IntegrationQuick Start

Quick Start

Three steps to a working integration: generate a signature, create a session, and embed the returned widget URL in an iframe.

1. Generate the HMAC-SHA256 Signature

Build the canonical string in this exact order:

partnerId | user_id | email | name | company_id | candidate_ids_csv

Then hash it with HMAC-SHA256 using your secretKey. Output format: lowercase hexadecimal.

  • Fields are joined with |
  • Optional fields that are not sent remain as empty strings
  • candidate_ids_csv = candidate_id values from user.candidates, joined by , in payload order
function generateSignature(
    string $partnerId,
    string $userId,
    string $userEmail,
    string $userName,
    string $companyId,
    string $candidateIdsCsv,
    string $secretKey
): string {
    $canonical = implode('|', [
        $partnerId,
        $userId,
        $userEmail,
        $userName,
        $companyId,
        $candidateIdsCsv,
    ]);
    return hash_hmac('sha256', $canonical, $secretKey);
}

See the Authentication page for full canonical string rules, the field mapping, and test vectors you can use to verify your implementation.

2. Call the Create Session Endpoint

curl -X POST "https://dev-app.psikologiehub.com/api/v2/partner/{partnerId}/sessions" \
  -H "Content-Type: application/json" \
  -d '{
    "user": {
      "user_id": "USR-001",
      "email": "[email protected]",
      "name": "John Doe",
      "company": { "company_id": "COMP-001" },
      "candidates": [
        { "candidate_id": "CND-001", "nama": "Jane", "email": "[email protected]" }
      ]
    },
    "signature": "GENERATED_HMAC_SIGNATURE"
  }'

A successful response contains:

{
  "success": true,
  "sessionToken": "eyJhbGciOiJIUzI1NiI...",
  "widgetUrl": "https://dev-app.psikologiehub.com/api/v2/partner/widget?token=eyJ...",
  "partnerId": "psikologihub",
  "expiresIn": 1778760077
}

See the API Reference page for the full request/response schema and multi-language end-to-end examples.

3. Embed the Widget

<iframe
  src="WIDGET_URL"
  width="100%"
  height="700"
  frameborder="0"
  allowfullscreen
></iframe>

The widget handles authentication, navigation, and internal API calls. Your frontend does not need to do anything else.

⚠️

The widget can only be loaded from a domain that has been whitelisted with PsikologieHub for your partnerId. Coordinate with your PsikologieHub PIC to register additional domains before testing in a new environment.

PrerequisitesAPI Reference