Skip to main content
Webhooks

Use Aboard's Webhooks feature to fetch employee information

Adam de Lancey avatar
Written by Adam de Lancey
Updated over a week ago

Getting started

To create a webhook, you will need to have Admin access.

First, click on your Company settings, then webhooks. Here, you will be able to create new webhooks and delete old ones.

To create a new one, click "New webhook", then add a name and webhook URL. Once created, a Signature secret will be available for you.

Webhook events

Three employee events trigger the webhook:

  1. profile_created - sent when a new employee is added to your list of Employees.

  2. profile_updated - sent when any update is made to an existing employee

  3. profile_archived - sent when an employee's profile is archived.

Included data

The fields that are currently included in a webhook event are:

  • first_name

  • last_name

  • work_email

  • personal_email

  • job_title

  • department_name

  • manager_email

  • first_day_of_work

When a new webhook is created or failed, an email notification will be sent to all admins.

Verifying signatures

To make sure a request was sent from Aboard to your webhook URL, you can verify the signature by calculating it yourself and then compare it against the one found in the X-Signature header.

To do this, you'll first need to fetch the timestamp from the X-Request-Timestamp header, as well as your Signature secret (found in your webhook settings in Aboard).

Once you have that, you need to build an interpolated string with the following format.

v0:<timestamp>:<request body>

The final step is to then calculate the HMAC value with your Signature secret as the token.

To do this in Ruby, you can use the OpenSSL::HMAC class.

OpenSSL::HMAC.hexdigest("SHA256", signature_secret, "v0:#{timestamp}:#{payload}")
Did this answer your question?