Processing an applicant record

1.0    Apply Data Record

POST2 and REQUEST2 delivery methods deliver the applicant data record comprised of the following. Many fields are optional so they are only populated if the seeker supplied the information.

string firstName
string lastName
string emailAddress
string phone
string coverLetter
string jobRefID
string vendorField
string fileExt
string countryCode
string resumeValue
string workAuth
String zipCode
byte[] fileContents

For older integrations reference only, this list of fields for POST and REQUEST is noted. For any new integrations POST2 or REQUEST2 should be used as described above: 

string FirstName, string LastName,string EmailAddress, string PhoneNumber, string CoverLetter, string JobRefID, string VendorField, string FileExt, byte[] FileContents  

Record elements will only appear if there is corresponding data; if, for example, a jobRefID was not specified by the configuration, it will not be supplied in the applicant record. The fileExt field identifies the file extension for the resume document contained in the fileContents byte stream. Possible values are: .doc, .docx, .pdf, .rtf, .txt, and .html. Resume size can be up to 10 MB.

Due to some additional data and overhead coming from the serialization / deserialization process, the following is recommend:

• XML format should be set to accept up to 8 MB
• JSON format should be set to accept up to 20 MB

The applicant data record in the transaction body must be deserialized to the specified data-deliveryformat.


1.1    Configuring Monster job postings for applicant delivery

Enabling jobs posted to Monster in this way will boost applicant conversion by further simplifying the apply process for the candidates and the data is sent to your endpoint.

To enable this Flexible Apply method on jobs posted to Monster, go HERE

1.7    Obtaining an applicant's information

There are three different methods for obtaining an applicant's submitted information:

data-deliverymethod Description
EMAIL An email is delivered to the specified email address.
POST Applicant information is POSTed to a specified REST service.
POST2 Applicant information is POSTed to a specified REST service with more apply fields than POST method does.
REQUEST On notification of applicant submission, the client system makes a web service request to obtain the applicant information.
REQUEST2 On notification of applicant submission, the client system makes a web service request to obtain the applicant information. This includes more apply fields than REQUEST method does

Take Note!

Unicode (UTF-8) character encoding is used for all content.

Take Note!

Monster provides a resume in its original format as it was made available to our site. If a resume was created interactively on Monster, the resume is provided as consistently formatted HTML. If an applicant originally uploaded a resume to Monster (e.g., as a PDF), it is delivered in the original document format.

1.7.1    Receiving applicant information via email

Email is the simplest way to start receiving applicant information. If data-deliverymethod is set to "EMAIL", applicant information is delivered to the email address named in data-emailaddress. The email address named in data-emailaddress can be specified in clear ASCII format:


or its Base64 equivalent:

Take Note!

Optional Base64 encoding serves as a handy lightweight technique to help avoid potential harvesting by email scrapers. It is not an encryption scheme, nor a foolproof obfuscation scheme for a determined harvester.

With email delivery method, the applicant information email is provided in HTML format with the resume and cover letter provided as attachments. For ease of optional post-processing, the job and applicant information contained within the email body is also provided as an attachment, formatted as specified by data-deliveryformat. If data-deliveryformat is not specified, JSON format is defaulted.

If EMAIL delivery method is utilized, there is no further processing necessary; an applicant's resume and cover letter are provided in their original formats as email attachments.

The domain of a target data-emailaddress must be registered for use with the referenced data-api-key for the Apply with Monster button to display. As an alternative to registering each new customer's domain(s), it may be more efficient to configure data-emailaddress to <newcompanyname@yourregistereddomain> and forward the email to the intended target email address.

1.7.2    Receiving applicant information via HTTP POST

HTTP POST to a REST webservice is a common method for accepting applicant information for subsequent processing. If the data-deliverymethod is set to "POST" or "POST2", the applicant information is delivered to your REST webservice as specified by data-posturl upon the job seeker's submission. The REST service must be able to accept the content as defined by data-deliveryformat.

The Content-Type sent for JSON using POST is text/json, using POST2 is application/json, and for xml is always "text/xml". The REST endpoint needs to accept the content type associated with the delivery format requested.

The POST URL specified by data-posturl can be specified in clear ASCII format:


or its Base64 equivalent:


Take Note!

The domain of a target data-posturl must be registered for use with the referenced data-api-key for the Apply with Monster button to display.

Validate the authenticity of POST data

As a best practice, data received via POST from an external source should be validated to ensure its authenticity and integrity. The HTTP POST transaction request header contains two fields that are used to validate the contents of the apply data within the transaction body:

Header Field Description
AwMHash The hashed representation of the serialized apply data using HMAC-SHA1 hashing technique, and the shared secret corresponding to the API key as the hashing key
AwMApiKey API key; this is only needed if there are multiple API keys in use

To validate the transaction, independently hash the serialized apply data in the transaction body using the closely held shared secret. If multiple API keys exist in your environment, AwMApiKey is provided as reference to identify the corresponding shared secret to be used for the local hash calculation. The resulting locally calculated hash value is then compared with AwMHash to verify a match.

