Skip to main content

Authorization

Follow this guide to create a new Ashby credential that will allow Nexla to authenticate to and exchange data with your Ashby account.
ashby_api_auth.png

Ashby

Prerequisites

The Ashby REST API uses HTTP Basic Authentication. An Ashby admin generates an API key in the Ashby admin panel and provides that key to Nexla. The key is passed as the Basic Auth username with the password left blank, per Ashby's authentication specification.

Generate an Ashby API Key

API keys can only be created by Ashby admins, and they are tied to a specific set of permissions (read/write per resource module). Plan the integration's required permissions before creating the key.

  1. Sign in to Ashby as an admin at app.ashbyhq.com, and navigate to Admin > Integrations > API Keys (direct URL: app.ashbyhq.com/admin/api/keys).

  2. Click + New to open the API key setup wizard.

  3. Enter a descriptive name for the key in the Name field — for example, Nexla Integration. Names help identify the key in audit logs if multiple keys are issued.

  4. Optionally, select an Integration Partner if Ashby offers a preset profile for the integration target. This is not required for Nexla — leaving the field blank is fine.

  5. Configure endpoint permissions. By default, the new key has no permissions. Use the checkboxes to grant Read or Write access per resource module (Candidates, Applications, Jobs, Openings, Offers, Interview Schedules, Custom Fields, and so on). Grant the minimum permissions required for the planned data flows:

    • Read scopes are sufficient for source-only flows that ingest data from Ashby into Nexla.

    • Write scopes are required to use the destination endpoints listed on the data destination page (Create/Update Candidate, Create/Update Job, Create Application, Start Offer Process, etc.).

  6. Decide whether the key should be able to access confidential jobs. Confidential jobs are normally hidden from non-authorized users in Ashby — enable this option only if the integration must include confidential jobs in its data set.

  7. Click Save and Continue.

  8. On the final step, copy the API key value and store it in a secure secret manager. Treat this value like a password — it grants the configured access to your Ashby account data.

    Ashby displays the API key value only once at the moment of creation. If the key is lost, it must be revoked and a new key issued. Rotate keys promptly if exposure is suspected.

For complete details, see the Ashby authentication documentation and the Ashby Knowledge Base article on generating API keys.

Important

The Ashby API key grants the configured access to your Ashby account data. Store it in a secure secret manager, never commit it to source control, and rotate it immediately if you suspect it has been exposed.

Create an Ashby Credential

  • To create a new Ashby credential, after selecting the data source/destination type, click the Add Credential tile to open the Add New Credential overlay.

Credential Name & Description

  1. Enter a name for the credential in the Credential Name field and a short, meaningful description in the Credential Description field.

    Resource descriptions are recommended but are not required. They should be used to provide information about the resource purpose, data freshness, etc. that can help the owner and other users efficiently understand and utilize the resource.

API Key

  1. Enter your Ashby API key in the API Key field. Nexla passes this value as the HTTP Basic Auth username on every request and sends an empty password, exactly as Ashby's authentication spec requires — no additional configuration is needed to follow the Ashby Basic Auth convention.

    The API key controls what data Nexla can read or write in Ashby. If the key was issued with read-only scopes, write-oriented destination endpoints (such as Create Candidate or Update Job) will return permission errors at runtime. Re-issue the key with the additional scopes if write operations are needed.

Save the Credential

  1. Once all of the relevant steps in the above sections have been completed, click the Save button at the bottom of the overlay to save the configured credential.

  2. The newly added credential will now appear in a tile on the Authenticate screen during data source/destination creation and can be selected for use with a new data source or destination.