Register your application in the Lever partner program to receive OAuth 2.0 client credentials; partner integrations that connect to multiple Lever accounts must use the OAuth authorization code flow.
Redirect the employer user to Lever's authorization endpoint (https://auth.lever.co/authorize) with your client_id, redirect_uri, state token, audience parameter (https://api.lever.co/v1/), and the scopes your integration requires.
Exchange the returned authorization code for an access token at https://auth.lever.co/oauth/token; tokens are valid for one hour and must be refreshed.
Subscribe to Lever's candidate stage change webhook so your system is notified when an opportunity moves into the configured assessment stage.
On receiving the stage change event, extract the opportunity ID, use the Lever API to retrieve candidate contact details, and dispatch the assessment invitation from your platform.
When the candidate completes the assessment, POST a note to the opportunity via the Lever API containing the summary result, score, and a link to the full report.
Known gotchas
Lever enforces a rate limit of 10 requests per second for GET calls and 2 requests per second for POST calls — bulk assessment dispatches must be queued and throttled accordingly.
The state parameter in the OAuth redirect must be validated on callback to prevent CSRF attacks; omitting this check is a common security gap in partner integrations.
Lever's data model is opportunity-centric rather than candidate-centric — ensure your integration keys data on the opportunity ID, not just the candidate ID, to avoid cross-job confusion.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp