Skip to Content
Reference Reuse Permissions

Reference Reuse Permissions

Veref does not seed a default candidate dataset. Reuse starts from reference details and evidence already collected in another Veref workflow, then asks the candidate for permission before a recruiter can use that material again.

Product model

  1. A prior workflow collects reference contacts, referee responses, work-history confirmations, and Passport evidence for a candidate.
  2. A recruiter wants to use those existing reference details instead of asking the candidate to re-enter them.
  3. Veref sends the candidate a permission link.
  4. When the candidate grants permission, Veref records a ConsentGrant, creates an AccessGrant, and writes an audit event.
  5. Recruiter surfaces can then show the candidate-approved Passport/reference material with provenance and trust-grade labels.

This is a consent workflow, not a bulk import. Demo or default records must stay out of the trusted candidate pool.

API

Enable the tenant gate:

PATCH /v1/tenants/:tenantId/flags/referenceReusePermissions
{ "value": true }

Ask a candidate for permission:

POST /v1/tenants/:tenantId/passport-reference-permissions
{
  "candidateId": "candidate_123",
  "targetReferenceRequestId": "request_456",
  "scopes": ["reference_collection", "passport_share"],
  "note": "Use your already-collected references for this new role."
}

The response includes the consentGrantId, a candidate permission URL, and the queued delivery job id. The public permission URL resolves to the candidate approval flow and grants access only after the candidate confirms.

  • Pending permission is stored as ConsentGrant.status = pending.
  • Approval updates the consent grant to granted.
  • Approval creates an active AccessGrant scoped to the requester and candidate Passport.
  • passport.reference_reuse_permission.requested records the recruiter request.
  • passport.reference_reuse_permission.granted records candidate approval.
  • Consent metadata includes the source Passport profile, evidence artifact ids, reference response ids, requested scopes, and target reference request when present.
User FlowsIntegrations