🚀 Complete Guide: Hiring Challenge Paradigm

Welcome! This guide will walk you through our 6-stage coding challenge step by step. Don't worry if you're new to this - we'll explain everything clearly with examples.

📋 Table of Contents

1. Overview
2. Getting Started
3. Step 1: Authentication
4. Step 2: Understanding Each Stage
5. Step 3: Computing Your Answer
6. Step 4: Creating Proof (HMAC & Hashing)
7. Step 5: Submitting Your Answer
8. Step 6: Final Code Submission
9. Important Rules
10. Tips & Tricks
11. Troubleshooting

---

Overview

What is this challenge?

This is a 6-stage coding challenge where you'll solve real-world business problems using code. Each stage presents a different problem (e-commerce, inventory management, CRM, etc.), and you must write code to solve it.

Key Facts

• ⏰ Time Limit: 24 hours (starts after you authenticate)
• 🎯 Stages: 6 progressive challenges
• 🔓 Sequential: Each stage unlocks the next one
• 💻 Any Language: Use Python, JavaScript, Java, or whatever you prefer
• ⚠️ 5 Attempts: You get 5 tries per stage before a 30-minute lockout

What You'll Need

• A code editor and programming language of your choice
• A tool to make HTTP requests (curl, Postman, or write code)
• Understanding of JSON, HTTP APIs, and basic cryptography (we'll explain!)
• A GitHub account (for submitting your final code via GitHub Gist)

---

Getting Started

The Flow

1. Authenticate → Get Token
2. Access Stage 1 → Get Dataset & Rules
3. Write Code → Solve the Problem
4. Submit Answer → With Cryptographic Proof
5. Repeat for Stages 2-6
6. Submit Final Code → GitHub Gist/Repo URL

---

Step 1: Authentication

What You Need

Before starting, prepare:

• Your full name
• Email address
• Mobile number in E.164 format (like +1234567890)
• Optional: Your LinkedIn or GitHub profile URL

Make the Request

Endpoint: POST /api/auth

Example using curl:

curl -X POST https://your-api-domain.com/api/auth \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Jane Smith",
    "email": "jane@example.com",
    "mobile": "+1234567890",
    "profile_url": "https://linkedin.com/in/janesmith"
  }'

Example using Python:

import requests

response = requests.post('https://your-api-domain.com/api/auth', 
    json={
        'name': 'Jane Smith',
        'email': 'jane@example.com',
        'mobile': '+1234567890',
        'profile_url': 'https://linkedin.com/in/janesmith'
    }
)

data = response.json()
token = data['token']
print(f"Your token: {token}")
print(f"Deadline: {data['deadline']}")

Response

You'll receive:

{
  "token": "eyJhbGc...",  // SAVE THIS!
  "candidateId": "abc123...",
  "deadline": "2025-10-10T12:00:00Z",
  "stageUnlocked": 1,
  "firstStageUrl": "/api/v1/stages/1"
}

⚠️ IMPORTANT: Save your token somewhere safe! You'll need it for every request.

---

Step 2: Understanding Each Stage

Accessing a Stage

Endpoint: GET /api/v1/stages/{stage-number}

Example:

curl -X GET https://your-api-domain.com/api/v1/stages/1 \
  -H "Authorization: Bearer YOUR_TOKEN_HERE"

Python Example:

import requests

headers = {
    'Authorization': f'Bearer {token}'
}

response = requests.get('https://your-api-domain.com/api/v1/stages/1', 
    headers=headers
)

stage_data = response.json()
print(stage_data)

What You'll Get

{
  "stage": 1,
  "title": "E-commerce Tax & Discount Engine",
  "variantId": "ecom_v1",
  "dataset": {
    // Your unique dataset - DIFFERENT for every candidate!
    "orders": [...],
    "taxRules": [...],
    "coupons": [...]
  },
  "inputSchema": {
    // Structure of the input data
  },
  "expectedOutputSchema": {
    // Structure your answer must match
  },
  "rules": [
    "Calculate total after applying coupons",
    "Apply tax based on region",
    // ... more rules
  ],
  "hmacKeyHint": "a1b2c3d4",  // IMPORTANT for proof!
  "submitUrl": "/api/v1/stages/1",
  "timeRemaining": "P23H45M12S"
}

Understanding the Response

• dataset: Your unique data to process (each candidate gets different data!)
• rules: Business logic you must implement
• expectedOutputSchema: Format your answer must follow
• hmacKeyHint: Secret key needed for proof (explained later)

---

Step 3: Computing Your Answer

Write Code to Solve the Problem

Based on the rules and dataset, write code to compute the answer.

