Skip to main content
Sign in
English (US)

Inventory Webhook Integration Guide

  • Updated

If you are using Webhooks, you will need to provide the following information to the SAM team to set the URL.

Webhook URL: Provide the Webhook URL to be used for API callbacks and notifications.

Public Key: Include the public key that will be used to verify webhook signatures and ensure secure communication.


This guide explains how external systems can receive inventory updates from our system by registering a callback URL and a shared secret. All data is encrypted using AES-256-CBC before being transmitted.

 

📌 Prerequisites

  1. Callback URL – A public URL capable of receiving POST requests.

  2. Shared Secret – Used for AES-256-CBC encryption/decryption.

  3. Channel – Created via the mock service to receive and debug webhook calls. (if required)

 

📦 Webhook Payload Structure

The payload is a JSON array containing multiple inventory items. Here’s what each field means:

Field

Description

quantity

Number of items being updated 

catalogue_no

Internal catalogue number (e.g., GM-24)

inventory_type

One of: artwork, edition, product

barcode

Unique identifier across art centres
 

Sample JSON Payload (Before Encryption):

[ 
{ 
"quantity": 1
"catalogue_no": "GM-24"
"inventory_type": "artwork"
"barcode": 11111  
}
{
"quantity": 10, 
"catalogue_no": "GM-25", 
"inventory_type": "product", 
"barcode": 222222 
} 
]

 

🔐 Encryption

All payloads are encrypted using AES-256-CBC before transmission.

Use this online tool to simulate encryption:
🔗 AES Encryption Tool

Make sure to:

  • Set the Key (shared secret from channel).

  • Set the IV (Initialization Vector) if provided.

 

Debug the webhook API if required:

You will receive the above payload in ASE-256-CBC encrypted format. Please refer to the below example curl:

curl --location 'http://cbm.symbuild.com.au/callback.php?channel=8a7ac9ef92de3664' \ 
--header 'Content-Type: application/json' \ 
--data 'HAFq5XFEYaveQzPHrrGgm4gQikkYm9rkuaYgNCk+BDaorLdDiLnYPX+WKfW7Kd5eVJAuyusk6BLSGdsH0cxSrtKvY3OSLpJa7MoodyGkZ4LejeKPlaBmKg8pzzXTJTyxq5chlpciLJjvLAIwvOlE+Rd370IdKEMEfhrhoqzAWWPeXoqKEnqt0mgY1nDXhfQf6o5qH/v92V5akF4Uhwuk5KRZZXXkj3Ca/aXUf+/j9ifPUviiq1aUx8WSSbgo1JJtFXPOhEaGKFpP0afjAZuCr/4kJXhOKouuaxn50AuL+bLTlCzzh6QkTvMcgWaXC4Nrl85PjbuzhlIu/IDHjRJ+jPzY4c8OnpZ50ZWH/AYbItUp+bDxM26BbzCqaDSEANB7JgWALXZtvad2/tR7DXaOm4biFXfvVgnvMEJGXq6Isoxlb2px/rS2ZWmdPIupHNk+nb3XsvHJ96RRWVJ1ndEmpg=='

api1.png
 

If you want to debug the callback URL, you can use http://cbm.symbuild.com.au and create a channel:

api2.png


Once you create the channel, you can see the secret for the created channel.

api3.png

 

Use this tool to do the encryption of the sample payload AES Encryption and Decryption Online with the properties below:

api4.png

 

Once you get the encrypted output. Get the callback URL with the channel id from the mock service:

`http://cbm.symbuild.com.au/callback.php?channel=d35dd97e3a1ae05c`

 

Then call it via the posman like below:

api5.png

 

Once you hit the API, you can see the logs after the view logs button:

https://cbm.symbuild.com.au/view_log.php?channel=d35dd97e3a1ae05c 
 

api6.png

 

Related articles

Comments

0 comments

Please sign in to leave a comment.