AI Interview Workflows¶
Xobin provides AI Interview Workflow customizations for customers in the Standard Plan. Follow the steps below to customize AI Interview workflows in Xobin.
AI Interview Workflow types¶
AI Interview Start: Automatically receive notifications when a candidate begins an AI interview.
AI Interview Submission: Get AI interview results as soon as a candidate completes their AI interview and the evaluation is complete.
Customize AI Interview Workflows¶
Navigate to the AI Interviews dashboard. Click on the interview settings (three dots) for the desired AI interview.
In interview settings, click on Workflows tab at the top to customize workflow rules for your AI interview. Enable the desired webhook type you want to add and paste the webhook URL. To ensure your webhook works, try clicking on the Send Response button to receive a sample response.
Sample response¶
{
"ai_interview_id": 206,
"ai_interview_name": "Receptionist",
"candidate_email": "[email protected]",
"candidate_id": 7054,
"candidate_name": "Jennifer Gross",
"invite_status": "Started",
"response_id": 6726
}
{
"ai_interview_id": 206,
"ai_interview_name": "Receptionist",
"candidate_email": "[email protected]",
"candidate_id": 7054,
"candidate_name": "Jennifer Gross",
"candidate_summary": "Jennifer Gross exhibited significant weaknesses in key skills required for the Receptionist role, scoring just 1 in experience and organizational abilities, which are critical for effective execution of duties. Despite an outstanding integrity score of 10.0, the lack of foundational skills raises concerns about her capability to perform in the position. Given these factors, Jennifer is not recommended for the role.",
"completed_date": "Jul 05, 2025, 4:42:45 AM",
"integrity_score": 10,
"interview_recording": {
"1755695988585": "https://example.com/interview_recording/session-1.webm",
"1755695988586": "https://example.com/interview_recording/session-2.webm"
},
"invite_status": "Completed",
"recommendation": "Not Recommended",
"report_link": "http://xyz.xobin.com/app/interviews/ai?interview=206&candidate=6726",
"response_id": 6726,
"score": 10,
"skill_wise_scores": {
"must_haves": [
{
"score": 4,
"skill_name": "Proven experience as a receptionist or in a related role"
},
{
"score": 4,
"skill_name": "Prioritization and productivity techniques"
}
],
"nice_to_haves": [
{
"score": 4,
"skill_name": "Exceptional organizational skills and attention to detail"
}
]
}
}
Authenticate webhook payload¶
When you receive POST requests from Xobin, it's essential to verify their authenticity and integrity to prevent malicious activities or data tampering. Each incoming POST request from Xobin includes an x-xobin-signature key in the header. This signature is generated by encoding a combination of your API_KEY and the payload of the request.
- To validate the request, you need to follow these steps:
Take the payload of the request and use your
API_KEYto compute theHMAC-SHA256hash.Encode the resulting hash using
Base64 URLSafe encoding, without including any padding characters.Compare this generated signature with the
x-xobin-signatureprovided in the request headers.If the two signatures match, it confirms that the request is authentic and hasn't been tampered with during transit.
1 import hmac
2 import hashlib
3 import base64
4
5 # Function to verify webhook
6 def verify_webhook(data, hmacHeader, apikey):
7 # Compute the HMAC digest of the data using the provided API key
8 digest = hmac.new(
9 apikey.encode('utf-8'),
10 data.encode('utf-8'),
11 digestmod=hashlib.sha256
12 ).digest()
13
14 # Encode the digest into base64 format and remove padding characters
15 computed_hmac = base64.urlsafe_b64encode(digest).rstrip(b"=")
16
17 # Compare the computed HMAC with the HMAC included in the request
18 return hmac.compare_digest(computed_hmac, hmac_header.encode('utf-8'))
1 import javax.crypto.Mac;
2 import javax.crypto.spec.SecretKeySpec;
3 import java.util.Base64;
4
5 // Function to verify webhook
6 public boolean verifyWebhook(String data, String hmacHeader, String apiKey) {
7 try {
8 // Create a new Mac instance with SHA-256
9 Mac mac = Mac.getInstance("HmacSHA256");
10 mac.init(new SecretKeySpec(apiKey.getBytes(), "HmacSHA256"));
11
12 // Compute the HMAC digest
13 String computedHmac = Base64.getUrlEncoder().withoutPadding().encodeToString(mac.doFinal(data.getBytes()));
14
15 // Compare the computed HMAC with the provided HMAC header
16 return computedHmac.equals(hmacHeader);
17 } catch (Exception e) {
18 e.printStackTrace();
19 return false;
20 }
21 }
1 const crypto = require('crypto');
2
3 // Function to verify webhook
4 const verifyWebhook = (data, hmacHeader, apiKey) => {
5 // Compute the HMAC digest using SHA-256
6 const hmac = crypto.createHmac('sha256', apiKey);
7 hmac.update(data);
8 const computedHmac = hmac.digest('base64url'); // 'base64url' gives URL-safe Base64 without padding
9
10 // Compare the computed HMAC with the provided HMAC header
11 return computedHmac === hmacHeader;
12 };
1 <?php
2 // Function to verify webhook
3 function verifyWebhook($data, $hmacHeader, $apiKey) {
4 // Compute the HMAC digest using SHA-256
5 $computedHmac = rtrim(strtr(base64_encode(hash_hmac('sha256', $data, $apiKey, true)), '+/', '-_'), '=');
6
7 // Compare the computed HMAC with the provided HMAC header
8 return hash_equals($computedHmac, $hmacHeader);
9 }
10 ?>
data: The payload received from the webhook.hmacHeader: The HMAC signature included in the request.apikey: The API key used for HMAC generation.
If you have any questions, reach out to your account manager for assistance.