Webhooks (UNDER HEAVY CONSTRUCTION)
A webhook allows you to connect a platform you manage (either an API you create yourself, or a third party service) to a stream of future events.
Setting up a webhook on autoZnetwork enables you to receive information (referred to as events) from autoZnetwork, as they happen. This can help you avoid polling the API or manually checking the autoZnetwork web application for desired information.
Quickstart
Webhooks are set up on a per-organization basis, either within the autoZnetwork application or via API.
To configure webhooks via API see our documentation for autoZnetwork Webhooks API
To configure webhooks within the autoZnetwork application:
Visit your organization settings on autoZnetwork
- In the sidebar of your Organization Settings, click on Webhooks
- Click Add Webhook
- Fill out the webhook form (the table below describes the fields and their intent)
- Provided your receiving API or third party service is set up, click Test Webhook Event to dispatch a test event. Note that the test webhook event has an abbreviated payload for ease of testing. See full examples of test events below.
| Field | Required? | Intent |
|---|---|---|
| URL | Y | The URL the webhook will make POST requests to |
| Certificate Validation | Y | Ensure the receiving host has a valid SSL certificate before sending an event* |
| Secret Token | N | Used by your API/platform to validate incoming data is from autoZnetwork |
| Event | Y | You must select at least one event that will trigger a webhook |
*Only leave this unchecked for testing purposes.
Communication protocol with webhooks
A webhook is sent whenever an event occurs on the autoZnetwork platform.
A webhook is sent using an HTTP POST to the URL that was registered when the webhook was created, with a body encoded using JSON.
autoZnetwork expects the server that responds to a webhook will return a 2xx response code. If a non-2xx response is received, autoZnetwork will retry at a later time. If autoZnetwork does not receive a response to the webhook within a short period of time, autoZnetwork will assume that delivery has failed, and will retry at a later time. The timeout period is currently 5 seconds.
Webhook requests may be duplicated. To deduplicate (prevent requests from being duplicated for a specific event), use the id property in the webhook payload for identification.
If you have feedback about timeouts and retries, please get get in touch with our team.
Webhook headers
A number of HTTP headers are set on webhooks, as detailed in the table below.
| Header Name | Value |
|---|---|
| content-type | application/json |
| user-agent | AutozNetwork-Webhook/1.0 |
| AutozNetwork-Signature | When present, this signature can be used to verify that the sender of the webhook has access to the secret token. |
Validate Webhooks
You should validate incoming webhooks to verify that they are coming from autoZnetwork. To support this, when creating a webhook, you can optionally provide a secret token. Each outgoing HTTP request to your service will contain a AutozNetwork-Signature header.
POST /uri HTTP/1.1
Host: your-webhook-host
AutozNetwork-Signature: 4fcc06915b43d8a49aff193441e9e18654e6a27c2c428b02e8fcc41ccc2299f9autoZnetwork generates signatures using a hash-based message authentication code (HMAC) with SHA-256.
Here are some example signatures for given request bodies:
| Body | Secret Key | Signature |
|---|---|---|
| hello world | secret | 734cc62f32841568f45715aeb9f4d7891324e6d948e4c6c60c0621cdac48623a |
The following is an example of how you might validate signatures:
Example here