Assessio Platform Development Assessment API (beta/v1)

Support: integrations@assessio.com URL: https://helpcenter.assessio.com/hc/en-us

Overview

Assessio offers a simple API for approved partners to integrate with our development module. The API allows integrators to:

Submit assessment orders for employees to complete assessments. The result of submitting an assessment order is a link to the assessment.
Subscribing webhooks for receiving updates regarding requested assessments.

API Environments

The API is available in two environments:

Sandbox (Testing Environment): https://sandbox.api.assessio.systems/
Production (Live Environment): https://api.assessio.online/

Note: The sandbox environment allows integration testing without affecting live data. It may have limitations compared to production.

Key Concepts and Terms

Assessio Platform: Our integrated talent management platform.
Assessment: One of the various assessment tests that can be taken in Assessio Platform.
Employee: The individual who will be taking the assessment(s).
Integrator: A third party that builds an integration to our platform using the Development API.
Organisation: A client organisation account within Assessio Platform.

Step 1: Establishing an Integration on the Sandbox Environment

To establish an integration utilising the Development API for testing, the following steps need to be completed:

Request a sandbox test organisation from Assessio.
- You will be provided with a sandbox account and an associated provider-key.
Obtain integration credentials for authenticating against our API:
- integrator-secret: A secret used to sign requests from the Integrator to the Assessio platform.
  For details on how this HMAC signature is generated, see Request Signing.
  
  Note: If required, Assessio can disable this signature requirement in the sandbox environment to simplify initial testing.
- provider-key: Identifies your Assessio organization. This key must be included in calls to our Assessio-hosted endpoints (e.g. /development/v1/assessment-link-order).
  
  If multiple organisations are used with the integration, each one is expected to use its own key.
- Token for Assessio → Integrator Webhook Calls: In order for the Assessio Platform to authenticate when calling your webhook (resultUpdateUrl), you have two options:
  1. Provide an API token (previously referred to as integrator-api-key). We can either generate it and share it with you, or you can provide a token value that you want us to use.
  2. Set up OAuth2 Client Credentials. Contact the Assessio team if you prefer using OAuth2 for securing webhook calls.

Step 2: Enabling the Integration on the Production Environment

Once the Integrator has created and tested the integration on the sandbox environment, the Assessio team can be contacted to exchange production credentials (including production provider-key, integrator-secret, and token credentials) and enable the integration on the production environment.

Typical Workflow

A high-level overview of how an Integrator typically uses this API:

Create assessment link (receive link to assessment and register for assessment updates) by calling the /development/v1/assessment-link-order endpoint.
Receive assessment result updates (receive information about assessment submissions either when employee completes it or agrees to use existing results) on the/<:integrator-defined-webhook> endpoint.

Request Signing

Some requests to our API require an HMAC to be generated from the timestamp combined with the payload. Below is an example in Java:

String encode() throws NoSuchAlgorithmException, InvalidKeyException {
  var timestamp = Instant.now().getEpochSecond();
  var key = "TODO";   // your integrator-secret
  var payload = "{}"; // the raw JSON payload
  var data = timestamp + "." + payload;
  var sha256Hmac = Mac.getInstance("HmacSHA256");
  var secretKey = new SecretKeySpec(key.getBytes(StandardCharsets.UTF_8), "HmacSHA256");
  sha256Hmac.init(secretKey);
  return String.valueOf(Hex.encode(sha256Hmac.doFinal(data.getBytes(StandardCharsets.UTF_8))));
}

The Signature header must include:

t: The Unix timestamp (in seconds) when the signature was created.
signature: The HMAC digest of t + "." + (request body).

We allow a timestamp skew of up to 5 minutes (300 seconds). Requests outside that timeframe will be rejected.

Assessio Hosted

Endpoints hosted by Assessio Platform.

Processes employee assessment order.

This endpoint is used to process an assessment order for an employee as part of processing following actions are performed:

A lookup of the employee by email is performed in the Assessio Platform.

a) if the employee is found, no changes are made to the employee data (employee firstName, lastName payload is ignored).

b) if the employee is not found, a new employee is created with Platform employee role which doesn't allow to login but allows for assessment completion as part of the processes initiated in the Platform.
A link between the assessment order and the employee is created. It shall consist of the webhookCallbackUrl on which updates to the assessment order are sent, as well as redirectUrl to which the employee is redirected after completing the assessment in the Platform.
A link to the assessment of given type is created and returned to the caller. It allows to complete the assessment in the Platform or give consent to share the assessment results with the integrator.

Authorizations:

bearerAuth

Request Body schema: application/json

assessmentType required	string (AssessmentType) Enum: "MAP" "MATCH_V_V2" Assessment type.
orderReferenceId required	string The reference ID for submitted order in the Integrator system. Included in webhook updates for reference between systems.
webhookCallbackUrl required	string <uri> The webhook URL of the Integrator to receive result updates for requested assessments.
redirectUrl required	string <uri> URL to redirect the employee after completing the assessments in Assessio Platform.
required	object Employee details used when a new employee needs to be created.

Responses

Request samples

Payload

Content type

application/json

{"assessmentType": "MAP",
"orderReferenceId": "string",
"webhookCallbackUrl": "http://example.com",
"redirectUrl": "http://example.com",
"personDetails": {"locale": "en-US",
"email": "user@example.com",
"firstName": "string",
"lastName": "string"
}
}

Response samples

200
400
403

Content type

application/json

{"assessmentLink": "http://example.com"
}

Integrator Hosted

Endpoint hosted by the Integrator.

Publish registered employee updates.

Currently only ASSESSMENT_SUBMITTED event is supported which informs about assessment completion and contains assessment scores.

Authorizations:

bearerAuth

Request Body schema: application/json

eventType required	string Value: "ASSESSMENT_SUBMITTED"
required	AssessmentSubmittedWebHookRequest (object)

Responses

Request samples

Payload

Content type

application/json

{"eventType": "ASSESSMENT_SUBMITTED",
"payload": {"orderReferenceId": "string",
"assessmentType": "MAP",
"assessmentScores": [{"type": "MAP_SCORE",
"key": "EX",
"value": 10,
"subScores": [{"key": "EX1",
"value": 10
}
]
}
]
}
}