Application data delivery

You can choose to receive Indeed Apply applications from job seekers through email or postUrl.


If you choose to receive applications via email, you must set the email configuration attribute in your button’s configuration. NOTE: This is NOT permitted for ATS integrations, this is only permitted for direct client integrations. When a user completes the application, Indeed sends an email containing user’s full name, email address, and cover letter as well as their resume as an attachment. If the user applies with an Indeed Resume, the version of the resume is directly included in the email and a pdf version is attached. The email address must be encrypted; see Encryption and decryption for more information.


If you process applications programmatically, specify a URL where Indeed Apply will send a POST request. The data-indeed-apply-postUrl data attribute must be a string containing the URL where Indeed will POST the application data.

Because Indeed sends the application data as the raw body of the HTTP POST request, the request cannot be processed like a typical form. The body of the request contains a JSON document that must be read and parsed. Not all JSON fields are provided, so you should use a robust JSON parser that treats missing fields as empty and ignores unrecognized fields.

Note: There is no maximum size for JSON data payload.

The post body is encoded as UTF-8 and contains an authenticity header that is used to verify that Indeed is sending you the application.

A file portion of the Applicant field contains 3 fields: contentType, data, and fileName.

  • ContentType is determined based on the fileName.
  • The data field contains the raw resume file, which is Base64 encoded.
  • The following filetypes must be supported by the third party: txt, pdf, doc, docx, rtf.

Note: Do not redirect the POST to another URL (e.g. via a 301/302 redirect). Indeed Apply does not handle redirects.

JSON application data

IA JSON fields

POST authenticity

The post request sent to your postUrl contains an HTTP header that can be used to verify the authenticity of the post. Using the shared API secret, Indeed Apply computes a message signature using the HMAC-SHA1 algorithm. This signature is sent as an X-Indeed-Signature HTTP header. The code examples below demonstrate how the message signature is generated.

Next steps