Getting started
To create a webhook, you will need to have Admin access.
First, click on your Company settings, then webhooks. Here, you will be able to create new webhooks and delete old ones.
To create a new one, click "New webhook", then add a name and webhook URL. Once created, a Signature secret will be available for you.
Webhook events
Three employee events trigger the webhook:
profile_created - sent when a new employee is added to your list of Employees.
profile_updated - sent when any update is made to an existing employee
profile_archived - sent when an employee's profile is archived.
Included data
The fields that are currently included in a webhook event are:
first_name
last_name
work_email
personal_email
job_title
department_name
manager_email
first_day_of_work
When a new webhook is created or failed, an email notification will be sent to all admins.
Verifying signatures
To make sure a request was sent from Aboard to your webhook URL, you can verify the signature by calculating it yourself and then compare it against the one found in the X-Signature header.
To do this, you'll first need to fetch the timestamp from the X-Request-Timestamp header, as well as your Signature secret (found in your webhook settings in Aboard).
Once you have that, you need to build an interpolated string with the following format.
v0:<timestamp>:<request body>
The final step is to then calculate the HMAC value with your Signature secret as the token.
To do this in Ruby, you can use the OpenSSL::HMAC class.
OpenSSL::HMAC.hexdigest("SHA256", signature_secret, "v0:#{timestamp}:#{payload}")