Overview
Webhooks let Mobaro push data to your system in real time when something happens — instead of requiring you to poll the API. This enables event-driven automation such as:
Syncing Users to identity / HR platforms
Forwarding Results to BI dashboards or data warehouses
Creating CMMS / work order tasks when Assignments or Downtimes occur
Sending notifications to Slack/Teams when events occur
Availability: Webhooks are currently an early access feature. If you do not see Webhooks in your environment, please contact Mobaro Support to enable them for your account.
What can trigger a webhook?
You can configure a webhook to fire when a record is Created, Updated, or Deleted for any of the following resource types:
Resource | Example Use Case |
Users | Sync user lifecycle changes to your HR / IAM system |
Locations | Update facility / operational mapping in external systems |
Results | Trigger workflows based on inspection outcomes |
Assignments | Create CMMS work orders when operational issues occur |
Notes | Log operational communications to external logs or ticketing |
Downtimes | Sync ride/attraction downtime logs to maintenance systems |
Configuring a webhook
To create a webhook:
Go to Configuration → API
Select Add Webhook
You’ll see the configuration panel:
Fields
Field | Description |
Webhook name | Internal name so your team knows what this webhook does |
URL | The endpoint in your system where Mobaro will send the JSON payload |
| Only trigger the webhook for matching IDs or names |
| Used to verify signatures of incoming requests |
Resource | The object type the webhook listens to (Users, Results, etc.) |
Events | Select one or more: Created, Updated, Deleted |
Additional headers | Optional extra headers to send with requests |
Tip: If you're integrating with an API gateway or cloud function, the Secret can be used to validate authenticity using HMAC-SHA256 and the X-Webhook-Signature header.
Example webhook payload
When an event occurs, Mobaro sends a JSON POST to your URL:
{
"resource": "Users",
"event": "Updated",
"objectId": "17b5a981-c3df-4973-a82b-5a2d43d812c2",
"timestamp": "2025-01-27T10:12:44Z"
}Important: The payload is intentionally lightweight. To retrieve full details, use the API (e.g., GET /api/customers/users/{id}).
Securing your webhook endpoint
If a Secret is configured:
Mobaro adds an
X-Webhook-Signatureheader.Generate an HMAC-SHA256 hash using your secret + payload.
Compare the result to validate authenticity.
This prevents spoofed or unauthorized requests.
Best practices
Recommendation | Why it matters |
Use HTTPS endpoints | Prevents interception of event data |
Use | Confirms the request is from Mobaro |
Keep processing fast (<5s) | Long response times may trigger retries |
Make event processing idempotent | Avoid duplicate downstream actions |
Log failed deliveries | Useful for diagnosing automation issues |
When to use webhooks vs API polling
Use Case | Best Approach |
React immediately to operational changes | Webhooks |
Capture scheduled snapshots / exports | API polling / Power Automate |
Sync large historical datasets | Bulk / API export |
Need this enabled?
If you don't see Webhooks available in your environment: Contact Mobaro Support and request Webhook activation for your account.
Include:
Organization name
Reason/use case (e.g., CMMS integration, analytics sync)