Resources/The Agent API Atlas/HR/Greenhouse

Everything an AI agent can do with the Greenhouse API.

A reference guide for building AI agents: every method, how to authenticate, and the permissions each one needs.

Endpoints36

API versionv1

Last updated23 June 2026

Orientation

How the Greenhouse API works.

The Greenhouse API is how an app or AI agent works with a recruiting organization: reading candidates and their applications, advancing or rejecting a candidate in the pipeline, creating jobs, and reading offers and interview scorecards. Access is granted through a Harvest API key, which a site admin grants endpoint by endpoint, and a granted endpoint returns all of its data rather than a narrowed subset. Greenhouse can also push recruiting events, like a candidate being hired, to a registered web hook.

36Endpoints

9Capability groups

17Read

19Write

36Permissions

Authentication

The Harvest API authenticates with a Harvest API key sent over HTTP Basic auth, as the username with a blank password. Keys are created in the Greenhouse Dev Center by a site admin. Write methods (POST, PATCH, PUT, DELETE) additionally require an On-Behalf-Of header naming the Greenhouse user the action is attributed to, so every change has a named author in the audit trail.

Permissions

Permission in Harvest is per-endpoint and binary. A site admin grants a key access to each endpoint one by one in the Dev Center, and a granted endpoint returns all of that endpoint's data, with no narrowing to a subset of jobs or candidates. A key created before 18 January 2017 has full access to the endpoints that existed then; any key created after that must be granted each endpoint explicitly. Calling an endpoint a key was not granted returns 403.

Versioning

The Harvest API is versioned by URL. The original methods sit under v1, with a few later methods, such as creating a scheduled interview and changing a user's permission level, served by a v2 implementation under the same v1 paths. The v1 and v2 Harvest API is deprecated and will be removed on 31 August 2026, replaced by a rebuilt Harvest v3.

Data model

Harvest is resource-oriented JSON over HTTPS. The core resources are candidates and the applications that link a candidate to a job, with jobs, job posts, offers, scorecards, scheduled interviews, users, departments, and offices alongside. Many records nest under a parent, such as an application's offers or scorecards, or a candidate's notes and attachments. Web hooks push recruiting events to a registered URL.

Connect & authenticate

Connection & authentication methods.

How an app or AI agent connects to Greenhouse determines what it can reach. The Harvest API is the route into recruiting data, and each call is governed by the API key behind it and the endpoints that key has been granted.

Ways to connect

Harvest API (REST)

The Harvest API is the route into recruiting data at https://harvest.greenhouse.io/v1. A call authenticates with a Harvest API key over HTTP Basic auth, sent as the username with a blank password. Write methods also require an On-Behalf-Of header naming the Greenhouse user the action is attributed to.

Best forConnecting an app or AI agent to Greenhouse recruiting data.

Governed byThe Harvest API key and the endpoints it has been granted.

Docs ↗

Web hooks

Greenhouse posts an event to a URL registered in the Greenhouse application when something happens in recruiting, like a candidate being hired or an application changing stage. Each delivery carries a signature, computed from the secret entered when the web hook was created and the request body, so the receiver can confirm it came from Greenhouse.

Best forReceiving Greenhouse recruiting events at an app or AI agent.

Governed byThe secret on the web hook.

Docs ↗

Authentication

Harvest API key

A Harvest API key authenticates over HTTP Basic auth, sent as the username with a blank password. The key is created in the Greenhouse Dev Center, where a site admin grants it access to specific endpoints one by one. A key created before 18 January 2017 carries full access to the endpoints that existed then.

TokenHarvest API key (HTTP Basic auth)

Best forServer-side access to recruiting data, scoped to chosen endpoints.

Docs ↗

Capability map

What an AI agent can do in Greenhouse.

The Harvest API is split into areas an agent can act on, like candidates, applications, jobs, offers, and scorecards. Each area has its own methods, and writes here change real hiring records or move a candidate through a pipeline.

Candidates

7 endpoints

List, read, create, and update candidates, and add notes, attachments, and other records to a candidate.

Writes here change real candidate data, including personal contact details.

View endpoints →

Applications

6 endpoints

List, read, create, and update applications, and move a candidate through the pipeline by advancing, rejecting, or hiring.

