Skip to main content
Webhooks & automation

InTransparency events in any tool

Five HMAC-SHA256-signed events, delivered to your HTTPS endpoint. Works today with Zapier, Make, n8n or any custom receiver.

Available events

match.created

A talent search produced a match for one of your watchlists/searches.

credential.issued

A W3C Verifiable Credential was issued (project, stage, endorsement).

credential.revoked

A previously issued credential was revoked.

stage.completed

An internship (stage) was completed and evaluated.

exchange.completed

An international exchange enrollment was marked completed.

1. Create the subscription

You need an API key (free, from your workspace). The subscription accepts any HTTPS URL — including a Zapier Catch Hook or a Make Custom Webhook.

curl -X POST https://www.in-transparency.com/api/agents/webhooks \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://hooks.zapier.com/hooks/catch/123456/abcdef/",
    "events": ["match.created", "credential.issued"]
  }'

# Response — store the secret, it is shown exactly once:
# {
#   "id": "whsub_...",
#   "url": "https://hooks.zapier.com/hooks/catch/123456/abcdef/",
#   "events": ["match.created", "credential.issued"],
#   "secret": "3f8a…64-hex-chars…c1",
#   "active": true
# }

2. Receive deliveries

Each event is a JSON POST. Failed deliveries are retried; X-InTransparency-Delivery is your idempotency key.

POST <your-url>
User-Agent: InTransparency-Webhook/1.0
X-InTransparency-Signature: sha256=<hex hmac of the raw body>
X-InTransparency-Delivery: <delivery id, idempotency key>

{
  "event": "match.created",
  "eventId": "cme41…",
  "occurredAt": "2026-06-10T09:30:00.000Z",
  "data": {
    "matchId": "cme41…",
    "candidateId": "ckx91…",
    "candidateName": "Marco B.",
    "matchScore": 87,
    "decisionLabel": "STRONG_MATCH",
    "jobId": null,
    "url": "https://www.in-transparency.com/en/matches/cme41…/why"
  }
}

3. Verify the signature

Every delivery is signed with the subscription secret. Verify before trusting the payload (on Zapier/Make you may skip verification as long as the hook URL stays secret).

// Node.js — verify the HMAC before trusting the payload
import crypto from 'crypto'

function isValid(rawBody, signatureHeader, secret) {
  const expected = 'sha256=' +
    crypto.createHmac('sha256', secret).update(rawBody).digest('hex')
  return crypto.timingSafeEqual(
    Buffer.from(signatureHeader),
    Buffer.from(expected),
  )
}

No-code tool recipes

Zapier

Webhooks by Zapier
  1. New Zap → "Webhooks by Zapier" trigger → Catch Hook
  2. Copy the hook URL
  3. Register it as a subscription (step 1 above)
  4. Wire actions: Slack, Sheets, CRM…

Make

Custom webhook
  1. New scenario → "Webhooks" module → Custom webhook
  2. Copy the generated URL
  3. Register it as a subscription
  4. Make learns the payload shape on the first event

n8n

Webhook node
  1. Add a "Webhook" node (POST)
  2. Use the node's production URL
  3. Register it as a subscription
  4. Verify the HMAC in a Function node

Need an API key?

API keys and subscription management are included in every plan. Reach out and we'll enable access.

Request API access