Webhooks
Navigate quickly to:
Using webhooks
To start using webhooks with Robaws, register your webhook endpoint by doing a POST on /api/v2/webhook-endpoints. For the full request definition see the api reference docs. Please do store the secret we return to you on endpoint creation, because you will need it to verify our signatures.
After a few seconds, when your subscription becomes active, you should receive HTTP POST calls from us to the URL you specified.
This is an example of such a HTTP POST:
POST https://your-host/your-webhook-endpoint
Content-Type: application/json
Robaws-Signature: t=1674742714,v1=signature
{
"id":"37de8552-0007-4269-a76c-06a9415c8b65",
"event":"client.updated",
"data": {
....
}
}
Verifying the signature
It is important that you verify the signature we send in the 'Robaws-Signature' header, because otherwise you can not trust that the HTTP call is coming from Robaws. This is especially important because we are not only sending the id in the event, but the full data.
In order to verify our signature, you need the secret we returned on endpoint creation.
Step 1: extract the timestamp and the signature from the header
Split the header, using the , character as the separator, to get a list of elements. Then split each element, using the = character as the separator, to get a prefix and value pair.
The value for the prefix t corresponds to the timestamp, and v1 corresponds to the signature. You can discard all other elements.
If you split those again on "=", it gives you the values you need.
Step 2: prepare the signed_payload string
The signed_payload string is created by concatenating:
The timestamp (as a string)
The character .
The actual JSON payload (that is, the request body)
Step 3: Determine the expected signature
Compute an HMAC with the SHA256 hash function. Use the endpoint’s signing secret as the key, and use the signed_payload string as the message. Convert the result to hex representation.
Step 4: Compare the signatures
Compare the signature in the header to the expected signature. For an equality match, compute the difference between the current timestamp and the received timestamp, then decide if the difference is within your tolerance to protect against replay attacks. To protect against timing attacks, use a constant-time string comparison to compare the expected signature to each of the received signatures.
Some considerations
- Only admin users can register endpoints. Currently there is no UI for registering webhook endpoints. It can only be done via the API.
- We consider the webhook successful when the endpoint returns an 2XX response. We will retry several times as long as your endpoint fails to responsd successfully. Our connection timeout is 2 seconds and read timeout is 2 seconds. That means, if we don't receive a response within 2 seconds, we will keep retrying the request until we do. If we never get any successful response, we may suspend your webhook without warning.
- Webhooks can be tested easily using https://webhook.site
Supported event types
Currently, the following event types are supported. If you need another event, please let us know via support@robaws.be.
Clients
client.created
client.updated
Sales invoices
sales-invoice.created
sales-invoice.updated
Offers
offer.created
offer.updated
Projects
project.created
project.updated
Articles
article.created
article.updated
article.stock-changed
Employees
employee.created
employee.updated
Planning items
planning-item.created
planning-item.updated
Work orders
work-order.created
work-order.updated
Materials
material.created
material.updated
Installations
installation.created
installation.updated
Documents
document.created
document.updated
Orders
sales-order.created
sales-order.updated
Posts
post.created
post.updated
Purchase invoices
purchase-invoice.created
purchase-invoice.updated
Stock Change
stock-change.created
stock-change.updated
Suppliers
supplier.created
supplier.updated
Time Tickets
work-order.created
work-order.updated
Article Groups
article-group.created
article-group.updated
Activities
activitie.created
activitie.updated
Agreement Type
agreement-type.created
agreement-type.updated
App Users
user.created
user.updated
Companies
companie.created
companie.updated
Notifications
notification.created
notification.updated
Stock Reservations
stock-reservation.created
stock-reservation.updated
Price Requests
price-request.created
price-request.updated
Supplier Price Requests
supplier-price-request.created
supplier-price-request.updated
Supply Orders
supply-order.created
supply-order.updated
Internal Supply Orders
internal-supply-order.created
internal-supply-order.updated
Price Request Supply Orders
price-request-supply-order.created
price-request-supply-order.updated
Call Off Supply Orders
call-off-supply-order.created
call-off-supply-order.updated
Purchase Supply Orders
purchase-supply-order.created
purchase-supply-order.updated
Rental Supply Orders
rental-supply-order.created
rental-supply-order.updated
Subcontractor Supply Orders
subcontractor-supply-order.created
subcontractor-supply-order.updated
Transport Supply Orders
transport-supply-order.created
transport-supply-order.updated
Payment Conditions
payment-condition.created
payment-condition.updated
Accountancy Code - General Ledger Accounts
general-ledger-account.created
general-ledger-account.updated
Price Groups
price-group.created
price-group.updated
Legal Forms
legal.form.created
legal.form.updated
VAT Tariffs
vat-tarrifs.created
vat-tarrifs.updated
Contacts
contact.created
contact.updated
Settlements
settlement.created
settlement.updated
Form Templates
form-template.created
form-template.updated
Form Answers
form-answer.created
form-answer.updated
Stock Locations
stock-location.created
stock-location.updated
Subscriptions
subscription.created
subscription.updated
Claim states
claim-state.created
claim-state.updated
Cash Registers
cash-register.created
cash-register.updated
Cash Entries
cash-entrie.created
cash-entrie.updated
Cash Register Closings
cash-register-closing.created
cash-register-closing.updated
Bank Payments
bank-payment.created
bank-payment.updated
Employee Roles
employee-role.created
employee-role.updated
Comments
comment.created
comment.updated
Recurrence Type
recurrence-type.created
recurrence-type.updated
Dico Endpoints
dico-endpoint.created
dico-endpoint.updated
Planning Types
planning-type.created
planning-type.updated
Form Answer Elements
form-answer-element.created
form-answer-element.updated
Tasks
task.created
task.updated
Hour Types
hour-type.created
hour-type.updated
Mobility Types
mobility-type.created
mobility-type.updated
Delivery Notes
delivery-note.created
delivery-note.updated
Place Transports
place-transport.created
place-transport.updated
Time Registrations
time-registration.created
time-registration.updated
Transports
transport.created
transport.updated
Absence Hours / Absences
absence.created
absence.updated
Journals
journal.created
journal.updated
Project Supply Routes
project-supply-route.created
project-supply-route.updated
Weekly Schedules
weekly-schedule.created
weekly-schedule.updated
Acceptance Flow Rules
acceptance-flow-rule.created
acceptance-flow-rule.updated
Execution Phases
execution-phase.created
execution-phase.updated
Time Norms
time-norm.created
time-norm.updated
Bijgewerkt op: 29/07/2025
Dankuwel!