Example (Stage 1 - E-commerce):

def calculate_order_total(order, tax_rules, coupons):
    # Your logic here
    subtotal = sum(item['price'] * item['quantity'] for item in order['items'])

    # Apply coupon discount
    discount = apply_coupon(subtotal, coupons)
    subtotal_after_discount = subtotal - discount

    # Calculate tax
    tax = calculate_tax(subtotal_after_discount, order['region'], tax_rules)

    # Final total
    total = subtotal_after_discount + tax

    return {
        'orderId': order['id'],
        'subtotal': subtotal,
        'discount': discount,
        'tax': tax,
        'total': total
    }

# Process all orders in dataset
dataset = stage_data['dataset']
answers = []

for order in dataset['orders']:
    result = calculate_order_total(order, dataset['taxRules'], dataset['coupons'])
    answers.append(result)

# Your final answer
answer = {
    'orders': answers,
    'totalRevenue': sum(a['total'] for a in answers)
}

Important Notes

✅ Write reusable code - You'll need it for the final submission

✅ Follow the schema - Match the expectedOutputSchema exactly

✅ Test thoroughly - You only get 5 attempts per stage

❌ Don't manually calculate - Must use code (we track behavior)

---

Step 4: Creating Proof (HMAC & Hashing)

Why Do We Need Proof?

To prevent cheating, you must prove that you actually processed the data and didn't just guess or copy. You do this using cryptographic proof.

What is HMAC and SHA-256?

Don't worry - they're just standard functions available in all programming languages!

• SHA-256: Creates a unique "fingerprint" (hash) of your answer
• HMAC: Like SHA-256, but uses a secret key (the hmacKeyHint)

The Two Proofs Required

1. answerHash: SHA-256 hash of your answer (proves answer integrity)
2. hmac: HMAC-SHA256 of your answer using the secret key (proves you got the dataset)

Step-by-Step: Creating Proof

Step 1: Convert Answer to JSON String

import json

# Your computed answer
answer = {
    'orders': [...],
    'totalRevenue': 12345.67
}

# Convert to compact JSON (NO SPACES!)
answer_json = json.dumps(answer, separators=(',', ':'))
print(answer_json)
# Output: {"orders":[...],"totalRevenue":12345.67}

⚠️ CRITICAL: Use separators=(',', ':') in Python or JSON.stringify() with no spaces in JavaScript. The JSON must be compact!

Step 2: Compute SHA-256 Hash

Python:

import hashlib

answer_hash = hashlib.sha256(answer_json.encode()).hexdigest()
print(f"Answer Hash: {answer_hash}")

JavaScript/Node.js:

const crypto = require('crypto');

const answerHash = crypto
    .createHash('sha256')
    .update(answerJson)
    .digest('hex');
console.log(`Answer Hash: ${answerHash}`);

Step 3: Compute HMAC

Use the hmacKeyHint you received from the stage GET response.

Python:

import hmac
import hashlib

# The secret from the stage response
hmac_secret = "a1b2c3d4"  # from hmacKeyHint

# Compute HMAC
hmac_value = hmac.new(
    hmac_secret.encode(),
    answer_json.encode(),
    hashlib.sha256
).hexdigest()

print(f"HMAC: {hmac_value}")

JavaScript/Node.js:

const crypto = require('crypto');

// The secret from the stage response
const hmacSecret = "a1b2c3d4"; // from hmacKeyHint

// Compute HMAC
const hmacValue = crypto
    .createHmac('sha256', hmacSecret)
    .update(answerJson)
    .digest('hex');

console.log(`HMAC: ${hmacValue}`);

