API & Webhooks

Manage external integrations, API keys, and webhook configurations

EzyCrane ↔ CraneFlo Sync
Bidirectional sync of suppliers, cranes, and bookings between platforms
Last Sync
Never
Status
Not synced yet
Items Synced
0 items
Automatic Sync

EzyCrane should automatically send supplier and crane data to CraneFlo when:

  • Admin verifies/approves a new supplier
  • Supplier registers a new crane
  • Supplier or crane details are updated

Use the manual sync button above as a fallback for failed automatic syncs or to import historical data.

Integration Documentation

For EzyCrane developers: View the complete API documentation for implementing automatic webhook-triggered synchronization.

View API Documentation
API Key
Use this API key to authenticate requests to the CraneOps external API

Loading...

EzyCrane ↔ CraneFlo Sync
Bidirectional sync of suppliers, cranes, and jobs between platforms

Loading...

Webhook Security - HMAC Signature Verification
All webhook requests include an HMAC signature for security validation

How It Works

CraneOps signs each webhook payload with HMAC-SHA256 using a unique secret key. Your endpoint should verify this signature to ensure the request is authentic.

Request Headers

X-CraneOps-Signature: <hmac_sha256_hex>
X-CraneOps-Event: <event_type>
Content-Type: application/json

Verification Algorithm

To verify the signature, compute HMAC-SHA256 of the raw request body using your webhook's secret key:

// Node.js example
const crypto = require('crypto');

function verifyWebhook(payload, signature, secret) {
  const computed = crypto
    .createHmac('sha256', secret)
    .update(payload)
    .digest('hex');
  
  return computed === signature;
}

// Usage
const isValid = verifyWebhook(
  req.body,
  req.headers['x-craneops-signature'],
  YOUR_WEBHOOK_SECRET
);

Security Best Practices

  • Always verify the signature before processing the payload
  • Use constant-time comparison to prevent timing attacks
  • Keep your webhook secret secure and rotate it periodically
  • Use HTTPS endpoints only to prevent man-in-the-middle attacks
  • Implement idempotency to handle duplicate deliveries
Recent Webhook Deliveries
Monitor webhook delivery attempts and troubleshoot issues

Loading...