Tartan lets you stay up to date with data changes by using Webhooks. You can easily manage and test webhook events directly through the Tartan Console, ensuring your integration runs smoothly. Tartan uses a webhook system to automatically notify your application whenever there’s a change in the source system. Instead of constantly polling the API for updates, you simply set up a secure HTTPS endpoint to receive scheduled webhook from tartan.

Webhook Headers

Webhook headers are bits of information sent along with a webhook request, just like a label on a parcel. They help the receiving server understand who sent the request, what kind of data is inside, and sometimes how to verify it’s legit.
HeaderDescription
"content-type":"application/json"Tells about the format of the data (json, etc.)
"tartan-signature": "xxxxxxxxx"Security signature to verify authenticity
tartan-signature - To ensure that your API endpoint is verifying that incoming POST requests are from Tartan and not a malicious source, and that payloads haven’t been altered in transit. The signature is generated using a combination of the secret_key/app_key and the payload data. You can refer to the code snippet below to generate and verify the encoded hash using the hmac module and the sha256 algorithm. 
import hmac
import hashlib
import json
# Example secret key and message
app_key = "my_secret_key"
payload = request.body
try:
  tartan_signature = request.headers.get("tartan-signature")
except KeyError:
    print('No signature sent, request did not originate from Tartan.')
    raise
print("Recieved tartan-signature:", tartan_signature)
# Generate HMAC digest using SHA256
hmac_digest = hmac.new(app_key.encode("utf-8"), payload.encode("utf-8"), hashlib.sha256).hexdigest()
print("Generated HMAC Digest:", hmac_digest)
# Check if the generated HMAC matches the received one
if hmac_digest == tartan_signature:
    print("HMAC verified successfully!")
else:
    print("HMAC verification failed!")

Webhook events

Once you’ve set up your webhook URL via our console or with help from your Tartan SPOC, you’ll start receiving webhook events from Tartan. You can choose which events you’d like to receive from the Webhook Events section. Once configured, Tartan will begin sending only those selected events to your endpoint.
Tartan automatically re-triggers all failed webhooks at the end of the day (EOD).
Webhook KeyDescription
syncSessionIdRepresents the unique sessionID for the sync session associated with this webhook.
webhookCounterSecurity signature to verify authenticity
requestIdSecurity signature to verify authenticity
orgIdRepresents the orgID of the corporate associated with this webhook.
eventEvent name
eventTypeEvent type
recordCountDenotes the total number of employee records in this webhook.
orgNameName of the org associated with this webhook.
hrmsThe source HRMS
statusEvent status
invitedByEmail of the user who sent the invite.
acceptedByEmail of the user who accepted the invite.
terminatedByEmail of the user who terminated the connection.
remote_org_idAn optional unique identifier
timeStampTimestamp of the webhook in UTC
vendor.orgIdYour organisation ID
bodyContains employee record data received from the source.
statusCodeHTTP status code of the webhook call
newRecordsRepresents the expected total number of new records in this session.
updatedRecordsRepresents the expected total number of updates in the existing records in this session.