/{id}/applications`	List applications
PATCH	`/api/v1/sgjm/jobs/{id}/applications/{appId}`	Update application status

Subscription

Method	Endpoint	Description
GET	`/api/v1/sgjm/subscriptions/status`	Get subscription status
POST	`/api/v1/sgjm/subscriptions/checkout`	Initiate payment
POST	`/api/v1/sgjm/subscriptions/webhook`	Stripe webhook handler

Search

Method	Endpoint	Description
POST	`/api/v1/sgjm/search/applicants`	Search applicants (Premium)
GET	`/api/v1/sgjm/search/profiles`	List saved search profiles
POST	`/api/v1/sgjm/search/profiles`	Create search profile

Detailed request/response schemas for each endpoint will be added in Milestone 2 implementation phase.

API Documentation

Company APIs

Job Post APIs

Overview

Authentication

Company Profile

Job Posts

Subscription

Base URL

Authentication

Token Format

Token Lifecycle

Security Scheme

Error Response Format

Error Codes

Rate Limiting

API Versioning

Content Types

API Endpoints Overview

Authentication

Company Profile

Job Posts

Subscription

Search

API Documentation

Company APIs

Job Post APIs

​Overview

Authentication

Company Profile

Job Posts

Subscription

​Base URL

​Authentication

​Token Format

​Token Lifecycle

​Security Scheme

​Error Response Format

​Error Codes

​Rate Limiting

​API Versioning

​Content Types

​Pagination

​API Endpoints Overview

​Authentication

​Company Profile

​Job Posts

​Subscription

​Search

​Related Documentation

Overview

Base URL

Authentication

Token Format

Token Lifecycle

Security Scheme

Error Response Format

Error Codes

Rate Limiting

API Versioning

Content Types

Pagination

API Endpoints Overview

Authentication

Company Profile

Job Posts

Subscription

Search

Related Documentation