Integrated Ordering

Receive orders from Apicbase.

To facilitate the process of integrated ordering, Apicbase supports setting up webhooks that allow the platform to post orders created by customers directly to suppliers. A prerequisite for setting up the integrated ordering is to set up the integrated assortment sync.

If your integration already supports the assortment sync and you would like to set up integrated ordering via webhooks, contact [email protected] with the URL of the HTTP/S endpoint that orders should be posted to, and we'll set it up for you.

Purchase Order Structure

The purchase order object that will be sent to the webhook you've set up has the following structure:

  "id": string, -> Apicbase internal Purchase Order ID
  "order_number": string,
  "status": "ORDERED", -> fixed value
  "ordered_on": datetime,
  "owned_by": {"username": string} | null,
  "order_remarks": string | null,
  "packages": [
      "stock_item": {
        "name": string
      "supplier_package": {
        "supplier_article_number": string,
        "theoretical_price_per_package": string
      "quantity_ordered": integer,
      "total_theoretical_price": string
  "expected_delivery_date": datetime | null,
  "theoretical_price": string,
  "supplier_customer_number": string


A note about security.

To ensure the security of these requests, each request from Apicbase is signed with an X-APIC-WEBHOOK-SIGNATURE header key. It is highly recommended that the supplier uses this value to verify if the payload being received is indeed sent by Apicbase.

This verification requires using the client secret and the received payload to generate a HMAC-SHA256 Hexdigest value.

By default, the client secret value is the same one used to generate new tokens, but it's also possible to use a different unique key that is only used to encode this header. Just let us know and we can arrange this for you.

Here's a code snippet with some sample Python code that validates the signature header:

import json
from hmac import HMAC

def endpoint(request):
    signature = request.headers["X-APIC-WEBHOOK-SIGNATURE"]
    result = HMAC(
    if signature != result:
        return Response("Incorrect signature", status_code=403)


The orders can be tested as soon as the following things are done on our side:

  1. You have access to a test account setup for you on our platform.
  2. Some articles were loaded in your account through the create assortment file endpoint.
  3. The URL which our webhook should send orders is set on our side.

Once all of the above is done, please follow this support article to understand how the customer place orders on our platform. You can reproduce it to place an order yourself that will trigger the webhook and send the order to your system.