****************************** AI Interview Workflows ****************************** ---- Xobin provides AI Interview Workflow customizations for customers in the **Standard Plan**. Follow the steps below to customize AI Interview workflows in Xobin. AI Interview Workflow types ---------------------------- 1. **AI Interview Start**: Automatically receive notifications when a candidate begins an AI interview. 2. **AI Interview Submission**: Get AI interview results as soon as a candidate completes their AI interview and the evaluation is complete. Customize AI Interview Workflows ------------------------------------ Navigate to the **AI Interviews** dashboard. Click on the interview settings (three dots) for the desired AI interview. .. image:: _static/images/webhooks/all-ai-interviews.png :alt: AI Interview settings In interview settings, click on **Workflows** tab at the top to customize workflow rules for your AI interview. Enable the desired webhook type you want to add and paste the webhook URL. To ensure your webhook works, try clicking on the **Send Response** button to receive a sample response. .. image:: _static/images/webhooks/ai-interview-workflows.png :alt: AI Interview workflow customization in Xobin Sample response ----------------------------- .. tab:: AI Interview Start .. code-block:: JSON { "ai_interview_id": 206, "ai_interview_name": "Receptionist", "candidate_email": "jennifergross@mailinator.com", "candidate_id": 7054, "candidate_name": "Jennifer Gross", "invite_status": "Started", "response_id": 6726 } .. tab:: AI Interview Submission .. code-block:: JSON { "ai_interview_id": 206, "ai_interview_name": "Receptionist", "candidate_email": "jennifergross@mailinator.com", "candidate_id": 7054, "candidate_name": "Jennifer Gross", "candidate_summary": "Jennifer Gross exhibited significant weaknesses in key skills required for the Receptionist role, scoring just 1 in experience and organizational abilities, which are critical for effective execution of duties. Despite an outstanding integrity score of 10.0, the lack of foundational skills raises concerns about her capability to perform in the position. Given these factors, Jennifer is not recommended for the role.", "completed_date": "Jul 05, 2025, 4:42:45 AM", "integrity_score": 10, "interview_recording": { "1755695988585": "https://example.com/interview_recording/session-1.webm", "1755695988586": "https://example.com/interview_recording/session-2.webm" }, "invite_status": "Completed", "recommendation": "Not Recommended", "report_link": "http://xyz.xobin.com/app/interviews/ai?interview=206&candidate=6726", "response_id": 6726, "score": 10, "skill_wise_scores": { "must_haves": [ { "score": 4, "skill_name": "Proven experience as a receptionist or in a related role" }, { "score": 4, "skill_name": "Prioritization and productivity techniques" } ], "nice_to_haves": [ { "score": 4, "skill_name": "Exceptional organizational skills and attention to detail" } ] } } Authenticate webhook payload ----------------------------- When you receive ``POST`` requests from Xobin, it's essential to verify their authenticity and integrity to prevent malicious activities or data tampering. Each incoming ``POST`` request from Xobin includes an ``x-xobin-signature`` key in the header. This signature is generated by encoding a combination of your ``API_KEY`` and the payload of the request. To validate the request, you need to follow these steps: - Take the payload of the request and use your ``API_KEY`` to compute the ``HMAC-SHA256`` hash. - Encode the resulting hash using ``Base64 URL`` Safe encoding, without including any padding characters. - Compare this generated signature with the ``x-xobin-signature`` provided in the request headers. - If the two signatures match, it confirms that the request is authentic and hasn't been tampered with during transit. .. tab:: Python .. code-block:: python :linenos: import hmac import hashlib import base64 # Function to verify webhook def verify_webhook(data, hmacHeader, apikey): # Compute the HMAC digest of the data using the provided API key digest = hmac.new( apikey.encode('utf-8'), data.encode('utf-8'), digestmod=hashlib.sha256 ).digest() # Encode the digest into base64 format and remove padding characters computed_hmac = base64.urlsafe_b64encode(digest).rstrip(b"=") # Compare the computed HMAC with the HMAC included in the request return hmac.compare_digest(computed_hmac, hmac_header.encode('utf-8')) .. tab:: Java .. code-block:: java :linenos: import javax.crypto.Mac; import javax.crypto.spec.SecretKeySpec; import java.util.Base64; // Function to verify webhook public boolean verifyWebhook(String data, String hmacHeader, String apiKey) { try { // Create a new Mac instance with SHA-256 Mac mac = Mac.getInstance("HmacSHA256"); mac.init(new SecretKeySpec(apiKey.getBytes(), "HmacSHA256")); // Compute the HMAC digest String computedHmac = Base64.getUrlEncoder().withoutPadding().encodeToString(mac.doFinal(data.getBytes())); // Compare the computed HMAC with the provided HMAC header return computedHmac.equals(hmacHeader); } catch (Exception e) { e.printStackTrace(); return false; } } .. tab:: Javascript .. code-block:: javascript :linenos: const crypto = require('crypto'); // Function to verify webhook const verifyWebhook = (data, hmacHeader, apiKey) => { // Compute the HMAC digest using SHA-256 const hmac = crypto.createHmac('sha256', apiKey); hmac.update(data); const computedHmac = hmac.digest('base64url'); // 'base64url' gives URL-safe Base64 without padding // Compare the computed HMAC with the provided HMAC header return computedHmac === hmacHeader; }; .. tab:: PHP .. code-block:: php :linenos: - ``data``: The payload received from the webhook. - ``hmacHeader``: The HMAC signature included in the request. - ``apikey``: The API key used for HMAC generation. If you have any questions, reach out to your account manager for assistance.