Example of validating a hash

	// Verify the HMACSHA1 hash of the data
	var apiKey = this.Request.Headers["AwMApiKey"];
	var hashData = this.Request.Headers["AwMHash"];
	var hmacSha1Hash = Convert.FromBase64String(hashData);

	// Get the hash key to use to check the hashed value
	// NOTE: This key needs to be kept private
	byte[] hashKey = Encoding.UTF8.GetBytes(GetHashKey(apiKey));
	using (HMACSHA1 hmac = new HMACSHA1(hashKey))
		byte[] computedHash = hmac.ComputeHash(this.Request.InputStream);
		// Compare the bytes from the hash that was sent vs. the hash that was just generated
		// NOTE: Use the computedHash as your base comparison as that is the trusted value
			for (int i = 0; i < computedHash.Length; i++)
			if (computedHash[i] != hmacSha1Hash[i])
			throw new InvalidDataException("Hash value mis-match when validating data
			sent - Data cannot be trusted");

Now, you're ready to continue; proceed to Processing an applicant's information.

1.8    Obtaining applicant information via HTTP GET (REQUEST)

Applicant information can also be obtained on request via HTTP GET. This method might be preferable if the applicant information is needed synchronously in advance of ensuing steps. When a data-deliverymethod of "REQUEST" is specified, the JavaScript callback specified by data-onsuccess is also required. For this usage, the success event returns an additional element, req.requestUrl.

The requestUrl field is the target URL-encoded URL for where to make a HTTP GET request to retrieve the applicant's information. To authenticate requestors, when making the HTTP GET request, the shared secret that you obtained with your API key must be appended as an additional parameter, in the format, "&stoken=<yourSharedSecret>" ,e.g.,

Sample HTTP GET request: ... v6GJq4FD4goGSCB9LKFX_7cq6fMHvhqsM1T_DbxvOeWOwUfzmCHs2.6pbRSK6idqUtq8ygffLlDIhA9c0-%26stoken%3d12345

This call will return the applicant information in response.

Take Note!

Applicant information is expected to be retrieved shortly after submission notification. After 24 hours, applicant information is no longer retrievable.


1.9    Processing an applicant's information

Example of deserializing XML data

using System.Xml.Serialization;
                ApplyRecord am = new ApplyRecord();
                if (this.Request.ContentType == "text/xml")
                    XmlSerializer xml = new XmlSerializer(typeof(ApplyRecord));
                    am = (ApplyRecord)xml.Deserialize(this.Request.InputStream);

Example of deserializing JSON data

using System.Runtime.Serialization.Json;
                    DataContractJsonSerializer djs = new DataContractJsonSerializer(typeof(ApplyRecord));
                    am = (ApplyRecord)djs.ReadObject(this.Request.InputStream);

Sample JSON format from POST2:

{"CountryCode":"US","CoverLetter":"Dear Hiring Manager,\u000d\u000a\u000d\u000aI was excited to see your job posting for a Senior Developer at your company. I feel that my skills and experience are a perfect fit for this position. Please feel free to contact me to arrange an interview. Thank you for your time. \u000d\u000a\u000d\u000aSincerely,\u000d\u000aApplicantname","EmailAddress":"","FileContents":[80,75,3,4,20,0,6,0,8,0,0,0,33,0,240,33,236,125,142,1,0,0,19,6,0,0,19,0,8,2,91,67,111,110,116,101,110,116,95,84,121,112,101,115,93,46,120,109,108,32,162,4,2,40,160,0,2,0,0,0,0,73,3,0,0,36,60,0,0,0,0],"FileExt":".docx","FirstName":"Great","JobRefID":"TestJobRefCode","LastName":"Applicant","ResumeValue":"just1a2sample3","VendorField":"vendor can input anything useful they need here","WorkAuthorization":1,"ZIPCode":"02493"}

Sample for XML format with Cover Letter:

<?xml version="1.0"?>
<ApplyRecord xmlns:xsi="" 
<CoverLetter>Dear Hiring Manager,
I was excited to see your job posting for this position.    
Monster Test Seeker</CoverLetter>
<JobRefID> Testjobrefid </JobRefID>  

HTML Sample - here is an example of a resulting html file after deserializing the FileContents field for a resume that was created interactively at the Monster site (e.g., not uploaded as a .doc or .pdf):

<table border="0" cellspacing="0" cellpadding="0" width="650" 
xmlns:fo="" xmlns:m=""
xmlns:ms="urn:schemas-microsoft-com:xslt" />

