Authenticate to the Deputy API with a Bearer token (permanent or OAuth-based) that has sufficient privileges to manage webhooks.
POST to the Deputy webhook registration endpoint (documented in the Developer Hub under webhooks) with the event type for timesheet approval events and your HTTPS callback URL.
Implement an HTTPS endpoint on your server that accepts POST requests from Deputy; respond with HTTP 200 quickly to acknowledge receipt before processing.
Verify incoming webhook payloads using the shared secret or signature mechanism described in the Deputy webhook documentation to prevent spoofed requests.
On receiving a timesheet-approved event, extract the timesheet ID from the payload and optionally call GET /resource/Timesheet/{id} to retrieve the full timesheet details.
Trigger downstream actions (e.g., payroll export, HRIS update) based on the approved timesheet data.
Known gotchas
Deputy webhooks require your callback endpoint to be publicly reachable over HTTPS; localhost or self-signed-certificate endpoints will not receive deliveries.
Webhook delivery is not guaranteed to be in order or exactly-once; design your handler to be idempotent and to handle duplicate or out-of-order events.
If your endpoint returns a non-2xx response or times out, Deputy may retry delivery; implement deduplication using the timesheet ID to avoid processing the same approval multiple times.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp