To get more details about authentification please visit these pages. Here follows a short summary.
There are two views when authentication against our API. One is the view from the company and the other is the view from the applicant. The first one concerns all steps up to the creation of the Application, so delivering the list of jobs or viewing a jobs details. Also the creation of an applicant account is done out of this view. Everything else like crating the application, adding information and finalizing the application happen trough the view of the applicant.
The company view is served by two versions here. Some older API clients are still so called Confidential Clients that have to use a client secret besides the client ID. Newer API clients are so called Public Clients that do not need a client secret anymore. So when you are using a Confidential Client you have to generate a Client Access Token to authenticate. Else you use the Basic Authorization method.
The applicant view requires a User Access Token, to link the requests to the API to an applicant account.