<table border="0" cellspacing="0" cellpadding="0" width="650" xmlns:fo="">
    <td><a name="resume">
      <table cellspacing="0" cellpadding="0" border="0" width="100%" class="sectionHeaderBackground">
          <td width="180" style="height:1px; width:180px;" />
          <td colspan="2" style="height:1px; width:470px;" />
        <tr style="background-color:#e5ecf3;">
          <td height="18" width="180"><span class="boldText">RESUME</span></td>
          <td height="18" class="SmallText" align="left">  </td>
          <td height="18" align="right" class="smallBoldText" />
    <td height="15" />
    <td colspan="2" class="SmallText" style="

    "><table border="0" cellspacing="0" cellpadding="0" width="100%">
          <td align="left"><span class="boldText">Resume Headline: </span>
          <td align="right"><span class="boldText">Resume Value: </span>
    <td height="15" style="border-top:1px solid #e5ecf3;" />
<table border="0" cellspacing="0" cellpadding="0" width="650" xmlns:fo="">
    <td class="boldText" valign="top" style="padding-left:7px;" width="180">EXPERIENCE:</td>
    <td class="smallText" valign="top" width="150">6/2008 - Present</td>
    <td class="smallText" valign="top" width="150"><Company>Monster</Company></td>
    <td class="smallText" valign="top" width="150"><Location /></td>
    <td class="boldText" valign="top" style="padding-left:7px;" width="180"></td>
    <td class="smallText" valign="top" colspan="3" width="450"><b>
    <td height="15" />
    <td class="boldText" valign="top" style="padding-left:7px;" width="180"></td>
    <td class="smallText" valign="top" colspan="3" width="450" />
    <td height="15" />


1.2    Apply With Monster Button

When properly configured on jobs hosted on your website, the Apply with Monster button looks like this:


The behavior of the Apply with Monster plugin and how it interacts with your site is controlled via a set of configuration parameters which fall into these basic categories:


  • Basic attributes of the job, namely the job title, company name, and job location. These are echoed in the Apply with Monster pages to present a consistent user experience.
  • How the application data is to be communicated, including the delivery method, data format, and additional configuration parameters specific to the delivery method.
  • Information and event triggers passed through and received from Apply with Monster to facilitate a well-integrated and seamless user experience.

1.3    Configuration parameters

Parameter Conditions Description
data-api-key Required API key
data-companyname Required, max 255 chars Name of the hiring company
data-jobtitle Required, max 255 chars Title of the job
data-joblocation Required, max 20 chars Postal code of the location of the job.  In locales where a postal code is not used (e.g., IE), the actual name of the location is used here, (e.g., “Dublin”).
data-jobrefcode Optional, max 50 chars Reference code to identify this job.  Not consumed by Apply with Monster; if specified, the job ref code is simply returned with the applicant data record.   Useful for correlating received applicant information with a job.
data-accountkey Optional, 40 chars SHA1 hash of the Monster employer account username
data-deliverymethod Required; values “POST”, “EMAIL”, “REQUEST” Method for obtaining applicant information
data-deliveryformat Optional; values “JSON” or “XML”; defaults to “JSON” Data document format 
data-posturl Required if data-deliverymethod = “POST” or "POST2"; otherwise ignored REST service where applicant information is to be POSTed
data-emailaddress Required if data-deliverymethod = “EMAIL”; otherwise ignored Email destination where applicant information is to be sent
data-onclick Optional JavaScript function to be called when the user has clicked on the Apply with Monster button. See section JavaScript callbacks for more info.
data-onsuccess Required if data-deliverymethod = “REQUEST” or "REQUEST2; otherwise optional JavaScript function to be called when the user has successfully submitted their Monster information for the job. See section JavaScript callbacks for more info.
data-oncontinue Optional JavaScript function to be called when the user closes the Apply with Monster modal. See section JavaScript callbacks for more info.
data-vendorfield Optional General purpose field for vendor data.  Not consumed by Apply with Monster; if specified, the vendor field is simply returned with the applicant data record.   Useful for specifying metadata.
data-isConfirmationDisabled Optional; values "0" (default) or "1" If set, disables the display of a submission acknowledgement message to the seeker. Sometimes desirable if there are additional mandatory interview questions to be completed.
data-additionalresumeformats Optional; value "TXT"  If set, the resume will also be delivered in plain text format.
src Required Apply with Monster application URL.  URL will vary depending on desired localization.  See section Localizing the Apply with Monster user experience.

An example of invoking Apply with Monster within a web page

Script like the example below must be present on a page where Apply With Monster is to be presented.  Only the fields required for your particular configuration need be specified.

<div id="awm_widget"></div>
<script id="awm" type="text/javascript"
       data-companyname="519 Software, LLC"
       data-jobtitle="Senior Software Engineer"

Sometimes, it is desirable to display multiple Apply with Monster buttons with a job description, if for example, the job description is lengthy. Up to three Apply with Monster buttons can be displayed with the additional scripting:
<div id="awm_widget_2"></div>
<div id="awm_widget_3"></div>

Take Note!

