This article covers the following topics:

• What is a webhook?
• Information that can be communicated via webhooks

• Default protocol and format of our webhooks

• Confirming the authenticity of webhook messages sent by Stock & Trace

What is a webhook?

A webhook is a way for two applications to communicate automatically when something important happens in one of them. Instead of one application having to constantly ask if there are updates, the webhook sends a direct notification to the other application in real time.

Information that can be communicated via webhooks

Outbound message communication via webhook from Stock & Trace allows communicating when:

1. A Shipping order has been changed to the Shipped status.
2. A Receive order has been changed to the Received status.
3. Inventory movements have been made between warehouses.

Default protocol and format of our webhooks

In Stock & Trace, webhooks automatically send information using an HTTP POST request in JSON format to a URL configured in the external system. This allows for direct and efficient integration with other systems, facilitating the exchange of data in real time.

In addition to HTTP JSON webhooks, Stock & Trace also supports other types of webhooks, such as AS2 or SOAP, offering custom solutions for integrations with external systems according to specific needs. These additional services are provided on-demand, which means they are custom-configured according to the requirements of each client or project.

Confirming the authenticity of webhook messages sent by Stock & Trace

To ensure security in the connection between Stock & Trace and the external system, it is crucial that the receiving system confirms that the messages legitimately come from Stock & Trace. This validation must be done in the external system before processing any information.

To allow this validation, when configuring a new webhook in Stock & Trace, a secret code is provided that allows the external system to verify the authenticity of the messages. This way, it only accepts messages coming from Stock & Trace, while any message from an unverified source will be rejected. This process helps protect the system against possible fraud attempts or malicious attacks.