Vai al contenuto principale
Webhook & automazione

Eventi InTransparency in qualunque strumento

Cinque eventi firmati HMAC-SHA256, consegnati al tuo endpoint HTTPS. Funzionano oggi con Zapier, Make, n8n o qualunque ricevitore custom.

Eventi disponibili

match.created

A talent search produced a match for one of your watchlists/searches.

credential.issued

A W3C Verifiable Credential was issued (project, stage, endorsement).

credential.revoked

A previously issued credential was revoked.

stage.completed

An internship (stage) was completed and evaluated.

exchange.completed

An international exchange enrollment was marked completed.

1. Crea la subscription

Serve una API key (gratuita, dal tuo workspace). La subscription accetta qualunque URL HTTPS — incluso un Catch Hook di Zapier o un Custom Webhook di Make.

curl -X POST https://www.in-transparency.com/api/agents/webhooks \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://hooks.zapier.com/hooks/catch/123456/abcdef/",
    "events": ["match.created", "credential.issued"]
  }'

# Response — store the secret, it is shown exactly once:
# {
#   "id": "whsub_...",
#   "url": "https://hooks.zapier.com/hooks/catch/123456/abcdef/",
#   "events": ["match.created", "credential.issued"],
#   "secret": "3f8a…64-hex-chars…c1",
#   "active": true
# }

2. Ricevi le consegne

Ogni evento è un POST JSON. Le consegne fallite vengono ritentate; X-InTransparency-Delivery è la chiave di idempotenza.

POST <your-url>
User-Agent: InTransparency-Webhook/1.0
X-InTransparency-Signature: sha256=<hex hmac of the raw body>
X-InTransparency-Delivery: <delivery id, idempotency key>

{
  "event": "match.created",
  "eventId": "cme41…",
  "occurredAt": "2026-06-10T09:30:00.000Z",
  "data": {
    "matchId": "cme41…",
    "candidateId": "ckx91…",
    "candidateName": "Marco B.",
    "matchScore": 87,
    "decisionLabel": "STRONG_MATCH",
    "jobId": null,
    "url": "https://www.in-transparency.com/en/matches/cme41…/why"
  }
}

3. Verifica la firma

Ogni consegna è firmata con il secret della subscription. Verifica prima di fidarti del payload (su Zapier/Make puoi saltare la verifica se l'URL del hook resta segreto).

// Node.js — verify the HMAC before trusting the payload
import crypto from 'crypto'

function isValid(rawBody, signatureHeader, secret) {
  const expected = 'sha256=' +
    crypto.createHmac('sha256', secret).update(rawBody).digest('hex')
  return crypto.timingSafeEqual(
    Buffer.from(signatureHeader),
    Buffer.from(expected),
  )
}

Ricette per i tool no-code

Zapier

Webhooks by Zapier
  1. Nuovo Zap → trigger "Webhooks by Zapier" → Catch Hook
  2. Copia l'URL del hook
  3. Crealo come subscription (step 1 sopra)
  4. Collega le action: Slack, Sheets, CRM…

Make

Custom webhook
  1. Nuovo scenario → modulo "Webhooks" → Custom webhook
  2. Copia l'URL generato
  3. Registralo come subscription
  4. Make rileva la struttura al primo evento

n8n

Webhook node
  1. Aggiungi un nodo "Webhook" (POST)
  2. Usa l'URL di produzione del nodo
  3. Registralo come subscription
  4. Verifica la firma HMAC in un nodo Function

Ti serve una API key?

Le chiavi API e la gestione delle subscription sono incluse in tutti i piani. Scrivici e ti attiviamo l'accesso.

Richiedi accesso API