Webhooks

Navigate quickly to:



Using webhooks


To start using webhooks with Robaws, register your webhook endpoint by doing a POST on /api/v2/webhook-endpoints. For the full request definition see the api reference docs. Please do store the secret we return to you on endpoint creation, because you will need it to verify our signatures.


After a few seconds, when your subscription becomes active, you should receive HTTP POST calls from us to the URL you specified.


This is an example of such a HTTP POST:


POST https://your-host/your-webhook-endpoint

Content-Type: application/json

Robaws-Signature: t=1674742714,v1=signature

{
"id":"37de8552-0007-4269-a76c-06a9415c8b65",
"event":"client.updated",
"data": {
....
}
}


Verifying the signature


It is important that you verify the signature we send in the 'Robaws-Signature' header, because otherwise you can not trust that the HTTP call is coming from Robaws. This is especially important because we are not only sending the id in the event, but the full data.


In order to verify our signature, you need the secret we returned on endpoint creation.


Step 1: extract the timestamp and the signature from the header


Split the header, using the , character as the separator, to get a list of elements. Then split each element, using the = character as the separator, to get a prefix and value pair.

The value for the prefix t corresponds to the timestamp, and v1 corresponds to the signature. You can discard all other elements.

If you split those again on "=", it gives you the values you need.


Step 2: prepare the signed_payload string


The signed_payload string is created by concatenating:


The timestamp (as a string)

The character .

The actual JSON payload (that is, the request body)


Step 3: Determine the expected signature


Compute an HMAC with the SHA256 hash function. Use the endpoint’s signing secret as the key, and use the signed_payload string as the message. Convert the result to hex representation.


Step 4: Compare the signatures


Compare the signature in the header to the expected signature. For an equality match, compute the difference between the current timestamp and the received timestamp, then decide if the difference is within your tolerance to protect against replay attacks. To protect against timing attacks, use a constant-time string comparison to compare the expected signature to each of the received signatures.


Some considerations


  • Only admin users can register endpoints. Currently there is no UI for registering webhook endpoints. It can only be done via the API.
  • We consider the webhook successful when the endpoint returns an 2XX response. We will retry several times as long as your endpoint fails to responsd successfully. Our connection timeout is 2 seconds and read timeout is 2 seconds. That means, if we don't receive a response within 2 seconds, we will keep retrying the request until we do. If we never get any successful response, we may suspend your webhook without warning.
  • Webhooks can be tested easily using https://webhook.site



Supported event types


Currently, the following event types are supported. If you need another event, please let us know via support@robaws.be.


Clients

client.created

client.updated


Sales invoices

sales-invoice.created

sales-invoice.updated


Offers

offer.created

offer.updated


Projects

project.created

project.updated


Articles

article.created

article.updated

article.stock-changed


Employees

employee.created

employee.updated


Planning items

planning-item.created

planning-item.updated


Work orders

work-order.created

work-order.updated


Materials

material.created

material.updated


Installations

installation.created

installation.updated


Documents

document.created

document.updated


Orders

sales-order.created

sales-order.updated


Posts

post.created

post.updated


Purchase invoices

purchase-invoice.created

purchase-invoice.updated


Stock Change

stock-change.created

stock-change.updated


Suppliers

supplier.created

supplier.updated


Time Tickets

work-order.created

work-order.updated


Article Groups

article-group.created

article-group.updated


Activities

activitie.created

activitie.updated


Agreement Type

agreement-type.created

agreement-type.updated


App Users

user.created

user.updated


Companies

companie.created

companie.updated


Notifications

notification.created

notification.updated


Stock Reservations

stock-reservation.created

stock-reservation.updated


Price Requests

price-request.created

price-request.updated


Supplier Price Requests

supplier-price-request.created

supplier-price-request.updated


Supply Orders

supply-order.created

supply-order.updated


Internal Supply Orders

internal-supply-order.created

internal-supply-order.updated


Price Request Supply Orders

price-request-supply-order.created

price-request-supply-order.updated


Call Off Supply Orders

call-off-supply-order.created

call-off-supply-order.updated


Purchase Supply Orders

purchase-supply-order.created

purchase-supply-order.updated


Rental Supply Orders

rental-supply-order.created

rental-supply-order.updated


Subcontractor Supply Orders

subcontractor-supply-order.created

subcontractor-supply-order.updated


Transport Supply Orders

transport-supply-order.created

transport-supply-order.updated


Payment Conditions

payment-condition.created

payment-condition.updated


Accountancy Code - General Ledger Accounts

general-ledger-account.created

general-ledger-account.updated


Price Groups

price-group.created

price-group.updated


legal.form.created

legal.form.updated


VAT Tariffs

vat-tarrifs.created

vat-tarrifs.updated


Contacts

contact.created

contact.updated


Settlements

settlement.created

settlement.updated


Form Templates

form-template.created

form-template.updated


Form Answers

form-answer.created

form-answer.updated


Stock Locations

stock-location.created

stock-location.updated


Subscriptions

subscription.created

subscription.updated


Claim states

claim-state.created

claim-state.updated


Cash Registers

cash-register.created

cash-register.updated


Cash Entries

cash-entrie.created

cash-entrie.updated


Cash Register Closings

cash-register-closing.created

cash-register-closing.updated


Bank Payments

bank-payment.created

bank-payment.updated


Employee Roles

employee-role.created

employee-role.updated


Comments

comment.created

comment.updated


Recurrence Type

recurrence-type.created

recurrence-type.updated


Dico Endpoints

dico-endpoint.created

dico-endpoint.updated


Planning Types

planning-type.created

planning-type.updated


Form Answer Elements

form-answer-element.created

form-answer-element.updated


Tasks

task.created

task.updated


Hour Types

hour-type.created

hour-type.updated


Mobility Types

mobility-type.created

mobility-type.updated


Delivery Notes

delivery-note.created

delivery-note.updated


Place Transports

place-transport.created

place-transport.updated


Time Registrations

time-registration.created

time-registration.updated


Transports

transport.created

transport.updated


Absence Hours / Absences

absence.created

absence.updated


Journals

journal.created

journal.updated


Project Supply Routes

project-supply-route.created

project-supply-route.updated


Weekly Schedules

weekly-schedule.created

weekly-schedule.updated


Acceptance Flow Rules

acceptance-flow-rule.created

acceptance-flow-rule.updated


Execution Phases

execution-phase.created

execution-phase.updated


Time Norms

time-norm.created

time-norm.updated

Bijgewerkt op: 29/07/2025

Was dit artikel nuttig?

Deel uw feedback

Annuleer

Dankuwel!