Digitalent Public API

1. Register your Domain to Digitalent Developer Console

Register your organization and domain Here. You will receive credentials from our team, including a Client-ID and Client Secret. Please store these credentials securely, as they serve as your authentication for accessing our system.

2. Request Header

Digitalent require these 4 headers for domain authentication

Header	Description
Client-Id	Domain Client-Id
Request-Id	Unique Request Identifier (UUIDv4)
Request-Timestamp	UTC time when the request was made
Signature	The computed HMAC-SHA256 signature

Steps to create header

Extracts the HTTP method, URL path, and raw body content.
Adds a unique Request-Id (UUIDv4) and a timestamp (ISO 8601)
Create the base string: ${method}:${urlPath}:${body}:${timestamp}:${requestId} example: POST:/api/public/pelatihan/akademi:{"id":10}:2025-10-31T06:00:12.120Z:af01c41a-788a-4db1-a08c-14b7982c2d9a
Compute Signature - HMAC-SHA256 with client_secret as the key
Convert to URL-safe Base64 - Replaces + → - and / → _ to avoid HTTP header encoding issues.
Attach Headers - Adds all required authentication headers to the request.

3. Sequence Diagram

sequenceDiagram

participant  Client  as  API  Client

participant  Server  as  Digitalent  Server

  

autonumber

Note  over  Client, Server: Public Digitalent API

  

Client  ->>  Server: API  Request  Headers: Client-Id, Request-Id, Request-Timestamp, Signature

alt  Bad  Request
Server  -->>  Client: ❌ 400 Bad Request ("Missing required headers")

else  Invalid  or  Inactive  Client  ID

Server  -->>  Client: ❌ 403 Bad Request ("Invalid or inactive Client ID")

else  Timestamp  Invalid

Server  -->>  Client: ❌ 408 Request Timeout ("Request timestamp expired")

else  Invalid  Signature

Server  -->>  Client: ❌ 401 Unauthorized ("Invalid signature")

else Signature  Valid

Server  -->>  Client: ✅ 200 OK (Authorized)

end

4. Postman Pre-Request Script Example

const clientId = pm.environment.get("client_id");
const clientSecret = pm.environment.get("client_secret");

const method = pm.request.method.toUpperCase();
const urlPath = pm.request.url.getPath(); 
let body = "";
if (pm.request.body && pm.request.body.mode === "raw") {
  body = pm.request.body.raw || "";
}

const timestamp = new Date().toISOString();
const requestId = uuidv4();

const baseString = `${method}:${urlPath}:${body}:${timestamp}:${requestId}`;

let signature = CryptoJS.enc.Base64.stringify(
  CryptoJS.HmacSHA256(
    CryptoJS.enc.Utf8.parse(baseString),
    CryptoJS.enc.Utf8.parse(clientSecret)
  )
);

pm.request.headers.add({ key: "Client-Id", value: clientId });
pm.request.headers.add({ key: "Request-Id", value: requestId });
pm.request.headers.add({ key: "Request-Timestamp", value: timestamp });
pm.request.headers.add({ key: "Signature", value: signature });


function uuidv4() {
    return "xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx".replace(/[xy]/g, function (c) {
        const r = (Math.random() * 16) | 0,
            v = c === "x" ? r : (r & 0x3) | 0x8;
        return v.toString(16);
    });
}