Webhooks

Webhooks

Overview

The Avianis Webhook System provides a secure and flexible way to send real-time notifications about changes to key entities—such as trips, flight legs, and crew—to external systems. This feature enables streamlined data synchronization, secure delivery using HMAC signatures, and full tracking of delivery attempts with manual retry capabilities.

Key Features

Webhook Configuration UI

The UI allows users to easily manage webhook registrations:

  • The webhook features is behind a module, please submit a ticket to get it enabled.

  • Go to Company > Webhooks

  • Create, update, and delete webhooks.

  • Choose one or more supported entities to monitor (Trip, Flight, and related child objects).

  • Enter the external destination URL to receive notifications.

  • A unique shared secret is generated per webhook and displayed only once during creation.

  • Secrets are stored securely and never exposed after initial setup.

Secure Delivery via HMAC

All webhook payloads are signed using the HMAC SHA-256 algorithm to ensure payload integrity.

Header Included:

X-Hub-Signature-256: sha256=<HMAC>

  • The HMAC is generated using the shared secret and the raw payload body.

  • Receiving systems should verify the signature to confirm authenticity.

Payload Structure

Webhook events are delivered in a standardized, JSON-formatted payload:

{
  "triggeredBy": {
    "user": "pilot@example.com",
    "platform": "Web",
    "timestamp": "2025-04-24T14:25:03Z"
  },
  "event": {
    "action": "update",
    "entity": "trip",
    "objectId": "trip:abcd1234efgh5678"
  },
  "changes": [
    {
      "property": "departureTime",
      "oldValue": "2025-04-24T09:00:00Z",
      "newValue": "2025-04-24T10:00:00Z"
    },
    {
      "property": "arrivalAirport",
      "oldValue": "KJFK",
      "newValue": "KLAX"
    }
  ]
}

Security Best Practices

To ensure the integrity and security of webhook communication:

  • Protect your shared secret. It’s displayed only once and cannot be recovered later.

  • Always verify the HMAC signature in the X-Hub-Signature-256 header against the raw payload using your stored secret.

  • Use HTTPS to protect your webhook endpoint and data in transit.


    • Related Articles

    • Docusign Setup

      DocuSign to Avianis Integration Setup Guide ⚠️ Note: This integration does not rely on a shared DocuSign account provided by Avianis. Each customer must create and configure their own DocuSign developer account and provide the necessary credentials. ...