Talentech supports webhooks to enable event-driven integrations between our SaaS platform and your systems. Webhooks allow you to receive real-time notifications when specific events occur β such as a candidate applying, a status update, or a new job posting.
This repository contains a minimal and functional example of a webhook receiver implemented in .NET and C#. It demonstrates how to:
- Listen for incoming HTTP POST requests
- Read and process the JSON payload
- Validate the authenticity of the webhook using HMAC-SHA256
- Respond appropriately to valid and invalid requests
Each webhook request includes an X-Signature-Base64HmacSha256 HTTP header. This is a Base64-encoded HMAC-SHA256 hash of the request body, computed using a shared secret. To ensure the webhook was sent by Talentech and was not tampered with, you must verify this signature.
- Retrieve the raw request body as a string.
- Compute the HMAC-SHA256 hash using your shared secret and the body.
- Base64-encode the hash.
- Compare the result to the
X-Signature-Base64HmacSha256header using a time-safe comparison.