New Authentication model for Skype Interviews API

Today we’re announcing and releasing a new way to authenticate with our Skype Interviews API. We are moving away from a “API Key” only model to a more secure model that allows us to be much more flexible with our feature set expansion. We evaluated multiple solutions, asked multiple partners and have come to the conclusion that using JWT is our best bet.


This update is a breaking change and you will need to update your existing application by March 30th 2018 to maintain its uptime.


What is JWT?

In short, JWT or “JSON Web Token” allows you to sign a request and we can verify that the request has come from you. Similarly, for webhooks, we can sign a request and you can verify that the request was created by Skype Interviews.


JWT is a string consisting of three Base64 encoded string tokens separated by periods “.”.  The token contains a header, payload and signature. You can rely on one of the numerous libraries available to generate JWTs to create you the header and the signature. The main part that’ll be impacting you as an API consumer would be the payload object.


The payload is where all the request content and meta data should reside in and consists of the following attributes
key description type
jti “JWT ID”: it’s a unique identifier required for every JWT to prevent replay attacks. We consume this in the form of a GUID. string – GUID pattern
iss “Issuer”: it’s an identifier for us to verify for which company the request should be issued. Use the API Key that you’ll find in the developer settings in our dashboard string – GUID pattern
iat “Issued At”: NumericDate value indicating to us, when the request was issued. NumericDate – representing the number of seconds from 1970-01-01T00:00:00Z UTC until the specified UTC date/time, ignoring leap seconds.
sub “Subject”: A SHA256 hash of the request’s payload string – SHA256 hash
exp “Expiration Time”: NumericDate vaule indicating after which time we should classify this request as invalid NumericDate + 10 seconds


Node.js example to generate a token:


import Guid from 'guid'
import sha256 from 'sha256'
import jwt from 'jsonwebtoken'

function generateToken(content) {
  // generate payload
  var payload = {
    jti: Guid.raw(),
    iss: API_KEY,
    iat: Math.floor( / 1000),
    sub: sha256(content),
    exp: Math.floor( / 1000) + 10

  // return the generated token to attach to a request
  return jwt.sign(payload, API_SECRET)


If you want to have a more detailed description of how JWT works, we highly recommend you to read JWT.IO – JSON Web Tokens Introduction.

How does JWT work with Skype Interviews API?

Now that we know how to generate the token, the next step is how to attach that token to your HTTP requests.
Every request needs to be signed, so Skype Interviews can verify the validity and authenticity of your request. Skype Interviews API provides two ways of receiving the token.
You need to pass the token in the “Authorization” header. The format is exactly the same as other industry leading APIs using: “Authorization: Bearer <token>”
The request body will remain the same as before. All you need to change is to dynamically create a JWT token and attach it to every request.

That’s it!

If you have any questions, you can always checkout our documentation or reach out to us via email.