> ## Documentation Index
> Fetch the complete documentation index at: https://docs.outhire.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# List candidate notes

> Lists candidate notes for a company-scoped candidate.

Notes are backed by `candidate_activities` rows with `type = note_added`.




## OpenAPI

````yaml api-reference/openapi.yaml get /api/v1/candidates/{id}/notes
openapi: 3.1.0
info:
  title: Outhire Public API
  version: 0.1.0
  description: >
    OpenAPI description of the currently implemented public API under `/api/v1`.


    Authentication uses bearer API keys generated from the Outhire app settings
    UI.

    All resource access is scoped to the company that owns the API key.


    Notes about current implementation:

    - Cursor pagination is offset-based and the cursor is an opaque
    base64url-encoded object.

    - Duplicate candidate detection is implemented at the application layer and
    is not concurrency-safe yet.
servers:
  - url: https://app.outhire.ai
    description: Production
security:
  - bearerAuth: []
tags:
  - name: Jobs
  - name: Candidates
paths:
  /api/v1/candidates/{id}/notes:
    get:
      tags:
        - Candidates
      summary: List candidate notes
      description: >
        Lists candidate notes for a company-scoped candidate.


        Notes are backed by `candidate_activities` rows with `type =
        note_added`.
      parameters:
        - name: id
          in: path
          required: true
          description: Numeric candidate id.
          schema:
            type: integer
        - $ref: '#/components/parameters/Limit'
        - $ref: '#/components/parameters/Cursor'
      responses:
        '200':
          description: Candidate notes list
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CandidateNotesListResponse'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '404':
          $ref: '#/components/responses/NotFound'
        '500':
          $ref: '#/components/responses/InternalError'
components:
  parameters:
    Limit:
      name: limit
      in: query
      required: false
      description: Page size. Defaults to `25`. Maximum `100`.
      schema:
        type: integer
        minimum: 1
        maximum: 100
        default: 25
    Cursor:
      name: cursor
      in: query
      required: false
      description: Opaque cursor returned by the previous page.
      schema:
        type: string
  schemas:
    CandidateNotesListResponse:
      description: Candidate notes list response with pagination metadata.
      type: object
      required:
        - data
        - pagination
      properties:
        data:
          type: array
          items:
            $ref: '#/components/schemas/CandidateNote'
        pagination:
          $ref: '#/components/schemas/Pagination'
    CandidateNote:
      description: Candidate note backed by a `candidate_activities` row.
      type: object
      required:
        - id
        - candidate_id
        - type
        - note
        - note_preview
        - performer_id
        - added_by
        - created_at
      properties:
        id:
          type: integer
          description: Internal activity id for the note record.
          example: 162
        candidate_id:
          type: integer
          description: Candidate id that owns the note.
          example: 419
        type:
          type: string
          description: Activity type for note rows.
          enum:
            - note_added
        note:
          type:
            - string
            - 'null'
          description: Full note body as stored in activity metadata.
          example: Referred by internal team.
        note_preview:
          type:
            - string
            - 'null'
          description: Stored or derived short preview of the note.
          example: Referred by internal team.
        performer_id:
          type:
            - string
            - 'null'
          description: Profile id if the note was added by an authenticated user in-app.
          example: 11111111-1111-1111-1111-111111111111
        added_by:
          type:
            - string
            - 'null'
          description: |
            Best-effort source marker. API-created notes return `api`. Existing
            in-app notes may surface `user` or another stored source value.
          example: api
        created_at:
          type: string
          format: date-time
          description: Note creation timestamp.
          example: '2026-03-11T10:21:54.553198Z'
      example:
        id: 162
        candidate_id: 419
        type: note_added
        note: Referred by internal team.
        note_preview: Referred by internal team.
        performer_id: null
        added_by: api
        created_at: '2026-03-11T10:21:54.553198Z'
    Pagination:
      description: Cursor pagination metadata returned by list endpoints.
      type: object
      required:
        - has_more
        - next_cursor
      properties:
        has_more:
          type: boolean
          description: Whether another page of results is available.
          example: true
        next_cursor:
          type:
            - string
            - 'null'
          description: >
            Opaque cursor to pass back on the next request. Null when there is
            no

            next page.
          example: eyJvZmZzZXQiOjI1fQ
    ErrorResponse:
      description: Top-level API error response.
      type: object
      required:
        - error
      properties:
        error:
          $ref: '#/components/schemas/ErrorBody'
      example:
        error:
          code: validation_error
          message: Request validation failed.
          details:
            - field: email
              message: Invalid email
    ErrorBody:
      description: Standard error envelope payload.
      type: object
      required:
        - code
        - message
      properties:
        code:
          type: string
          description: Stable machine-readable error code.
          enum:
            - validation_error
            - bad_request
            - unauthorized
            - not_found
            - conflict
            - unprocessable_entity
            - internal_error
        message:
          type: string
          description: Human-readable description of the error.
          example: Request validation failed.
        details:
          type: array
          description: Optional field-level validation details.
          items:
            $ref: '#/components/schemas/ErrorDetail'
    ErrorDetail:
      description: Validation detail for a specific request field.
      type: object
      required:
        - field
        - message
      properties:
        field:
          type: string
          description: Request field path that failed validation.
          example: email
        message:
          type: string
          description: Human-readable validation message.
          example: Invalid email
  responses:
    BadRequest:
      description: Bad request
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
    Unauthorized:
      description: Unauthorized
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
          example:
            error:
              code: unauthorized
              message: Missing or invalid API key.
    NotFound:
      description: Resource not found
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
    InternalError:
      description: Internal server error
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: API key

````