HiringCenter Pro
HiringCenter Pro API

Webhooks

Endpoint:https://api.hiringcenterpro.com/v2

Subscribe to event notifications and poll for sample data.

Webhook verification HiringCenter Pro signs outbound webhook requests using a per-endpoint secret and includes a signature header X-HiringCenter-Pro-Signature.

Header format: t=<unix_timestamp>,v1=<hex_hmac>

To verify the signature:

  1. Read the exact raw request body string (not the parsed JSON).
  2. Build the signed payload as ${t}.${rawBody} where t is the timestamp from the header.
  3. Compute expected = HMAC_SHA256(endpointSecret, signedPayload) and hex-encode it.
  4. Compare expected to the v1 value from the header using a constant-time comparison.
  5. Enforce a timestamp tolerance window (for example, 300 seconds) to mitigate replay attacks.

Node.js example:

JavascriptCode
 
const crypto = require('crypto');
function verifyHiringCenterSignature({ rawBody, signatureHeader, endpointSecret, toleranceSeconds = 300 }) {
  if (!signatureHeader) return false;
  const m = signatureHeader.match(/t=(\d+),v1=([0-9a-fA-F]+)/);
  if (!m) return false;
  const ts = parseInt(m[1], 10);
  const v1 = m[2];
  const now = Math.floor(Date.now() / 1000);
  if (Math.abs(now - ts) > toleranceSeconds) return false;
  const expected = crypto.createHmac('sha256', endpointSecret)
    .update(`${ts}.${rawBody}`)
    .digest('hex');
  try {
    return crypto.timingSafeEqual(Buffer.from(expected, 'hex'), Buffer.from(v1, 'hex'));
  } catch {
    return false;
  }
}

Subscribe to Webhook Events

POST
https://api.hiringcenterpro.com/v2
/webhooks/subscribe

Subscribe to Webhook EventsHeaders

  • Authorizationstring · required

    Bearer API key in the format 'Bearer <YOUR_API_KEY>'

Subscribe to Webhook Events Request Body

  • hookUrlstring · uri · required
  • accountIdstring
  • eventTypestring

    One of prospect.created or prospect.updated

Subscribe to Webhook Events Responses

Existing Reactivated

  • subscriptionIdstring · required
  • hookIdstring · required
  • hookUrlstring · uri · required
  • eventTypestring · required

    One of prospect.created or prospect.updated

  • endpointSecretstring
  • subscribedboolean
  • createdAtinteger · int64
  • updatedAtinteger · int64

Unsubscribe (POST compatibility)

POST
https://api.hiringcenterpro.com/v2
/webhooks/unsubscribe

Unsubscribe (POST compatibility)Headers

  • Authorizationstring · required

    Bearer API key in the format 'Bearer <YOUR_API_KEY>'

Unsubscribe (POST compatibility) Request Body

  • accountIdstring
  • subscriptionIdstring
  • hookUrlstring · uri
  • hookIdstring

Unsubscribe (POST compatibility) Responses

OK

No data returned

Unsubscribe from Webhook Events

DELETE
https://api.hiringcenterpro.com/v2
/webhooks/unsubscribe

Unsubscribe from Webhook EventsHeaders

  • Authorizationstring · required

    Bearer API key in the format 'Bearer <YOUR_API_KEY>'

Unsubscribe from Webhook Events Request Body

  • accountIdstring
  • subscriptionIdstring
  • hookUrlstring · uri
  • hookIdstring

Unsubscribe from Webhook Events Responses

OK

  • successboolean
  • messagestring

Poll for recent sample data

GET
https://api.hiringcenterpro.com/v2
/webhooks/poll

Poll for recent sample dataquery Parameters

  • accountIdstring
  • eventTypestring
    Default: prospect.created

Poll for recent sample dataHeaders

  • Authorizationstring · required

    Bearer API key in the format 'Bearer <YOUR_API_KEY>'

Poll for recent sample data Responses

OK

TasksOther endpoints