Webhooks

If you are using Universal Accounting, you also have the possiblity to configure webhooks that your system can receive from Kontera. To receive Webhooks, the oAuth API is not needed (as the webhook is a push-based flow).

Receiving Webhooks

You can either configure the target Webhook URL within your Universal Accounting Base Data File, or directly within your company settings within kontera.

Process Webhooks asynchronously

Do not process received webhooks right away in your system. After verifying their HMAC signature, accept and store the webhook content and process it at a later point in time, as your system might be overwhelmed with concurrent processing and receiving of webhooks.

HMAC

Alongside every Webhook request, Kontera will send a X-Hub-Signature-256 header, containing a HMAC-SHA256 hash. After receiving a webhook on your end, you should calculate the corresponding HMAC hash using your secret and compare it to the sent hash in the received header. This way, you can make sure that the request has not been tampered with and was sent by Kontera. For an example on how to validate such requests, simply check out GitHub’s excellent documentation about the mechanism.

Available Webhooks

Export Journal Entries