Writes here move a real candidate through hiring, including hire and reject.

View endpoints →

Jobs

5 endpoints

List, read, create, and update jobs, and read or change a job's hiring team.

Writes here change real job records and who is on a hiring team.

View endpoints →

Job posts

3 endpoints

List and read the public posts for jobs, and update a post or change whether it is live.

Writes here change what is published on a careers site.

View endpoints →

Offers

3 endpoints

List and read offers across the organization or for an application, and update the current offer on an application.

Writes here change a real offer, including pay and terms.

View endpoints →

Scorecards

2 endpoints

List and read the interview scorecards submitted across the organization or for a single application.

Reads here expose interviewers' private hiring assessments.

View endpoints →

Scheduled interviews

3 endpoints

List and read scheduled interviews, and create, update, or remove an interview on an application.

Writes here change real interview schedules on people's calendars.

View endpoints →

Users

3 endpoints

List and read the Greenhouse users in an organization, create a user, and enable, disable, or change a user's permission level.

Writes here change who can sign in to Greenhouse and at what level.

View endpoints →

Departments & offices

4 endpoints

List, read, create, and update the departments and offices that organize jobs and candidates.

Writes here change the organization's structure of departments and offices.

View endpoints →

Endpoint reference

Every Greenhouse Harvest API method.

Filter by method, access, or permission, or search any path. Select a row for version detail, rate limits, the related webhook event, and the source.