Step 4: Create Proof Object

proof = {
    'hmac': hmac_value,
    'answerHash': answer_hash
}

Complete Example (Python)

import json
import hashlib
import hmac

# Your answer
answer = {
    'orders': [
        {'orderId': 'ord_1', 'total': 105.50},
        {'orderId': 'ord_2', 'total': 220.00}
    ],
    'totalRevenue': 325.50
}

# Step 1: Convert to JSON (compact)
answer_json = json.dumps(answer, separators=(',', ':'))

# Step 2: Compute SHA-256 hash
answer_hash = hashlib.sha256(answer_json.encode()).hexdigest()

# Step 3: Compute HMAC (use the hint from GET response)
hmac_secret = "a1b2c3d4"  # from hmacKeyHint
hmac_value = hmac.new(
    hmac_secret.encode(),
    answer_json.encode(),
    hashlib.sha256
).hexdigest()

# Step 4: Create proof
proof = {
    'hmac': hmac_value,
    'answerHash': answer_hash
}

print(f"Proof ready: {proof}")

Complete Example (JavaScript)

const crypto = require('crypto');

// Your answer
const answer = {
    orders: [
        { orderId: 'ord_1', total: 105.50 },
        { orderId: 'ord_2', total: 220.00 }
    ],
    totalRevenue: 325.50
};

// Step 1: Convert to JSON
const answerJson = JSON.stringify(answer);

// Step 2: Compute SHA-256 hash
const answerHash = crypto
    .createHash('sha256')
    .update(answerJson)
    .digest('hex');

// Step 3: Compute HMAC (use the hint from GET response)
const hmacSecret = "a1b2c3d4"; // from hmacKeyHint
const hmacValue = crypto
    .createHmac('sha256', hmacSecret)
    .update(answerJson)
    .digest('hex');

// Step 4: Create proof
const proof = {
    hmac: hmacValue,
    answerHash: answerHash
};

console.log('Proof ready:', proof);

---

Step 5: Submitting Your Answer

The Request

Endpoint: POST /api/v1/stages/{stage-number}

Example:

curl -X POST https://your-api-domain.com/api/v1/stages/1 \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -H "Idempotency-Key: unique-key-12345" \
  -d '{
    "answer": {
      "orders": [...],
      "totalRevenue": 325.50
    },
    "proof": {
      "hmac": "abc123...",
      "answerHash": "def456..."
    }
  }'

Python Example:

import requests

headers = {
    'Authorization': f'Bearer {token}',
    'Content-Type': 'application/json',
    'Idempotency-Key': 'stage-1-attempt-1'  # Change for each attempt
}

payload = {
    'answer': answer,
    'proof': proof
}

response = requests.post(
    'https://your-api-domain.com/api/v1/stages/1',
    headers=headers,
    json=payload
)

result = response.json()
print(result)

Possible Responses

✅ Success (200)

{
  "status": "ok",
  "nextUrl": "/api/v1/stages/2",
  "timeRemaining": "P23H30M15S",
  "attemptsUsed": 1
}

What to do: Move to the next stage! 🎉

❌ Failure (400)

{
  "status": "fail",
  "errors": [
    "Order ord_1: Expected total 105.50 but got 100.00",
    "Total revenue mismatch: expected 325.50 but got 320.00"
  ],
  "hintBudgetRemaining": 4,
  "timeRemaining": "P23H30M15S"
}

What to do: Read the errors carefully! They tell you exactly what's wrong. Fix your code and try again.

🔒 Locked (423)

{
  "error": "Locked",
  "message": "Too many failed attempts. Stage is temporarily locked.",
  "retryAfter": 1800
}

What to do: Wait 30 minutes, or move to the next stage and come back later.

---

Step 6: Final Code Submission

After Completing All 6 Stages

Once you've passed all stages, submit your code for review.

