Documentation

Help & Documentation

Step-by-step guides, screenshots and answers — for every part of Momentumpro.

English עברית العربية
No matches for "".
Docs Admin & settings Outgoing webhooks

Outgoing webhooks

Outgoing webhooks let Momentumpro push events to your own systems — Slack, Zapier, n8n, internal services. Real-time, HMAC-signed.

What you can subscribe to

Pretty much every meaningful event:

  • employee.created, employee.updated, employee.terminated
  • attendance.clock_in, attendance.clock_out, attendance.exception
  • leave.requested, leave.approved, leave.rejected
  • expense.submitted, expense.approved, expense.paid
  • po.issued, po.received, po.invoiced
  • incident.reported, incident.closed
  • payroll.locked, payroll.published
  • ...and many more

The full list is at /admin/webhooks/event-catalog in your tenant.

Adding a webhook

  1. Admin → Webhooks → New endpoint.
  2. Set:
    • URL — your endpoint.
    • Events — pick which events trigger this endpoint.
    • Secret — for HMAC signature verification.
  3. Save.

What you receive

Each event sends a POST to your URL with a JSON payload:

{
  "event": "leave.approved",
  "occurred_at": "2026-04-29T14:32:11Z",
  "data": {
    "id": 123,
    "employee_id": 45,
    "leave_type": "Annual",
    "from": "2026-05-10",
    "to": "2026-05-14",
    "days": 5,
    "approved_by": 12
  }
}

Plus an X-Momentumpro-Signature header — HMAC-SHA256 of the body, signed with your secret.

Verifying signatures

Reject any webhook where:

  • The signature header doesn't match HMAC-SHA256(body, secret).
  • The X-Momentumpro-Timestamp is more than 5 minutes old.

This prevents replay attacks. Sample verifier code:

import hmac, hashlib

def verify(body: bytes, header_sig: str, secret: str) -> bool:
    expected = hmac.new(secret.encode(), body, hashlib.sha256).hexdigest()
    return hmac.compare_digest(expected, header_sig)

Retries

If your endpoint returns a 5xx error or times out, Momentumpro retries:

  • 1 minute
  • 5 minutes
  • 30 minutes
  • 2 hours
  • 12 hours

After 5 failed retries, the event is dropped. The endpoint's Health dashboard shows recent delivery status.

Common integrations

  • Slack — get a message in #operations when a high-priority incident is filed.
  • Zapier — trigger a Google Sheets row when an invoice is paid.
  • n8n — full workflow automation.
  • PagerDuty — page someone on critical incidents.

Next step

GDPR data export →

← Previous
The activity log
Admin & settings
Next →
GDPR data export
Admin & settings
Was this article helpful? Email support@momentumpro.pro with feedback or questions — we read every message.

Essential cookies only

We don't run analytics or advertising trackers. Just what's required to keep you signed in. Cookie policy.

Learn more