Hires API Overview
This API enables you to be notified when a candidate is hired on Comeet. This allows you to create a new employee record in an HRIS or talent management system for every new hire and automatically start the onboarding process.
Getting started
- Comeet customers – this integration is available to Comeet customers. To get started, follow the instructions in this API documentation to build your custom integration. When the integration is ready, you can enable it on the Integrations settings page.
- Integration partners – to partner with Comeet please contact us at [email protected].
Webhook for Hire Event
The integration uses the form of a webhook. Defining the webhook requires two values:
- Endpoint URL – Each time a hire is made in Comeet, the new employee’s data is sent via a POST request to this specified endpoint URL over HTTPS. If you plan to support multiple companies using Comeet, make sure to provide a URL that includes a unique identifier of the user or company.
- Secret Key – When defined, the key is used to generate a digital signature for verification, see details below.
To configure this integration in Comeet, a user with Admin or Owner role specifies these values in the Integrations page.
Verify the request
All API calls use HTTPS
and should be verified by your server.
- To verify a request you need the
Secret Key
that was specified when setting up the integration in Comeet. - Comeet will add the
signature
header to the HTTP request. - Verify the request by generating a digital signature using the the SHA256 algorithm on the payload of the request with the
Secret Key
that was specified. The result must be identical to thesignature
header. You can use one of the many JWT libraries available online. If the values are not the same then fail the request with an unauthorized response (HTTP 401).
SECRET_KEY = 'XXXX' # the key that was specified on the integration page in Comeet
request_signature_header_value = request.META['HTTP_SIGNATURE'] # the signature sent with the request
request_payload = request.body # the payload sent in the request
# generate the signature value:
import hmac
import hashlib
alg = hashlib.sha256
local_signature_value = hmac.new(SECRET_KEY, msg=request_payload, digestmod=alg).hexdigest()
full_local_vlaue = "sha256 {}".format(local_signature_value)
# now, compare values:
if (full_local_vlaue == request_signature_header_value):
# we are good to go
...
else:
# not the same signature, HTTP 401 response is expected and the process should be stopped
...