Prepare Your Code

1. Clean up your code: Remove debugging statements, organize files
2. Write a README: Include setup and run instructions
3. List dependencies: requirements.txt, package.json, etc.
4. Make it runnable: Should work for all 6 stages

Example Project Structure

my-hiring-challenge/
├── README.md
├── requirements.txt (or package.json)
├── main.py (or index.js)
├── stages/
│   ├── stage1.py
│   ├── stage2.py
│   ├── ...
├── utils/
│   ├── api_client.py
│   ├── proof_generator.py
└── config.py

Upload to GitHub Gist

Option 1: GitHub Gist (Recommended for single-file or small projects)

1. Go to https://gist.github.com
2. Create a new Gist
3. Add your files
4. Make it Public
5. Copy the URL

Option 2: GitHub Repository (For larger projects)

1. Create a new public repository
2. Push your code
3. Copy the repository URL

Submit the URL

Endpoint: POST /api/v1/submissions

Example:

curl -X POST https://your-api-domain.com/api/v1/submissions \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "artifact_url": "https://gist.github.com/yourusername/abc123def456",
    "language": "Python",
    "entrypoint": "python main.py <stage-number>",
    "notes": "Uses requests library. Run with Python 3.8+. Pass stage number (1-6) as argument."
  }'

Python Example:

import requests

headers = {
    'Authorization': f'Bearer {token}',
    'Content-Type': 'application/json'
}

submission = {
    'artifact_url': 'https://gist.github.com/yourusername/abc123def456',
    'language': 'Python',
    'entrypoint': 'python main.py <stage-number>',
    'notes': 'Uses requests library. Run with Python 3.8+.'
}

response = requests.post(
    'https://your-api-domain.com/api/v1/submissions',
    headers=headers,
    json=submission
)

print(response.json())

Success Response

{
  "status": "received",
  "submissionId": "sub_123456",
  "checksum": "sha256:abc123...",
  "timeRemaining": "P2H15M30S",
  "message": "Your submission has been received successfully. You will be contacted with the results."
}

---

Important Rules

🕐 Time Management

• You have 24 hours from authentication
• Plan to finish with time to spare
• If you get stuck, move to the next stage

🔓 Sequential Progression

• Must complete Stage 1 to unlock Stage 2
• Must complete Stage 2 to unlock Stage 3
• And so on...

🎯 Attempts & Lockouts

• 5 attempts per stage
• After 5 failed attempts: 30-minute lockout
• Use your attempts wisely - read errors carefully

🚫 No Cheating

• Each candidate gets unique datasets
• Copying won't work (different data)
• Behavioral tracking detects manual solving
• Write code, don't manually calculate

🔑 Idempotency

• Use Idempotency-Key header for safe retries
• If network fails, retry with same key
• Prevents duplicate submissions

⏱️ Rate Limits

• Maximum 60 requests per minute
• Spread out your requests
• Don't spam the API

---

Tips & Tricks

For Beginners 🌱

1. Start Simple: Do Stage 1 manually first to understand the pattern
2. Test HMAC First: Write a simple test to verify your HMAC generation works
3. Use Libraries: Don't write crypto from scratch - use hashlib, crypto, etc.
4. JSON Formatting: Test with a simple object first to get JSON format right
5. Save Progress: Write code as you go - you'll need it for final submission
6. Read Errors: The error messages are helpful - they tell you exactly what's wrong

For Efficiency 💡

1. Reusable Functions: Write functions you can use across all stages
2. Config File: Store your token and base URL in one place
3. API Client: Write a wrapper class for making requests
4. Proof Generator: Create a utility function for HMAC/hash generation
5. Logging: Log your requests and responses for debugging

Example Utility Function

import json
import hashlib
import hmac

def create_proof(answer, hmac_secret):
    """Generate proof for stage submission"""
    # Convert to compact JSON
    answer_json = json.dumps(answer, separators=(',', ':'))

    # Compute hash
    answer_hash = hashlib.sha256(answer_json.encode()).hexdigest()

    # Compute HMAC
    hmac_value = hmac.new(
        hmac_secret.encode(),
        answer_json.encode(),
        hashlib.sha256
    ).hexdigest()

    return {
        'hmac': hmac_value,
        'answerHash': answer_hash
    }

# Usage
proof = create_proof(my_answer, "a1b2c3d4")

---

Troubleshooting

❌ "Invalid proof. HMAC or hash mismatch"

Causes:

• Wrong hmacKeyHint - check you copied it correctly
• Extra spaces in JSON - use separators=(',', ':') in Python
• Wrong encoding - make sure to use .encode() in Python

Solution:

# Double-check your JSON has no spaces
answer_json = json.dumps(answer, separators=(',', ':'))
print(answer_json)  # Should have NO spaces

