Skip to main content
Each event request includes a x-hireflix-signature header. This header can be used to verify the authenticity of the webhook event. You can verify this signature using your webhook’s secret key, available under Profile → Webhooks → “Reveal Key” in the Hireflix Dashboard. Webhook secret key (UI Hireflix)

Verification Steps 🔑

  • Extract the signature from the x-hireflix-signature header. It’s Base64-encoded, so decode it first.
  • Compute your own signature
    • Use HMAC with SHA-256.
    • Use your webhook’s secret key as the key.
    • Use the raw JSON payload (request body) as the message.
  • Compare the signatures
    If your computed signature matches the header value, the event is authentic.
Here’s an example if you are directly intercepting the request: 
import crypto from "crypto";

function verifyHireflixWebhook(req, secret) {
  const signature = Buffer.from(req.headers["x-hireflix-signature"], "base64");
  const expected = crypto
    .createHmac("sha256", secret)
    .update(JSON.stringify(req.body))
    .digest();

  return crypto.timingSafeEqual(signature, expected);
}
Here’s an example that shows the full code in JavaScript, and prints true to your console if the signature matches the expected one. 
import crypto from "crypto";

function verifyHireflixWebhook(secret) {
  // Signature extracted from the request headers (x-hireflix-signature)
  const signature = Buffer.from("0iHqlyysUmN4UlZdU2zY+QUZHD1URa2MJsYn3p84zUY=", "base64");
  const expected = crypto
    .createHmac("sha256", secret)
    .update(JSON.stringify({
      "event": "interview.create",
      "data": {
        "id": "68ff5ed8b07cc148bddcae02",
        "position": {
          "id": "68b43e38b19cf131a17c543f",
          "name": "Social Media Manager"
        },
        "externalId": null,
        "status": "pending",
        "hash": "25eXrLpj",
        "createdAt": 1761566424331,
        "candidate": {
          "name": "Stef Jordens",
          "firstName": "Stef",
          "lastName": "Jordens",
          "email": "stef@nespf.com",
          "phone": null
        },
        "score": null,
        "completed": null,
        "deleted": null,
        "archived": null,
        "finalist": null,
        "answered": false,
        "thumbnail": null,
        "url": {
          "short": "https://hflx.io/c/25eXrLpj",
          "private": "https://admin.hireflix.com/jobs/68b43e38b19cf131a17c543f/interview/68ff5ed8b07cc148bddcae02",
          "public": "https://app.hireflix.com/25eXrLpj"
        }
      },
      "date": 1761566424499
    }))
    .digest();

  return crypto.timingSafeEqual(signature, expected);
}

// webhook secret from Hireflix dashboard
const mysecret = "lbH4lVZYz77vubJX3pWRrdRY3AcMKdTjaoznzxsSygM="

// Does it match?
const match = verifyHireflixWebhook(mysecret);
console.log(match)