How they work

You can subscribe to an event and Workable will notify you when it's triggered. To do this:

  1. Use the subscriptions endpoint to register your endpoint. You can further filter by job and/or stage.
  2. When the event is triggered, Workable will POST to the registered endpoint with the associated resource.

For example, a webhook created to get notifications on candidate creation would work as follows:

855855

List of available events:

EventsRegistration labelResource
Candidate Createdcandidate_createdCandidate
Candidate Movedcandidate_movedCandidate

Workable will POST a Candidate object when the event is triggered, with a payload similar to candidate details endpoint. The payload will reflect the state at the time of the request and not the state of the resource from when the event fired. In most cases this state will be the same, but there are some race conditions that might cause a slightly different payload.

Response status should be 200 so that Workable won't consider it an error and replays the request.

Encryption

The requests from Workable to your system will be signed. The key for the signature will be either the account token or the oauth application secret, depending on the type of the integration. The algorithm used for creating the signature is HMAC SHA256 on the payload of the request and the signature itself is sent on the X-Workable-Signature header.