# Verify you're using the exact hmacKeyHint
print(f"Using secret: {hmac_secret}")

❌ "Answer validation failed"

Causes:

• Your answer doesn't match the expected schema
• Calculation errors in your code
• Missing required fields

Solution:

• Read the error messages carefully - they're specific!
• Compare your output to expectedOutputSchema
• Check data types (numbers vs strings)
• Verify all required fields are present

❌ "Token expired" or "Unauthorized"

Causes:

• 24 hours have passed
• Token is incorrect or malformed

Solution:

• Check your token hasn't expired
• Verify you're using Bearer <token> format
• Make sure there are no extra spaces or line breaks in token

❌ "Stage is locked"

Causes:

• 5 failed attempts used up

Solution:

• Wait 30 minutes
• Or move to the next stage and come back later
• Use remaining time to work on other stages

🐛 General Debugging Tips

1. Print Everything: Log requests, responses, intermediate values
2. Test Small: Test your HMAC generation with a simple example first
3. Check JSON: Print your JSON string before hashing
4. Verify Schema: Compare your answer to the expected schema
5. Read Errors: Error messages are specific - they tell you what's wrong
6. Take Breaks: If stuck, take a break and come back with fresh eyes

---

The 6 Stages Overview

1. Stage 1: E-commerce Tax & Discount Engine

   • Calculate order totals with coupons and taxes
   • Skills: Data processing, business logic

2. Stage 2: ERP Inventory Allocation

   • Allocate orders across multiple warehouses
   • Skills: Optimization, constraint handling

3. Stage 3: CRM Customer Deduplication

   • Find and merge duplicate customer records
   • Skills: Fuzzy matching, string algorithms

4. Stage 4: HRMS Leave Management

   • Calculate leave accruals and detect conflicts
   • Skills: Date handling, business rules

5. Stage 5: FinOps Transaction Reconciliation

   • Match transactions across different systems
   • Skills: Data matching, reconciliation logic

6. Stage 6: Distributed Saga Orchestration

   • Manage distributed transactions with compensations
   • Skills: State machines, event handling

---

Need Help?

Before Asking for Help

1. ✅ Read this guide completely
2. ✅ Check the error messages - they're specific
3. ✅ Review the /api/instructions endpoint
4. ✅ Verify your JSON formatting and proof generation
5. ✅ Check you haven't exceeded time or rate limits

Common Questions

Q: Can I use any programming language?

A: Yes! Python, JavaScript, Java, Go, Ruby - whatever you're comfortable with.

Q: Do I need to solve stages in order?

A: Yes, each stage unlocks the next one sequentially.

Q: What if I run out of time?

A: The 24-hour timer is strict. Plan accordingly and don't start until you're ready.

Q: Can I use external libraries?

A: Absolutely! Use whatever libraries help you solve the problems.

Q: What should my final submission look like?

A: Clean, well-documented code that can solve all 6 stages with clear run instructions.

---

Final Checklist ✅

Before you start:

• [ ] Read this entire guide
• [ ] Set up your development environment
• [ ] Test your HTTP request tool (curl/Postman/code)
• [ ] Understand HMAC and SHA-256 generation
• [ ] Create GitHub account (for final submission)
• [ ] Have 24 hours of available time

During the challenge:

• [ ] Save your authentication token
• [ ] Track time remaining
• [ ] Write reusable code
• [ ] Test proof generation first
• [ ] Read error messages carefully
• [ ] Use idempotency keys

Before final submission:

• [ ] Complete all 6 stages
• [ ] Clean up and document code
• [ ] Create README with run instructions
• [ ] List all dependencies
• [ ] Upload to GitHub Gist/repo
• [ ] Test the URL is publicly accessible
• [ ] Submit the URL

---

Good Luck! 🎉

You've got this! Remember:

• Take your time to understand each stage
• Write clean, reusable code
• Test thoroughly before submitting
• Use the error messages to debug
• Don't hesitate to use all 5 attempts if needed

Most importantly: This is about problem-solving and coding skills, not tricks. Write the best code you can, learn from any mistakes, and show us what you can do!

Happy coding! 💻✨