Hide deprecated

Method	Endpoint	What it does	Access	Permission	Version
Candidates List, read, create, and update candidates, and add notes, attachments, and other records to a candidate.7
GET	`/v1/candidates`	List all candidates in the organization.	read	`GET: List Candidates`	Current
Access in Harvest is per-endpoint and all-or-nothing: a key granted this permission can read every candidate, with no narrowing to a subset. Acts oncandidate Permission (capability)`GET: List Candidates` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v1/candidates/{id}`	Retrieve a single candidate by ID.	read	`GET: Retrieve Candidate`	Current
Returns a candidate's personal details, including contact information. Acts oncandidate Permission (capability)`GET: Retrieve Candidate` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v1/candidates`	Create a new candidate.	write	`POST: Add Candidate`	Current
Write methods require an On-Behalf-Of header naming the Greenhouse user the action is attributed to, for the audit trail. Acts oncandidate Permission (capability)`POST: Add Candidate` VersionAvailable since the API’s base version Webhook event`update_candidate` Rate limitStandard limits apply SourceOfficial documentation ↗
PATCH	`/v1/candidates/{id}`	Edit a candidate's details.	write	`PATCH: Edit Candidate`	Current
Requires the On-Behalf-Of header. Fires the update_candidate webhook. Acts oncandidate Permission (capability)`PATCH: Edit Candidate` VersionAvailable since the API’s base version Webhook event`update_candidate` Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v1/candidates/{id}/notes`	Add a note to a candidate's profile.	write	`POST: Add Note`	Current
Requires the On-Behalf-Of header naming the note's author. Acts oncandidate note Permission (capability)`POST: Add Note` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v1/candidates/{id}/attachments`	Add an attachment, such as a resume, to a candidate.	write	`POST: Add Attachment`	Current
Requires the On-Behalf-Of header. Acts oncandidate attachment Permission (capability)`POST: Add Attachment` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
PUT	`/v1/candidates/{id}/anonymize`	Anonymize a candidate's personal data for a privacy request.	write	`PUT: Anonymize Candidate`	Current
Irreversibly removes personal fields. Requires the On-Behalf-Of header. Fires the candidate_anonymized webhook. Acts oncandidate Permission (capability)`PUT: Anonymize Candidate` VersionAvailable since the API’s base version Webhook event`candidate_anonymized` Rate limitStandard limits apply SourceOfficial documentation ↗
Applications List, read, create, and update applications, and move a candidate through the pipeline by advancing, rejecting, or hiring.6
GET	`/v1/applications`	List all applications in the organization.	read	`GET: List Applications`	Current
All-or-nothing access: the granted key reads every application across all jobs. Acts onapplication Permission (capability)`GET: List Applications` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v1/applications/{id}`	Retrieve a single application by ID.	read	`GET: Retrieve Application`	Current
Read-only. Acts onapplication Permission (capability)`GET: Retrieve Application` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v1/candidates/{id}/applications`	Create an application for a candidate or prospect on a job.	write	`POST: Add Application`	Current
Requires the On-Behalf-Of header. Fires the new_candidate_application webhook. Acts onapplication Permission (capability)`POST: Add Application` VersionAvailable since the API’s base version Webhook event`new_candidate_application` Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v1/applications/{id}/advance`	Advance an application to the next interview stage.	write	`POST: Advance Application`	Current
Requires the On-Behalf-Of header. Fires the candidate_stage_change webhook. Acts onapplication Permission (capability)`POST: Advance Application` VersionAvailable since the API’s base version Webhook event`candidate_stage_change` Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v1/applications/{id}/hire`	Mark an application as hired.	write	`POST: Hire Application`	Current
Requires the On-Behalf-Of header. Fires the hire_candidate webhook. Acts onapplication Permission (capability)`POST: Hire Application` VersionAvailable since the API’s base version Webhook event`hire_candidate` Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v1/applications/{id}/reject`	Reject an application, with a reason and optional notification.	write	`POST: Reject Application`	Current
Requires the On-Behalf-Of header. Fires the reject_candidate webhook. Acts onapplication Permission (capability)`POST: Reject Application` VersionAvailable since the API’s base version Webhook event`reject_candidate` Rate limitStandard limits apply SourceOfficial documentation ↗
Jobs List, read, create, and update jobs, and read or change a job's hiring team.5
GET	`/v1/jobs`	List all jobs in the organization.	read	`GET: List Jobs`	Current
Read-only. Acts onjob Permission (capability)`GET: List Jobs` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v1/jobs/{id}`	Retrieve a single job by ID.	read	`GET: Retrieve Job`	Current
Read-only. Acts onjob Permission (capability)`GET: Retrieve Job` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v1/jobs`	Create a new job.	write	`POST: Create Job`	Current
Requires the On-Behalf-Of header. Fires the job_created webhook. Acts onjob Permission (capability)`POST: Create Job` VersionAvailable since the API’s base version Webhook event`job_created` Rate limitStandard limits apply SourceOfficial documentation ↗
PATCH	`/v1/jobs/{id}`	Update a job's details.	write	`PATCH: Update Job`	Current
Requires the On-Behalf-Of header. Fires the job_updated webhook. Acts onjob Permission (capability)`PATCH: Update Job` VersionAvailable since the API’s base version Webhook event`job_updated` Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v1/jobs/{id}/hiring_team`	Get the hiring team assigned to a job.	read	`GET: Get Hiring Team`	Current
