Connect to your business workflow
with WhosOff webhooks

Q: Can I send WhosOff Webhooks to Slack?

Yes. WhosOff Webhooks integrate with Slack via Slack's native Incoming Webhooks feature, which requires no code to configure. You can post richly formatted Block Kit messages to any Slack channel or send direct messages to specific managers. Slack's Workflow Builder can also be used to trigger multi-step approval flows directly inside Slack based on WhosOff Webhook events.

Our webhook service provides real-time notifications for critical workforce events, ensuring your systems stay perfectly in sync.

Overview Object Security Responses Rules & policies

Webhooks with WhosOff

Webhooks are automatically triggered when key actions occur, including: Leave requests, approvals and cancellations, also Overtime requests, approvals and cancellations.

The moment any of these events happen, a structured JSON payload is securely delivered to your configured endpoint — allowing payroll, HR, time-tracking, ERP, or other integrated systems to react instantly.

Whether you're updating timesheets, triggering payroll adjustments, notifying managers, or synchronizing data across platforms, our webhook service ensures accurate, real-time communication without manual intervention.

How to setup Webhooks in your account

To set up the webhook, you'll need to be a Super User of the account. As a Super User you can access the webhook settings up via "Company Settings" on your account.

Sample object & structure

Sample webhook object sent to your service:

Generic object

{ "event_id": "20",
  "event_type": "leave.created",
  "created_At": "2026-02-27 11:46:41",
  "data": { "id": "10049172", 
            "name": "Holiday",  
            "staff": "Hugh Zoff", 
            "approver": "", 
            "status": "pending", 
            "start_date": "2026-03-28 00:00",     
            "end_date":"2026-03-29 00:00"
          } 
}

Name	Type	Info
id	int32	Unique Id
event_type	leave.created	leave is requested
	leave.updated	leave is approved
	leave.deleted	leave is declined or cancelled
	overtime.created	overtime is requested
	overtime.updated	overtime is approved
	overtime.deleted	overtime is declined or cancelled
created_at	datetime	Timestamp of event creation
Data element
id	int32	Unique id of the leave or overtime request
name	String	Name of leave tye or overtime type
staff	String	Staff members name
approver	String	Name of approver
status	String	Status of request
start_date	datetime	Start date of the request
end_date	datetime	End date of the request.

Built-In security with WhosOff

Security is at the core of our webhook design. You can choose the verification method that fits your needs:

Simple Signature (Basic Verification)

Custom header key.
A predefined shared secret is included in the request header for the above mentioned key.
Quick and easy to implement.

SHA-256 Hashed Signature (Recommeded)

For stronger protection, we support HMAC SHA-256 signature verification.

A unique client secret is securely stored on both servers.
Each payload is hashed using HMAC SHA-256 with the client’s secret, to create a unique signature. All signatures are sent in lower case.
The resulting HMAC signature is sent in the used defined custom request header.
The client independently recalculates the hash using: HMAC_SHA256(client_secret+raw_payload)
If the computed hash matches the header signature, the payload is verified as authentic and untampered.

Benefits

Protects against tampering
Prevents spoofed requests
Ensures payload integrity
Industry-standard security approach

HTTP status response codes

The HTTP status codes and their meaning are as follows:

Status code	Description	Our Action
200 - 299	OK	Delivery is marked as successful No further retry attempts are made The event is considered complete
400 - 499	Issue with the endpoint configuration	The attempt is considered failed. The webhook will be retried (up to 5 total attempts). A 30-minute delay occurs before each retry. After the fifth failed attempt, the event is marked as undelivered.
500 - 599	Server Errors	The attempt is considered temporary failure. The webhook will be retried (up to 5 total attempts). A 30-minute delay occurs before each retry. After the fifth failed attempt, the event is marked as undelivered.

Webhook Response & Retry Policy

To ensure reliable delivery while protecting your systems from unnecessary traffic, our webhook service includes a controlled retry mechanism.

When a webhook is sent to your endpoint, we expect an HTTP 200 OK response to confirm successful receipt and processing.

Delivery Rules

We will make up to 5 delivery attempts per webhook event.
If a 200 OK response is received at any point, delivery is considered successful and no further attempts will be made.
If a non-200 response is returned — or if the request times out — the webhook will be retried.
We wait 30 minutes between each retry attempt.
After the fifth failed attempt, the webhook will be marked as undelivered, and no further retries will occur for that event.

What This Means for You

To ensure smooth integration:

Your endpoint should respond quickly (ideally within a few seconds).
Always return HTTP 200 OK once the payload has been successfully validated and accepted.
If processing takes longer, consider acknowledging the webhook immediately and handling the payload asynchronously.

This approach helps:

Prevent duplicate processing
Maintain predictable retry behavior
Reduce unnecessary load on your systems
Ensure consistent, reliable event handling

Staff leave management connected to your workflow

No minimum contract. No cancellation fees. No credit card required.

Start your free trial → Book a demo

FAQs

What are Webhooks in WhosOff?

