Authentication & Security
Authentication#
OAuth 2.1 with PKCE (recommended). The default authentication method. When you connect from any supported MCP client, the OAuth flow starts automatically. You'll be redirected to sign in with your SeekOut account and authorize the client. Each user gets their own session with permissions scoped to their SeekOut account, revocable by your admin at any time. Clients that support Dynamic Client Registration (RFC 7591) — for example Claude.ai, ChatGPT, and Amazon Quick — auto-register against SeekOut's authorization server with no manual configuration.
Provisioned OAuth client (confidential). Some clients (notably Gemini Enterprise) require a pre-registered confidential OAuth 2.0 client and do not support Dynamic Client Registration. For these, SeekOut provisions a dedicated per-organization client_id and client_secret, along with the authorization URL, token URL, MCP server URL, and mcp:tools scope (the OAuth permission that authorizes the client to invoke MCP tools on behalf of the signed-in user). SeekOut delivers these values through a secure channel and pre-registers the client's redirect URI. The client_secret is used only during server-side token exchange; it never appears in browser redirects. Authorization codes and access tokens are short-lived; refresh tokens follow SeekOut's OAuth token policy. Contact SeekOut Support to provision a confidential OAuth client.
API key access. For automated workflows or environments where OAuth is not practical, we can provision an API key for direct access to the MCP server. Each key is scoped to your organization with specific permissions and rate limits configured at creation. Because API keys are org-level rather than per-user, usage is tracked against the key rather than individual users. Contact your SeekOut representative to provision an API key.
Security & Privacy#
- All traffic is encrypted via HTTPS using TLS 1.2+
- OAuth 2.1 with PKCE ensures secure authentication and access control
- All actions respect your existing SeekOut permissions — you can only access data you're authorized to see
- Search operations retrieve data; workspace and export tools let you save and organize candidates. No existing SeekOut data is modified or deleted
- Requests are rate-limited per user and per organization to prevent abuse
- Sessions can be revoked by your SeekOut administrator at any time
SeekOut Partner API
SeekOut also offers a traditional REST API for direct, programmatic access to talent search.
The /api/Search/SearchPeople endpoint is the underlying call
that powers the MCP server's candidate search, market analysis, and profile retrieval
capabilities. The Swagger docs show the complete request parameters and response
payloads. The API is also useful for building custom integrations, dashboards, and
automated workflows.
View interactive demo → · Swagger docs
Contact your SeekOut representative to get started with the Partner API.
Ready to connect?
SeekOut MCP is fully available within your current Recruit license. Contact your SeekOut representative to get started.