We allow you to generate a secret key for the subscription. You can use it to verify the author of callback messages. When you
have a secret key already defined - a creation of new one will make old one deprecated - it will be still active for 24 hours
though. You can have up to 16 non-expired secret keys.
A signature will be included in header smartrecruiters-signature of callback request. Additionally we will send smartrecruiters-timestamp header with timestamp (seconds) of request.
smartrecruiters-signature header value has the following format:
As you may notice there may be multiple signatures included in the header. It can be caused by one or both:
having multiple active keys
smartrecruiters providing multiple signatures per key with different signature schemes. We may use it in the
future to deliver new algorithm of signature creation without breaking backward compability.
Every segment of header value is delimited by ; character
Currently, we support and sent following signature ($SIGNATURE_SCHEMA):
Signature calculated using HMAC with SHA256 algorithm. Hash should be calculated from following elements
concatenated by the . character:
smartrecruiters-timestamp header value
event-id header value
event-name header value
event-version header value
link header value
Order of this elements is important. In absence of header please use an empty string as its value.