Read-only. Acts onhiring team Permission (capability)`GET: Get Hiring Team` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Job posts List and read the public posts for jobs, and update a post or change whether it is live.3
GET	`/v1/job_posts`	List all job posts in the organization.	read	`GET: List Job Posts`	Current
Read-only. Acts onjob post Permission (capability)`GET: List Job Posts` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v1/job_posts/{id}`	Retrieve a single job post by ID.	read	`GET: Retrieve Job Post`	Current
Read-only. Acts onjob post Permission (capability)`GET: Retrieve Job Post` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
PATCH	`/v1/job_posts/{id}/status`	Update a job post's status, such as setting it live or offline.	write	`PATCH: Update Status`	Current
Requires the On-Behalf-Of header. Fires the job_post_updated webhook. Acts onjob post Permission (capability)`PATCH: Update Status` VersionAvailable since the API’s base version Webhook event`job_post_updated` Rate limitStandard limits apply SourceOfficial documentation ↗
Offers List and read offers across the organization or for an application, and update the current offer on an application.3
GET	`/v1/offers`	List all offers in the organization.	read	`GET: List Offers`	Current
Offers include pay and terms; this key reads every offer in the organization. Acts onoffer Permission (capability)`GET: List Offers` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v1/offers/{id}`	Retrieve a single offer by ID.	read	`GET: Retrieve Offer`	Current
Returns the offer's pay and terms. Acts onoffer Permission (capability)`GET: Retrieve Offer` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
PATCH	`/v1/applications/{id}/offers/current`	Update the current offer on an application.	write	`PATCH: Update Offer`	Current
Changes a real offer's pay and terms. Requires the On-Behalf-Of header. Fires the offer_updated webhook. Acts onoffer Permission (capability)`PATCH: Update Offer` VersionAvailable since the API’s base version Webhook event`offer_updated` Rate limitStandard limits apply SourceOfficial documentation ↗
Scorecards List and read the interview scorecards submitted across the organization or for a single application.2
GET	`/v1/scorecards`	List all submitted scorecards in the organization.	read	`GET: List Scorecards`	Current
Scorecards hold interviewers' written assessments and ratings of candidates. Acts onscorecard Permission (capability)`GET: List Scorecards` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v1/scorecards/{id}`	Retrieve a single scorecard by ID.	read	`GET: Retrieve Scorecard`	Current
Returns one interviewer's assessment. Some question fields may contain HTML. Acts onscorecard Permission (capability)`GET: Retrieve Scorecard` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Scheduled interviews List and read scheduled interviews, and create, update, or remove an interview on an application.3
GET	`/v1/scheduled_interviews`	List all scheduled interviews in the organization.	read	`GET: List Interviews`	Current
Read-only. Acts onscheduled interview Permission (capability)`GET: List Interviews` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v1/scheduled_interviews`	Schedule an interview on an application.	write	`POST: Create Interview`	Current
Requires the On-Behalf-Of header. This endpoint is served by the v2 implementation. Acts onscheduled interview Permission (capability)`POST: Create Interview` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
DELETE	`/v1/scheduled_interviews/{id}`	Remove a scheduled interview.	write	`DELETE: Remove Interview`	Current
Requires the On-Behalf-Of header. Fires the interview_deleted webhook. Acts onscheduled interview Permission (capability)`DELETE: Remove Interview` VersionAvailable since the API’s base version Webhook event`interview_deleted` Rate limitStandard limits apply SourceOfficial documentation ↗
Users List and read the Greenhouse users in an organization, create a user, and enable, disable, or change a user's permission level.3
GET	`/v1/users`	List all Greenhouse users in the organization.	read	`GET: List Users`	Current
Read-only. Acts onuser Permission (capability)`GET: List Users` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v1/users`	Add a new Greenhouse user.	write	`POST: Add User`	Current
Creates a user who can sign in to Greenhouse. Requires the On-Behalf-Of header. Acts onuser Permission (capability)`POST: Add User` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
PATCH	`/v1/users/{id}/permission_level`	Change a user's permission level.	write	`PATCH: Permission Level`	Current
Changes what a user can do in Greenhouse. Requires the On-Behalf-Of header. Served by the v2 implementation. Acts onuser Permission (capability)`PATCH: Permission Level` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
Departments & offices List, read, create, and update the departments and offices that organize jobs and candidates.4
GET	`/v1/departments`	List all departments in the organization.	read	`GET: List Departments`	Current
Read-only. Acts ondepartment Permission (capability)`GET: List Departments` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v1/departments`	Add a new department.	write	`POST: Add Department`	Current
Requires the On-Behalf-Of header. Acts ondepartment Permission (capability)`POST: Add Department` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
GET	`/v1/offices`	List all offices in the organization.	read	`GET: List Offices`	Current
Read-only. Acts onoffice Permission (capability)`GET: List Offices` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗
POST	`/v1/offices`	Add a new office.	write	`POST: Add Office`	Current
Requires the On-Behalf-Of header. Acts onoffice Permission (capability)`POST: Add Office` VersionAvailable since the API’s base version Webhook eventNone Rate limitStandard limits apply SourceOfficial documentation ↗

