Overview
PsikologieHub exposes a RESTful API that lets partner systems create a widget
SSO session for HR/recruiters and their candidates. After a session is created,
the partner frontend embeds the returned widgetUrl in an <iframe> and the
widget handles authentication, dashboard rendering, and assessment flows
internally.
This page covers the system overview, technical specification, and the end-to-end integration flow.
Integration at a Glance
| Item | Value |
|---|---|
| Auth | HMAC-SHA256 signature in the request body |
| Endpoint | POST /api/v2/partner/{partnerId}/sessions |
| Content-Type | application/json |
| Main output | widgetUrl (embedded via iframe) |
| Protocol | HTTPS (mandatory) |
Technical Specification
| Parameter | Value |
|---|---|
| API Type | RESTful API |
| Base URL | {BASE_URL}/api/v2/partner |
| Main Endpoint | POST /{partnerId}/sessions |
| Authentication | HMAC-SHA256 Signature in the request body |
| Content-Type | application/json |
| Versioning | Partner API contract v2 |
| Protocol | HTTPS (mandatory) |
End-to-End Integration Flow
- The HR/recruiter logs in to the partner’s internal system.
- The partner backend prepares the data: user, company, candidates.
- The partner backend generates an HMAC-SHA256 signature from the canonical
string using the partner
secretKey. - The partner backend calls
POST /partner/{partnerId}/sessionswith the signature in the body. - PsikologieHub validates
partnerId, signature, request structure, and the partner domain. - The response contains
sessionToken,widgetUrl, andexpiresIn. - The partner backend forwards
widgetUrlto the frontend. - The frontend embeds the widget via
<iframe>usingwidgetUrlas the source. - The HR/recruiter is automatically signed into the dashboard.
- Candidates take the prepared assessment inside the widget.
- When the session expires, the partner calls Create Session again.