Skip to content

Greenhouse API Key

Service Name: Greenhouse

Service Description: Greenhouse is an applicant tracking system and recruiting software that helps companies find, evaluate, and hire the right candidates. It streamlines the entire recruitment process from job posting to onboarding.

Service Address: https://www.greenhouse.io/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the account level through Greenhouse's security settings.

Secret Access Scope: Grants programmatic access to Greenhouse's recruitment data, including candidates, jobs, applications, and hiring processes. The scope depends on the permissions assigned to the API key.

Secret Revokement URL: https://app.greenhouse.io/configure/dev_center/credentials

Secret Example: v2_a1b2c3d4e5f6g7h8i9j0_1a2b3c4d5e6f7g8h9i0j

Suspicious Activity Investigation Instructions:

  • Review API access logs in Greenhouse for unusual activity or unauthorized access.
  • Check for unexpected changes to candidate data, job postings, or application statuses.
  • Monitor for unusual API call patterns or access from unfamiliar IP addresses.
  • Review user activity logs to identify any unauthorized actions.
  • Verify if any data exports or mass operations have been performed unexpectedly.

Mitigation Instructions:

  • Log in to your Greenhouse account as an administrator.
  • Navigate to the Dev Center under Configure settings.
  • Locate the compromised API key in the list of credentials.
  • Click "Revoke" to immediately invalidate the API key.
  • Generate a new API key with appropriate permissions if needed.
  • Update any legitimate applications or integrations with the new API key.
  • Review and adjust API key permissions to follow the principle of least privilege.
  • Consider implementing IP restrictions for API access if not already in place.