No endpoints match those filters.

Webhooks

Webhook events.

Greenhouse can notify an app or AI agent when something happens in recruiting, like a candidate being hired or an application changing stage, instead of the app repeatedly asking. Greenhouse posts the event to a URL registered for the chosen events.

Event	What it signals	Triggered by
`new_candidate_application`	Fires when a new candidate application is created on a job.	`/v1/candidates/{id}/applications`
`candidate_stage_change`	Fires when an application moves to a new interview stage.	`/v1/applications/{id}/advance`
`hire_candidate`	Fires when a candidate is hired, on an application's offer being accepted.	`/v1/applications/{id}/hire`
`reject_candidate`	Fires when a candidate or prospect is rejected.	`/v1/applications/{id}/reject`
`update_candidate`	Fires when a candidate's information is created or updated.	`/v1/candidates` `/v1/candidates/{id}`
`candidate_anonymized`	Fires when a candidate's personal data is anonymized.	`/v1/candidates/{id}/anonymize`
`job_created`	Fires when a new job is created.	`/v1/jobs`
`job_updated`	Fires when a job's details change.	`/v1/jobs/{id}`
`job_post_updated`	Fires when a job post is modified or its live status changes.	`/v1/job_posts/{id}/status`
`offer_updated`	Fires when an offer's information changes.	`/v1/applications/{id}/offers/current`
`interview_deleted`	Fires when a scheduled interview is cancelled or removed.	`/v1/scheduled_interviews/{id}`

No events match that search.

Rate limits & pagination

Rate limits, pagination & request size.

Greenhouse limits how fast an app or AI agent can call the Harvest API, through a request quota measured over a rolling ten-second window rather than per method.

Request rate

Greenhouse meters the Harvest API by request rate over a rolling ten-second window, not by a per-method cost. The ceiling is 50 requests per 10 seconds for approved partners and custom integrations, reported in the X-RateLimit-Limit response header. Each response also carries X-RateLimit-Remaining, the calls left in the current window, and X-RateLimit-Reset, the time the window resets. Going over returns HTTP 429, and the request should be retried after the reset time.

Pagination

List endpoints use the Link response header, following the RFC 5988 convention, with rel values of next, prev, and last where they apply. The page parameter selects a page and per_page sets the page size. The next link should be followed rather than building the URL by hand, and some endpoints support only the next relation.

Request size

The per_page parameter is an integer from 1 to 500 and defaults to 100. Requests and responses are JSON. A skip_count parameter can be passed on some list endpoints to omit the total count for faster responses.

Errors

Status codes & error handling.

The status codes an agent should handle, and what to do about each.

Status	Code	Meaning	What to do
401	`Unauthorized`	The Harvest API key is missing or invalid.	Send a valid key over HTTP Basic auth, as the username with a blank password.
403	`Forbidden`	The key is valid but has not been granted the endpoint being called, or the request is otherwise not permitted, such as sending a body on a GET.	Grant the endpoint to the key in the Dev Center, or correct the request.
404	`Not Found`	The requested resource does not exist.	Check the path and the resource ID.
422	`Unprocessable Entity`	Validation failed: the request was well-formed but a field is missing or invalid.	Read the returned errors, correct the named fields, and resend.
429	`Too Many Requests`	The rate limit was exceeded for the rolling ten-second window.	Wait until the X-RateLimit-Reset time, then retry. Slow the request rate to stay under the X-RateLimit-Limit ceiling.
500	`Internal Server Error`	An error on Greenhouse's side.	Retry after a short wait, and contact Greenhouse support if it persists.

Versioning & freshness

Version history.

Greenhouse versions the Harvest API by URL, with the original methods under v1. The v1 and v2 Harvest API is being retired on 31 August 2026 in favour of a rebuilt Harvest v3.

Version history

What changed, and when

Latest versionv1

v1Current version

Harvest API v1 (current, retiring 31 August 2026)

The Harvest API is versioned by URL, with the original methods under v1 and a few later methods served by a v2 implementation under the same paths. The v1 and v2 Harvest API is deprecated and will be removed on 31 August 2026, replaced by a rebuilt Harvest v3. The dated entries below are recent changes from the Harvest API change log; they ship continuously rather than as new URL versions.

What changed

Single URL version for the original methods, with v2 implementations for a few later methods.
Announced retirement of the v1 and v2 Harvest API on 31 August 2026, with migration to Harvest v3.

2025-09-24Feature update

Anonymization fields added

Added match_score_reasoning and identity_verification fields to the candidate anonymization response.

2025-08-14Feature update

HTML in question data noted

Documented that scorecard and job stage question data may contain HTML formatting, so a consumer should expect to handle markup.