The Apply with Monster button will only be displayed if a valid configuration is specified, e.g, if data-deliverymethod is "POST2" but data-posturl is not provided, the Apply with Monster button will not display.

Apply with Monster utilizes the jQuery JavaScript library and dynamically loads jQuery if version 1.7 or greater is not detected. jQuery.noConflict enabled to protect clients' existing scripts.


1.4    Customizing the visual appearance

Localizing the Language

For the best user experience, the right localized content must be presented to the job seeker.  The language localization of Apply with Monster text copy is configured by specifying the desired locale as part of the src configuration parameter. The src value takes the format:


The {locale} specification is a concatenation of ISO language and country codes, a convention used at many sites. For example, to display content in US English, the src value would be:


The following localizations are currently supported:


Country Language Locale
Australia English en_AU
Australia German de_AT
Belgium Dutch nl_BE
English en_BE
French fr_BE
Canada English en_CA
French fr_CA
Czech Republic Czech cs_CZ
Denmark Danish da_DK
Finland Finnish fi_FI
France French fr_FR
Germany German de_DE
Hungary Hungarian hu_HU
Ireland English en_IE
Italy Italian it_IT
Country Language Locale
Luxembourg English en_LU
French fr_LU
German de_LU
Netherlands Dutch nl_NL
Norway Norweigan no_NO
Poland Polish pl_PL
Spain Spanish es_ES
Sweden Swedish sv_SE
Switzerland French fr_CH
German de_CH
United Kingdom English en_GB
United States English en_US

Take Note!

For pre-existing integrations, a src value of "//" is also supported and equivalent to "//".

1.4.1    Choosing an alternative button presentation

By default, the Apply with Monster button appears as in the previous example, localized accordingly. Alternative button styles are also available, specified by an optional parameter on the src value, e.g.,

sv parameter value style
{not specified} or 0 standard button
1 smaller button
2 standard size, complementary palette
3 smaller size, complementary palette

1.5    Correlating apply activity to jobs also posted on Monster

Increasingly, employers are demanding greater insight into the sourcing of applicants. For Monster customers, all Apply with Monster apply activity at the customer's career site can be tracked by the Monster employer account to get a total accounting of performance for jobs.  This is inclusive of jobs cross-posted to Monster, as well as jobs not cross-posted to Monster but receiving the Apply with Monster benefit.  To enable tracking, the Monster account username is identified within the configuration settings. The optional data-accountkey parameter is used to specify the Monster employer account username by its SHA1 hash value. For example, a user account named "myaccount" is represented as:

When data-accountkey is specified, data-jobrefcode is referenced to determine if this job is also posted on Monster for attribution purposes.

Take Note!

If a job was also posted to Monster, data-jobrefcode should match the jobRefCode value specified during the Real Time Posting action.


1.6    JavaScript callbacks

The originating page from where the Apply with Monster plugin resides can react to specific Apply with Monster event conditions by utilizing JavaScript callbacks. Optional configuration parameters define JavaScript callback functions mapped to those events. Utilizing the JavaScript callbacks can be useful for gaining awareness for a range of purposes such as tracking click activity and continuing on to additional steps.

Configuration Parameter Triggered when the user… Event data example
data-onclick clicks on the Apply with Monster button {"event":"click", "job":{"companyName":"ABC Consulting", "jobTitle":" Analyst", "jobLocation":"01754", "jobRefCode":"jr123", "vendorField":"mymetadata"}}
data-oncontinue closes the Apply with Monster modal {"apply":{"success":true}, "event":"continue", "job":{"companyName":" ABC Consulting", "jobTitle":"Analyst", "jobLocation":"01754", "jobRefCode":"jr123", "vendorField":"mymetadata"}}
data-onsuccess ("POST", "EMAIL" delivery methods) presses "SUBMIT NOW" {"event":"success", "job":{"companyName":"ABC Consulting", "jobTitle":"Analyst", "jobLocation":"01754", "jobRefCode":"jr123", "vendorField":"mymetadata"}}
data-onsuccess ("REQUEST"delivery method) presses "SUBMIT NOW" {"req":{"requestUrl":""}, "event":"success", "job":{"companyName":"RequestTest", "jobTitle":"Tester", "jobLocation":"02142", "jobRefCode":"Sean123"}}
The callbacks each return an object that includes event name and job configuration attributes. In addition, the continue event also includes the success state which is only true if the modal was closed after a user presses "SUBMIT NOW".

When data-deliverymethod is "REQUEST", data-onsuccess is also required to be specified. Details of this usage are provided above, Obtaining applicant information via HTTP GET.