Ashby · Authentication Profile

Ashby Authentication

Authentication

Ashby secures its APIs with apiKey and http across 2 declared security schemes, as derived from its OpenAPI definitions.

HRATSRecruitingAnalyticsSourcingScheduling
Methods: apiKey, http Schemes: 2 OAuth flows: API key in: header

Security Schemes

BasicAuth http
scheme: basic
WebhookSignature apiKey
· in: header (Ashby-Signature)

Source

Authentication Profile

Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/ashby-api-openapi.json, openapi/ashby-assessments-partner-openapi.json
summary:
  types:
  - apiKey
  - http
  api_key_in:
  - header
schemes:
- name: BasicAuth
  type: http
  scheme: basic
  description: "Use HTTP Basic Auth to authenticate with our API. You must send your API key\
    \ with every request. \nPut your API key as the basic auth username and leave the password\
    \ blank."
  sources:
  - openapi/ashby-api-openapi.json
  - openapi/ashby-assessments-partner-openapi.json
- name: WebhookSignature
  type: apiKey
  in: header
  parameter: Ashby-Signature
  description: |-
    [Optional] If you provide a secret token when configuring your webhook, this will be used to create a digest of the JSON payload sent with each webhook request.
    The digest will be included in the request under the `Ashby-Signature` http header.

    It will look like this:
    `Ashby-Signature: sha256=f3124911d2956f10aa3a49c43a88bdf13bba846e94f0ae2bd7c034f90239bd04`

    The part before the = indicates the al
  sources:
  - openapi/ashby-api-openapi.json