2025-08-13Feature update

403 on GET request bodies clarified

Updated the 403 documentation to note that sending a body on a GET request is rejected.

2025-06-02Feature update

Recruiter and coordinator fields added

Added recruiter_id and coordinator_id parameters to the application endpoints, so an integration can set those assignments.

2025-04-03Feature update

Video conferencing URL added

Added the video_conferencing_url parameter to interview scheduling.

2024-08-07Feature update

Terminology standardized

Standardized documentation terminology, replacing 'web hook' with 'webhook'.

An integration on v1 or v2 should plan its move to Harvest v3 before the retirement date.

Greenhouse Harvest API change log ↗

Questions

Greenhouse Harvest API, answered.

How does authentication work for the Harvest API?+

A Harvest API key is sent over HTTP Basic auth, as the username with a blank password, so the Authorization header is the base64 encoding of the key followed by a colon. Keys are created in the Greenhouse Dev Center. An invalid or missing key returns 401. Write methods also need an On-Behalf-Of header naming the Greenhouse user the change is attributed to.

How do Harvest API key permissions work?+

Permission is per-endpoint and all-or-nothing. A site admin opens Manage Permissions on a key in the Dev Center and checks each endpoint the key should reach. A granted endpoint returns all of its data, so a key with List Candidates reads every candidate, with no way to limit it to a subset. Calling an endpoint the key was not granted returns 403, so each key should hold only the endpoints its integration needs.

What are the rate limits?+

The Harvest API is limited by request rate over a rolling ten-second window, set at 50 requests per 10 seconds for approved partners and custom integrations. The current ceiling and state come back in the X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset response headers. Exceeding the limit returns HTTP 429, and the call should be retried after the reset time.

What is the On-Behalf-Of header and when is it required?+

On-Behalf-Of carries the ID of the Greenhouse user a write is attributed to, so the audit trail records a named author rather than just the key. It is required on the write methods, the POST, PATCH, PUT, and DELETE calls that create, change, or remove records. Read methods do not need it.

How do I receive events instead of polling?+

Greenhouse web hooks deliver recruiting events without polling. A URL is registered in the Greenhouse application and a set of events is chosen, such as new_candidate_application, candidate_stage_change, hire_candidate, or offer_updated. Greenhouse posts the event when it fires, and a signature computed from the web hook's secret and the request body lets the receiver confirm the request came from Greenhouse.

Is the Harvest v1 API being retired?+

Yes. Greenhouse has announced that the v1 and v2 Harvest API is deprecated and will be removed on 31 August 2026, replaced by a rebuilt Harvest v3. An existing integration on v1 or v2 should plan its migration to v3 before that date. The methods documented here are the v1 and v2 methods in use until the retirement.

What is Bollard AI?

Control what every AI agent can do in Greenhouse.

Bollard AI sits between a team's AI agents and Greenhouse. Grant each agent exactly the access it needs, read or write, resource by resource, and every call is checked and logged.

Set read, write, or full access per agent, never a shared Greenhouse key.
Denied by default, so an agent reaches only what has been explicitly allowed.
Every call recorded in plain English: who, what, where, and the decision.

Control Greenhouse access in Bollard Browse all APIs →

Greenhouse

Recruiting Agent

Read candidates ResourceOffReadFull use

Advance applications ActionOffReadFull use

Offers ResourceOffReadFull use

Per-agent access, set in Bollard AI, not in Greenhouse

How the Greenhouse API works.

Connection & authentication methods.

Harvest API (REST)

Web hooks

Harvest API key

What an AI agent can do in Greenhouse.

Candidates

Applications

Jobs

Job posts

Offers

Scorecards

Scheduled interviews

Users

Departments & offices

Every Greenhouse Harvest API method.

Candidates

Applications

Jobs

Job posts

Offers

Scorecards

Scheduled interviews

Users

Departments & offices

Webhook events.

Rate limits, pagination & request size.

Request rate

Pagination

Request size

Status codes & error handling.

Version history.

What changed, and when

Greenhouse Harvest API, answered.

More hr API guides for agents

Remote

Lever

BambooHR

HiBob

Rippling

Gusto

Control what every AI agent can do in Greenhouse.