When someone applies to a job in SmartRecruiters, the posting may ask them to accept one or more privacy or GDPR-related checkboxes (for example the main application privacy notice, joining a talent community, or SMS/WhatsApp messages). Your product should collect the same choices and send them back when you create the candidate through Kombo so SmartRecruiters can record consent correctly.
How Kombo shows consent on the job
SmartRecruiters customers can be configured for either single consent (one SINGLE scope covering the privacy notice) or separated consent (one scope per purpose, e.g. SMART_RECRUIT, SMART_CRM, SMART_MESSAGE_SMS, SMART_MESSAGE_WHATSAPP).
Kombo surfaces the separated-consent scopes as regular screening questions on the job. They appear as boolean (yes/no) questions with the same wording SmartRecruiters uses on the posting, and each one is marked required or optional according to your customer’s SmartRecruiters configuration. The SINGLE scope is not surfaced as a screening question — see below for how to submit it.
What to send when creating a candidate
For separated-consent scopes, pass the applicant’s choices in the standard screening_question_answers field on the create-candidate request, just like any other screening question. Kombo maps those answers to SmartRecruiters’ consentDecisions for you.
For single-consent postings, pass gdpr_consent.given on the create-candidate request. Kombo forwards it to SmartRecruiters as the SINGLE consent decision.
Required consent must have an answer, or SmartRecruiters may reject the application. Optional lines can be answered or skipped according to how you build your UI.
Advanced: override via remote fields (optional)
If you have a special integration flow where you cannot use screening question answers, you can still send consent decisions directly under remote_fields.smartrecruiters.consent_decisions. This bypasses the screening-question mapping. Prefer the screening questions approach above when you can—it stays aligned with what candidates see on the posting.
Single consent (one scope, often SINGLE)
{
"remote_fields": {
"smartrecruiters": {
"consent_decisions": {
"SINGLE": true
}
}
}
}Multiple consent scopes (split consent)
{
"remote_fields": {
"smartrecruiters": {
"consent_decisions": {
"SMART_RECRUIT": true,
"SMART_CRM": false,
"SMART_MESSAGE_SMS": false,
"SMART_MESSAGE_WHATSAPP": false
}
}
}
}Only include keys that apply to the posting; SmartRecruiters validates them against the posting configuration.
About the unified gdpr_consent field
For SmartRecruiters, gdpr_consent.given drives the SINGLE consent decision on postings using the single-consent model. Separated-consent scopes are not derived from this flag — use the screening-question answers (or the remote-field override above) for those.
Priority when resolving consentDecisions: remote_fields.smartrecruiters.consent_decisions > screening-question answers > gdpr_consent.given.