The Yeti Jobs REST API exposes every feature of the platform — job listings, applications, company management, notifications, and administration — through a consistent, versioned HTTP interface. All routes live under theDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/tech-dipesh/yeti-Jobs/llms.txt
Use this file to discover all available pages before exploring further.
/api/v1 prefix. Authentication is handled transparently via an HTTP-only JWT cookie, so once a user logs in, every subsequent request in the same browser session is automatically credentialed.
Base URLs
| Environment | Base URL |
|---|---|
| Production | https://yeti-jobs.onrender.com/api/v1 |
| Local development | http://localhost:{PORT}/api/v1 |
{PORT} with the value of the PORT environment variable configured in your .env file.
The production backend is hosted on Render’s free tier. After 15 minutes of inactivity the server goes to sleep and the first request may take 10–30 seconds while the instance cold-starts. Subsequent requests within the same session respond at normal latency. A keep-alive cron job pings the server every 15 minutes to minimise cold starts during active periods.
Interactive Documentation
A fully interactive Swagger UI is available alongside the API itself. You can inspect every route, view request schemas, and execute calls directly from the browser — no local setup required.swagger.yaml and served by swagger-ui-express at the /api/v1/swagger mount point (see app.js).
Authentication
Authentication uses JSON Web Tokens (JWT) stored in an HTTP-only cookie namedtoken. The cookie is set automatically on a successful /api/v1/users/login response and cleared on logout.
- Browser clients — the cookie is sent automatically with every same-origin request (CORS credentials are enabled).
- API / curl clients — pass the cookie explicitly with
--cookie 'token=YOUR_JWT'or-b 'token=YOUR_JWT'. - Routes that require authentication return
401 Unauthorizedwhen no valid cookie is present. - Routes that require a specific role (
admin,recruiter,guest) return403 Forbiddenwhen the authenticated user’s role does not match.
Content Types
| Scenario | Content-Type header |
|---|---|
| All JSON request bodies | application/json |
| File uploads (resume, profile picture, company logo) | multipart/form-data |
message field describing the problem.
Health Check
A lightweight endpoint confirms the server is running and accepting connections.200 OK
Error Responses
Every error response body contains amessage field. The table below lists all status codes the API can return.
| Status Code | Meaning |
|---|---|
400 | Bad request — missing or invalid fields, validation failed |
401 | Not authenticated — missing or expired JWT cookie |
403 | Forbidden — authenticated but insufficient role / not resource owner |
404 | Not found — the requested route or resource does not exist |
429 | Rate limited — too many requests within the time window |
500 | Internal server error — an unexpected server-side failure |
Rate Limits
The API enforces two tiers of rate limiting viaexpress-rate-limit:
| Scope | Limit |
|---|---|
| Global (all routes) | 200 requests / minute |
Sensitive routes (/verify, /verify/resend, /forget-password, /forget-password/verify) | 2 requests / minute |
429 Too Many Requests with the appropriate message.
Resource Groups
The API is organized into six resource groups. Each group maps to a dedicated router mounted inapp.js.
Users
Signup, login, logout, profile management, skills, education, resume and profile-picture uploads, and company follows.
Jobs
Browse, search, create, update and delete job listings. Bookmark and un-bookmark jobs. Paginated listing with sort support.
Applications
Apply to jobs with a cover letter and salary expectation, withdraw applications, view all applications, and update applicant status (recruiter).
Companies
Create and update companies, view employees, followers, posted jobs, and the company dashboard. Follow / unfollow a company.
Admin
Admin dashboard, assign users to companies, search users, delete companies, and verify admin identity. Requires
admin role.Notifications
Retrieve user-specific notifications covering job alerts, application status changes, company follows, resume analysis results, and more.
Route Authentication Summary
| Route prefix | Auth required | Role restriction |
|---|---|---|
GET /api/v1/health | No | — |
/api/v1/users/login | No | — |
/api/v1/users/signup | No | — |
/api/v1/users/forget-password* | No | — |
/api/v1/jobs (public listing & search) | No | — |
/api/v1/companies/** | Yes | — |
/api/v1/applications/** | Yes | — |
/api/v1/admin/** | Yes | admin only |
/api/v1/notifications/** | Yes | — |