Data model

Sources

An application source (LinkedIn, Indeed, referral, careers page, active sourcing, other). Referenced from candidate + application for funnel analytics.

Model name: source
Endpoints: 5
Max page size: 100

Fields

Per-field validation rules. Values that violate any constraint are rejected with 400 before they reach the database.

FieldTypeConstraints
urlurl
max length2048
kindenum
enumlinkedin | indeed | stepstone | xing | honeypot | kununu | careers_page | referral | active_sourcing | agency | event | other
namestring
max length200
notesstring
max length2000
activebool-

Mutability

Which fields can you send, and when? Anything without a marker is server-managed - sending it isn't an error, it's silently ignored.

Create-only - read from POST body.Patchable - read from PATCH body.Server-managed - ignored on the body.
FieldCreatePatch
url
kind
name
notes
active

Fields marked create-only but not patchable are immutable after creation. Server-managed fields include id, timestamps, ownership, and status.

Filtering & sorting

Combinable on list endpoints. Repeating a filter key produces an IN clause; prefixing a sort key with - reverses direction. Example: ?status=open&status=blocked&sort=-created_at.

Filter keys

namedata__name
kinddata__kind
activedata__active
statusstatus
is_archivedis_archived
owned_byowned_by
created_bycreated_by

Sort keys

created_atcreated_at
namedata__name

Default: name

Endpoints

Each endpoint below lists its HTTP method, path, and the PAT scope it needs. Code samples cover curl, JavaScript, TypeScript, Python, Rust, Java, and WebSocket.

GET/xapi2/data/sourcesource:list

List objects

Returns a paginated list of objects you can read. Default page size is 20; pass ?limit= to change (capped per type). Use ?after=<id> for keyset pagination on created_at-sorted lists, or ?offset= for offset paging.

curl -H "Authorization: Bearer pat_…" \
     "https://www.ki-bewerber-management.de/xapi2/data/source?limit=20"
GET/xapi2/data/source/{id}source:read

Read one

Returns the object by id. 404 if it does not exist or you cannot read it (the two cases are intentionally conflated).

curl -H "Authorization: Bearer pat_…" \
     https://www.ki-bewerber-management.de/xapi2/data/source/OBJECT_ID
POST/xapi2/data/sourcesource:create

Create

Creates a new object. Body is a flat JSON dict of field values. Server-side fields (id, timestamps, ownership) are filled automatically; only fields listed below as creatable are read from the body.

curl -H "Authorization: Bearer pat_…" \
     -H "Content-Type: application/json" \
     -X POST https://www.ki-bewerber-management.de/xapi2/data/source \
     -d '{"name": "…"}'
PATCH/xapi2/data/source/{id}source:update

Update

Partial update. Only fields included in the body are touched; everything else is preserved. Same allow-list as create, minus the fields that are immutable post-create.

curl -H "Authorization: Bearer pat_…" \
     -H "Content-Type: application/json" \
     -X PATCH https://www.ki-bewerber-management.de/xapi2/data/source/OBJECT_ID \
     -d '{"name": "…"}'
DELETE/xapi2/data/source/{id}source:delete

Delete

Removes the object. It vanishes from every default list immediately and stops being returned by read / list.

curl -H "Authorization: Bearer pat_…" \
     -X DELETE https://www.ki-bewerber-management.de/xapi2/data/source/OBJECT_ID

Use in CLI

The same endpoints are also exposed via the KI BMS CLI. For scripts, CI, and bulk imports it's usually the faster path.

atscli source list --limit 5
atscli source get <id>
atscli source create --name "Hello"
atscli source upsert --unique name --csv items.csv
atscli source schema   # fields & limits

Full command reference, profiles, CSV import, auto-retry, NDJSON streaming → /docs/cli