Webhooks

Webhooks push real-time event notifications to your server when things happen in Inventory Pro — items received, orders created, stock levels changed. Instead of polling the API, register a URL and the system POSTs events to it.

Endpoints

Method	Path	Description
GET	`/Webhook`	List your subscriptions
GET	`/Webhook/{id}`	Get a subscription
POST	`/Webhook`	Create a subscription
PUT	`/Webhook/{id}`	Update a subscription
DELETE	`/Webhook/{id}`	Delete a subscription
POST	`/Webhook/{id}/test`	Send a test event
GET	`/Webhook/{id}/log`	View delivery history

All webhook endpoints require the Webhook Administration permission (SecurityID 370).

Subscription Model

Each subscription belongs to the API client that created it. You can only see and manage your own subscriptions.

List Response

{
  "value": [
    {
      "rec": 5,
      "name": "ERP Sync",
      "url": "https://erp.example.com/webhooks/inventory",
      "events": "inventory.received,inventory.issued",
      "payloadMode": 1,
      "active": true,
      "disableType": 0,
      "failureCount": 0,
      "failureDays": 0,
      "lastSuccess": "2025-06-01T14:30:00Z",
      "lastFailure": null,
      "lastError": null,
      "created": "2025-01-10T09:00:00Z",
      "modified": "2025-06-01T14:30:00Z"
    }
  ],
  "totalCount": 3,
  "page": 1,
  "pageSize": 25,
  "pageCount": 1,
  "hasMore": false
}

Subscription Fields

Field	Type	Description
`rec`	integer	Subscription ID
`name`	string	Friendly name for this subscription
`url`	string	Your endpoint URL (must be HTTPS)
`events`	string	Comma-separated list of event types to subscribe to
`payloadMode`	integer	1 = full payload, 2 = ID-only (you fetch details separately)
`active`	boolean	Whether the subscription is currently delivering
`disableType`	integer	0 = active, 1 = disabled by failures, 2 = disabled manually
`failureCount`	integer	Consecutive delivery failures
`failureDays`	integer	Days since last successful delivery
`lastSuccess`	datetime	Last successful delivery timestamp
`lastFailure`	datetime	Last failed delivery timestamp
`lastError`	string	Error message from last failure
`created`	datetime	When the subscription was created
`modified`	datetime	Last modification timestamp

Create a Subscription

POST /Webhook

Request Body

{
  "name": "ERP Sync",
  "url": "https://erp.example.com/webhooks/inventory",
  "events": "inventory.received,inventory.issued,item.created",
  "payloadMode": 1,
  "active": true,
  "headers": {
    "X-Custom-Header": "my-value"
  }
}

Required Fields

Field	Type	Description
`name`	string	Display name for the subscription
`url`	string	HTTPS endpoint to receive events
`events`	string	Comma-separated event types
`payloadMode`	integer	1 (full) or 2 (ID-only)
`active`	boolean	Start delivering immediately

Optional Fields

Field	Type	Description
`secret`	string	Signing secret (auto-generated if omitted)
`headers`	object	Custom headers to include in deliveries

Response

{
  "rec": 5,
  "secret": "whsec_a1b2c3d4e5f6..."
}

The signing secret is returned only on creation. Store it securely — you’ll need it to verify webhook signatures.

Update a Subscription

PUT /Webhook/5

Same body format as create. Include all fields you want set — the entire subscription is replaced (except the secret, which is only updated if you provide a new value).

Returns 200 on success, 404 if the subscription doesn’t exist or isn’t yours.

Delete a Subscription

DELETE /Webhook/5

Permanently removes the subscription and its delivery history.

Returns 200 on success, 404 if not found.

Test a Subscription

POST /Webhook/5/test

Sends a test event to your endpoint. The subscription must be active.

Response

{
  "success": true,
  "statusCode": 200,
  "duration": 342.5,
  "errorMessage": null,
  "payload": "{\"event\":\"test\",\"data\":{...}}"
}

Field	Type	Description
`success`	boolean	Whether your endpoint returned 2xx
`statusCode`	integer	HTTP status code from your endpoint
`duration`	float	Round-trip time in milliseconds
`errorMessage`	string	Error details if delivery failed
`payload`	string	The JSON payload that was sent

Delivery Log

GET /Webhook/5/log?page=1&pageSize=25

View the delivery history for a subscription.

Response

{
  "value": [
    {
      "rec": 1042,
      "event": "inventory.received",
      "reference": "RecNo:15234",
      "statusCode": 200,
      "success": true,
      "attempt": 1,
      "duration": 285.3,
      "errorMessage": null,
      "payloadSize": 1842,
      "created": "2025-06-01T14:30:00Z"
    }
  ],
  "totalCount": 156,
  "page": 1,
  "pageSize": 25,
  "pageCount": 7,
  "hasMore": true
}

Verifying Signatures

Every webhook delivery includes an HMAC-SHA256 signature in the X-Webhook-Signature header, computed from the raw request body using your subscription’s signing secret.

Verification Example (C#)

using System.Security.Cryptography;
using System.Text;

public bool VerifySignature(string body, string signature, string secret)
{
    using (var hmac = new HMACSHA256(Encoding.UTF8.GetBytes(secret)))
    {
        var hash = hmac.ComputeHash(Encoding.UTF8.GetBytes(body));
        var expected = "sha256=" + BitConverter.ToString(hash)
            .Replace("-", "").ToLowerInvariant();
        return signature == expected;
    }
}

Verification Example (PowerShell)

function Test-WebhookSignature {
    param([string]$Body, [string]$Signature, [string]$Secret)

    $hmac = New-Object System.Security.Cryptography.HMACSHA256
    $hmac.Key = [Text.Encoding]::UTF8.GetBytes($Secret)
    $hash = $hmac.ComputeHash([Text.Encoding]::UTF8.GetBytes($Body))
    $expected = "sha256=" + [BitConverter]::ToString($hash).Replace("-","").ToLower()
    return $Signature -eq $expected
}

Always verify signatures before processing webhook payloads to ensure the request came from Inventory Pro.

Retry Behavior

Failed deliveries (non-2xx response or timeout) are retried with exponential backoff. After repeated failures, the subscription is automatically disabled (disableType = 1). Re-enable it by updating the subscription with active: true after fixing your endpoint.

Event Types

Events follow the pattern resource.action. Subscribe to specific events.

Available events vary by deployment. Common events:

Event	Trigger
`inventory.received`	Stock received into warehouse
`inventory.issued`	Stock issued out
`inventory.moved`	Stock relocated between bins or warehouses
`item.created`	New item added to catalog
`item.updated`	Item record modified
`order.created`	Purchase or shipping order created
`order.completed`	Order finalized

Your instance’s Swagger documentation lists the full set of events available for subscription.

Permissions

All webhook operations require the Webhook Administration permission (SecurityID 370).