As of early June, I can no longer make cross domain origin requests (ajax calls) to your Rest API. Specifically, the calls for auth code and refresh token:
https://auth.bullhornstaffing.com/oauth ... code&code=[code]&client_id=[id]&client_secret=[secret]
https://auth.bullhornstaffing.com/oauth ... esh_token=[rtoken]&client_id=[id]&client_secret=[secret]
The error returned is: Access-Control-Allow-Origin' header is present on the requested resource, with a status of 400. I can view the response in developer tools, but it doesn't actually come back in the response. Which is more proof to the cross-domain issue. I cannot simply use a jsonp request either. This worked perfectly fine a couple of months ago. Can you re-enable your CORS requests?
We use the Rest API to list all available job opportunities, and allow users to submit directly from our site. So this is a huge problem for us.