Skip to main content

Authentication

All Fribl API requests require authentication via an API key, with the exception of the Skills Search endpoints which are publicly accessible.

API key

Include your API key in the x-api-key header with every request: 
curl -X POST https://api-service.fribl.co/api/v1/cvs/analyze \
  -H "x-api-key: your-api-key-here" \
  -H "Content-Type: application/json" \
  -d '{"inputs": ["CV text content here"]}'
Your API key is a UUID (e.g., a1b2c3d4-e5f6-7890-abcd-ef1234567890). Contact Fribl to obtain your key.

Accept-Language header

Optionally, include the Accept-Language header on retrieval endpoints to receive skill names and analysis output in your preferred language: 
curl -X GET https://api-service.fribl.co/api/v1/cvs/{id} \
  -H "x-api-key: your-api-key-here" \
  -H "Accept-Language: fr"
Defaults to en (English) on the public API when not specified. See Supported Languages for all available language codes. For update requests, declare the language of the submitted payload in the JSON body using content_language. Do not use Accept-Language to describe the language you are sending.

Error responses

Requests with a missing or invalid API key receive a 401 Unauthorized response: 
{
  "error": "Invalid API Key."
}

Security best practices

Never expose your API key in client-side code, public repositories, or browser requests. Always call the Fribl API from your backend server.
  • Store API keys in environment variables or a secrets manager
  • Rotate keys periodically
  • Use separate keys for development and production environments