Webhooks in WhosOff are real-time outbound HTTP POST notifications that fire automatically when a defined event occurs — such as a leave request being submitted or an overtime request being approved. Instead of polling for updates or relying on email notifications, Webhooks deliver a structured JSON payload to any endpoint you configure the moment the triggering action takes place in WhosOff.

Which events can trigger a WhosOff Webhook?

WhosOff currently supports six Webhook trigger events: (1) leave.request.submitted; (2) leave.request.approved or leave.request.declined; (3) leave.request.cancelled; (4) overtime.request.submitted; (5) overtime.request.approved or overtime.request.declined.

Who can configure Webhooks in WhosOff?

Webhooks in WhosOff can be configured by Super Users. The Webhook settings panel is accessible via Administration → Company Settings → Webhooks within the WhosOff interface.

Can I send WhosOff Webhooks to Microsoft Teams?

Yes. WhosOff Webhooks can be sent to Microsoft Teams using either a native Teams Incoming Webhook (zero-code) or via Microsoft Power Automate for more advanced conditional workflows. Common use cases include posting formatted Adaptive Card notifications to a dedicated leave-requests channel, sending direct messages to line managers when their direct reports submit requests, and automatically updating shared Outlook or SharePoint calendars when leave is approved.

Can I send WhosOff Webhooks to Slack?

Yes. WhosOff Webhooks integrate with Slack via Slack`s native Incoming Webhooks feature, which requires no code to configure. You can post richly formatted Block Kit messages to any Slack channel or send direct messages to specific managers. Slack`s Workflow Builder can also be used to trigger multi-step approval flows directly inside Slack based on WhosOff Webhook events.

Does WhosOff support Webhooks to Google Chat?

Yes. Google Chat Spaces support Incoming Webhooks natively, making WhosOff integration straightforward for Google Workspace organisations. You can receive structured Card messages in a dedicated HR Space, and extend the automation further using Google Apps Script or Google Cloud Functions — for example, to log every event to a Google Sheet or automatically create Google Calendar entries when leave is approved.

Can I use Zapier or Make with WhosOff Webhooks?

Yes. Zapier and Make (formerly Integromat) are well-suited middleware platforms for WhosOff Webhooks. By pointing your WhosOff Webhook at a Zapier Catch Hook or Make HTTP trigger, a single WhosOff event can cascade into actions across multiple connected platforms simultaneously — such as updating an HRIS record, notifying a Slack channel, and logging a row in Google Sheets. This approach is recommended for HR teams needing multi-system orchestration without writing custom code.

What is AirOps and how does it work with WhosOff Webhooks?

AirOps is a platform for building AI-powered workflows and assistants. When connected to WhosOff Webhooks, AirOps can receive leave or overtime event payloads and run AI-driven steps against them. It is particularly useful for HR teams managing high volumes of requests who want AI assistance without building bespoke tooling.

What data is included in a WhosOff Webhook payload?

Every WhosOff Webhook delivers a structured JSON payload containing: the event type (e.g. leave.request.submitted), an ISO 8601 timestamp, the event ID, and a data object with the request ID, leave or overtime type, current status, date range, who the approver is, and the team member in question.

Are WhosOff Webhooks secure?

Yes. Every WhosOff Webhook payload can be signed using HMAC-SHA256 with a secret key that you configure. Your receiving endpoint can verify the signature before processing the payload to confirm it originated from WhosOff and has not been tampered with. This prevents unauthorised parties from spoofing events into your automation workflows.

What happens if my Webhook endpoint is unavailable when WhosOff fires an event?

If your endpoint returns a non-2xx HTTP status code, WhosOff will automatically retry delivery using an exponential backoff strategy, attempting redelivery up to three times. This ensures resilience against temporary endpoint unavailability and reduces the risk of missed events during brief outages or deployments.

How do I set up a Webhook in WhosOff?

To set up a Webhook in WhosOff: (1) Generate an endpoint URL from your destination platform; (2) Navigate to Administrations → Company Settings → Webhooks in your WhosOff account; (3) Paste your endpoint URL, provide a Head Key and Secret if you are using the Sha256 security method; (4) Test your webhook by clicking on Send test event; (5) Set the Status to Active and save the configuration. The full process typically takes under five minutes.

Do WhosOff Webhooks work in real time?

Yes. WhosOff fires Webhooks synchronously with the triggering event — there is no batch delay or scheduled flush. Your endpoint receives the payload within seconds of the action occurring in WhosOff, making it suitable for time-sensitive workflows such as manager notifications and live calendar updates.

Which platforms are supported as Webhook destinations in WhosOff?

WhosOff Webhooks can be sent to any platform that accepts an inbound HTTP POST request. Formally supported and documented integrations include Microsoft, Slack, Google Chat, Zapier, Make (formerly Integromat), and AirOps. Additionally, Webhooks can be consumed by custom serverless functions, internal HR portals, HRIS platforms, payroll systems, or any other endpoint your organisation manages.

Everyone has questions, and so you should. At WhosOff, we're always willing to answer any questions you have.
If you don't find the answer to your question below, drop us a quick message, or call our support team on +44 (0)1227 812932

Connect to your business workflow with WhosOff webhooks