Spare part was out of stock

Webhook 

Starter	Premium	Ultimate
❌	✔️	✔️

Triggered when a spare part is out of stock after consumption or stock update

Request

Responses

200

The endpoint should return 200 status to indicate that the data was received successfully.

Authorization: X-MW-Signature

name: X-MW-Signaturetype: apiKeyin: headerdescription: If you've created a `secret key` when creating your webhook, every webhook call on your endpoint
will provide a signature so that you can verify the origin of the request and ensure it
has been made by the configured webhook and not from any other source.

In the `X-MW-Signature` HTTP header of the request to your endpoint you'll find the signature information.
It contains a string of characters formatted as following:

`t={timestamp},nonce={nonce},signature={signature}`
* `{timestamp}`: it is the Unix timestamp of when the request was created (ex: `1660338149`)
* `{nonce}`: it is a random string of characters (ex: `752c14ea195c460bac3c3b7896975ee9fd15eeb7`)
* `{signature}`: the signature computed from your `secret key`, the `nonce` and the `timestamp` (ex: `0b218e3166231b8b44ed11b5401d4de5e7e79d3e7d51415338a3e76df29372ba`)

When you receive a signed request, you can retrieve all these information to compute the same signature on your end
and check if the signature provided and the one you've computed match.

**How to compute the signature from a signed request?**

First you need to create a string of characters concatenating the `timestamp`, the `nonce` and the `payload` in that order, separated by a dot (`.`).

Then, using the `HMAC` method, you'll generate the `keyed hash` of the previously created string of characters using your `secret key`.

You can now compare the signature you received and the one you've just computed.

For example in `php`:
```php
$requestSignature = '<the signature received>';

$content = sprintf('%s.%s.%s', $timestamp, $nonce, $payload);
$signature = hash_hmac('sha256', $content, $secretKey);

if ($signature === $requestSignature) { /* the request is from the webhook */ }
else { /* You should not accept this request */ }
```

**What to do with the `nonce` and the `timestamp`?**

The `nonce` is to be considered as the identifier of the webhook request. You can use
it to ignore requests with the same `nonce` as a previous request you've already processed
(This could happen if a webhook system would allow to resend past requests for example).

The `timestamp` allows you you to know when the request was made. If you were to receive
a request with a `timestamp` too old (maybe from 1 hour ago) for your system, you could
filter on that value as the event included might already be stale.

You must also keep in mind that either of this two values (`nonce` and `timestamp`) can allow
you to prevent your system from being corrupted by `Replay Attacks` (a `Replay Attacks` describes
a type of attack where the attacker intercept and re-send the same request multiple times to the endpoint).

Using the `nonce` to reject a request because you recognize it from a previous one or
using a (short) time-based rejection rule using the `timestamp` can help you identify these
requests and ignore them.

**General Information**

As all the security management is made on the receiving end (your endpoint), **you can completely ignore the signature**,
nonetheless we **strongly advise you to use it** to prevent any mis-usage of your endpoint from a third party.

Request Collapse all

Auth

WebhookSigningKey

Parameters

User-Agent — headerrequired

Body

• Example (from schema)
• default

{
  "_event": "string",
  "_date": "2024-07-29T15:51:28.071Z",
  "_metadata": [
    null
  ],
  "stock": {
    "location": {
      "locationId": "string",
      "name": "string"
    }
  },
  "sparePart": {
    "sparePartId": "string",
    "name": "string",
    "articleCode": "string"
  },
  "movement": {
    "on": "2024-07-29T15:51:28.071Z"
  }
}

ResponseClear

Click the Send API Request button above and see the response here!