API Reference
Complete API reference for integrating Tabbio OAuth. All endpoints, authentication methods, and response formats.
Base URL
https://api.tabbio.comAll API requests should be made to this base URL.
Authentication
To access user profile data, you'll need an access token obtained through the OAuth flow:
Get your credentials
Sign up for a partner account to get your client_id and client_secret
Initiate OAuth flow
Redirect users to /oauth/authorize with your client_id
Exchange code for token
Exchange the authorization code for an access token using /api/oauth/token
Access user data
Use the access token to fetch user profile data from /api/oauth/profile
Note: Access tokens expire after 1 hour. You'll need to implement token refresh or re-authenticate users.
Endpoints
OAuth API Endpoints
/api/oauth/tokenExchange Code for Token
Exchange the authorization code for an access token
Request Body
{
"client_id": "tabbio_abc123...",
"client_secret": "tabbio_secret_xyz...",
"code": "AUTH_CODE_FROM_CALLBACK",
"grant_type": "authorization_code"
}Response
{
"success": true,
"data": {
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"token_type": "Bearer",
"expires_in": 3600,
"scope": "profile:read"
}
}/api/oauth/profileGet User Profile Data
Retrieve the authorized user's profile information using the access token
Headers
Authorization: Bearer YOUR_ACCESS_TOKEN
Example
curl -X GET https://api.tabbio.com/api/oauth/profile \ -H "Authorization: Bearer eyJhbGci..."
Response
{
"success": true,
"data": {
"name": "John Doe",
"email": "john@example.com",
"phoneNumber": "+1234567890",
"location": "New York, USA",
"headline": "Senior Software Engineer",
"cvUrl": "https://cdn.tabbio.com/cvs/john-doe-cv.pdf",
"profilePicture": "https://cdn.tabbio.com/avatars/john.jpg",
"skills": ["JavaScript", "React", "Node.js", "Python"],
"experience": [
{
"title": "Senior Software Engineer",
"company": "Tech Corp",
"location": "San Francisco, CA",
"startDate": "2020-01",
"endDate": null,
"current": true,
"description": "Leading backend development..."
}
],
"education": [
{
"degree": "Bachelor of Science in Computer Science",
"institution": "MIT",
"graduationYear": 2018,
"field": "Computer Science"
}
],
"certifications": [
{
"name": "AWS Solutions Architect",
"issuer": "Amazon Web Services",
"year": 2021
}
],
"languages": ["English", "Spanish"],
"socialLinks": {
"linkedin": "https://linkedin.com/in/johndoe",
"github": "https://github.com/johndoe",
"portfolio": "https://johndoe.com"
}
}
}Fields returned depend on what the user has filled in their SmartCV profile.
/api/oauth/revokeRevoke Access Token
Revoke an access token (optional - for user privacy features)
Headers
Authorization: Bearer YOUR_ACCESS_TOKEN
Example
curl -X POST https://api.tabbio.com/api/oauth/revoke \ -H "Authorization: Bearer eyJhbGci..."
Response
{
"success": true,
"message": "Access revoked successfully"
}Error Handling
Error Codes
| Error Code | HTTP Status | Description |
|---|---|---|
INVALID_REQUEST | 400 | Missing or invalid request parameters (e.g., missing client_id, redirect_uri) |
INVALID_CLIENT | 401 | Invalid client_id or client_secret |
INVALID_REDIRECT_URI | 400 | Redirect URI doesn't match any registered URIs for this client |
INVALID_CODE | 400 | Authorization code is invalid, expired, or already used |
UNAUTHORIZED | 401 | No access token provided or token is invalid |
TOKEN_EXPIRED | 401 | Access token has expired (tokens expire after 1 hour) |
ACCESS_DENIED | 403 | User denied the authorization request |
RATE_LIMIT_EXCEEDED | 429 | API rate limit exceeded (100 requests per hour per partner) |
Rate Limiting
Request Limits
Default Limit: 100 requests per hour
Rate limits are applied per partner account
Rate limit headers included in responses
X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset
429 status code when limit exceeded
Implement exponential backoff in your application