How they work
You can subscribe to an event and Workable will notify you when it's triggered. To do this:
- Use the subscriptions endpoint to register your endpoint. You can further filter by job and/or stage.
- When the event is triggered, Workable will POST to the registered endpoint with the associated resource.
For example, a webhook created to get notifications on candidate creation would work as follows:
List of available events:
| Events | Registration label | Resource |
|---|---|---|
| Candidate Created | candidate_created | Candidate |
| Candidate Moved | candidate_moved | Candidate |
Workable will POST a Candidate object when the event is triggered, with a payload similar to candidate details endpoint. The payload will reflect the state at the time of the request and not the state of the resource from when the event fired. In most cases this state will be the same, but there are some race conditions that might cause a slightly different payload.
Response status should be
200so that Workable won't consider it an error and replays the request.
Encryption
The requests from Workable to your system will be signed. The key for the signature will be either the account token or the oauth application secret, depending on the type of the integration. The algorithm used for creating the signature is HMAC SHA256 on the payload of the request and the signature itself is sent on the
X-Workable-Signatureheader.