Discover how to automatically receive orders from Apicbase to your system
Apicbase uses a webhook to almost instantly forward a purchase order to your system. We only require you to implement the product catalogue part as a first step (see here to get started).
After you completed the product catalogue part, the only thing you need to do is set an HTTP/S endpoint and share the URL with supplier_support@apicbase.com.
Purchase order data schema
Your endpoint should expect data in the following schema:
{
"id": string, -> Apicbase internal Purchase Order ID
"order_number": string,
"status": "ORDERED", -> fixed value
"ordered_on": datetime,
"owned_by": {"username": string} | null,
"order_remarks": string | null,
"packages": [
{
"stock_item": {
"name": string
},
"supplier_package": {
"supplier_article_number": string,
"theoretical_price_per_package": string
},
"quantity_ordered": integer,
"total_theoretical_price": string
}
],
"expected_delivery_date": datetime | null,
"theoretical_price": string,
"supplier_customer_number": string
}
An important note about security
For every request we'll send a value for the X-APIC-WEBHOOK-SIGNATURE header key. We strongly advise that you use this value to verify if the payload you are receiving is indeed being sent by Apicbase. To do so you have to use your client secret and the payload received to generate a HMAC-SHA256 Hexdigest value.
The client secret default value is the one you use to generate new tokens, but if you want to use another one, specific for this event, this is also possible.
Here's a dummy snippet in python. If you need help to port this code to another language please let us know.
import json
from hmac import HMAC
def endpoint(request):
signature = request.headers["X-APIC-WEBHOOK-SIGNATURE"]
result = HMAC(
key="<your_client_secret>",
msg=json.dumps(request.data).encode(),
digestmod="sha256",
).hexdigest()
if signature != result:
return Response("Incorrect signature", status_code=403)