Difference between revisions of "Webhook"

From SimplyMeet.me
(Created page with "A representation of the webhook object {| class="table" style="width:100%; border: 2px solid black;" |- | style="color:gray; border-bottom: 2px solid gray" |Property | styl...")
 
 
Line 52: Line 52:
 
|-  
 
|-  
 
| style="border-bottom: 2px solid #ededed" |webhook-signature
 
| style="border-bottom: 2px solid #ededed" |webhook-signature
| style="border-bottom: 2px solid #ededed" |Harmonizely can optionally sign the webhook events it sends to your endpoints by including a signature in each event’s Webhook-Signature header. This allows you to verify that the events were sent by Harmonizely, not by a third party
+
| style="border-bottom: 2px solid #ededed" |SimplyMeet.me can optionally sign the webhook events it sends to your endpoints by including a signature in each event’s Webhook-Signature header. This allows you to verify that the events were sent by SimplyMeet.me, not by a third party
 
|-  
 
|-  
 
| user-agent
 
| user-agent
| The user agent. Always set to Harmonizely.
+
| The user agent. Always set to SimplyMeet.me.
 
|}
 
|}
 
Request payload:
 
Request payload:
Line 117: Line 117:
 
</pre>
 
</pre>
 
'''Verifying signature manually'''<br>
 
'''Verifying signature manually'''<br>
Harmonizely generates webhook signatures using a hash-based message authentication code (HMAC) with SHA-256 which is then base64 encoded.<br>
+
SimplyMeet.me generates webhook signatures using a hash-based message authentication code (HMAC) with SHA-256 which is then base64 encoded.<br>
 
1. Determine the expected signature<br>
 
1. Determine the expected signature<br>
 
Compute an HMAC with the SHA256 hash function and encode it using base64. Use the webhook’s signing '''secret''' as the key, and use the '''request's payload''' string as the message.<br>
 
Compute an HMAC with the SHA256 hash function and encode it using base64. Use the webhook’s signing '''secret''' as the key, and use the '''request's payload''' string as the message.<br>

Latest revision as of 12:05, 20 August 2021

A representation of the webhook object


Property Type Description
url string The URL of the webhook endpoint.
secret string The endpoint’s secret used to generate webhook signatures.
events array The list of events to enable for this endpoint. Allowed values:
["meetingScheduled", "meetingCancelled", "meetingRescheduled"]
created_at string The ISO-8601 time at which the object was created.
uuid string Unique identifier (UUID v4) of the object.

The example webhook object

{
   "events":[
      "meetingRescheduled",
      "meetingCancelled",
      "meetingScheduled"
   ],
   "url":"https://example.com/webhook",
   "secret":null,
   "created_at":"2021-05-24T11:04:11+00:00",
   "uuid":"2ba9ee0b-e62a-43bd-aed0-31b26056ecdc"
}

The example request that's being made when the meeting is scheduled
Request Method: POST
Request headers:

Header Description
webhook-signature SimplyMeet.me can optionally sign the webhook events it sends to your endpoints by including a signature in each event’s Webhook-Signature header. This allows you to verify that the events were sent by SimplyMeet.me, not by a third party
user-agent The user agent. Always set to SimplyMeet.me.

Request payload:

{
  "data": {
    "rescheduling": null,
    "pretty_canceled_at": null,
    "pretty_scheduled_at": "Wednesday, June 23, 2021 09:30",
    "pretty_scheduled_at_in_invitee_timezone": "Wednesday, June 23, 2021 at 9:30 AM",
    "pretty_canceled_at_in_invitee_timezone": null,
    "event_type": {
      "name": "Demo Call",
      "location": null,
      "location_label": null,
      "description": null,
      "duration": 15,
      "slug": "demo-call",
      "is_secret": false,
      "confirmation_page_type": "internal",
      "confirmation_page_url": null,
      "notification_type": "email",
      "pass_details_to_redirected_page": false,
      "type": "regular",
      "position": 0
    },
    "scheduled_at": "2021-06-23T07:30:00+00:00",
    "end_date": "2021-06-23T07:45:00+00:00",
    "invitee": {
      "first_name": "Bernice",
      "email": "[email protected]",
      "full_name": "Bernice J. Cervantez",
      "timezone": "Europe/Warsaw",
      "phone_number": "+48123456789",
      "locale": "en"
    },
    "state": "new",
    "canceled_at": null,
    "uuid": "601f15fb-c7e8-4988-863e-78a6ac4446df",
    "notes": null,
    "details": null,
    "answers": [
      {
        "question_label": "Details",
        "value": "My extra details",
        "question_type": "textarea"
      },
      {
        "question_label": "Agree to terms?",
        "value": 1,
        "question_type": "checkbox"
      }
    ],
    "location": "https://zoom.us/j/xxxxxx",
    "cancellation": null,
    "payment": null
  },
  "event": "meetingScheduled",
  "uuid": "ccc3d816-c44d-4a38-9eb1-e1c7d05538dc"
}

Verifying signature manually
SimplyMeet.me generates webhook signatures using a hash-based message authentication code (HMAC) with SHA-256 which is then base64 encoded.
1. Determine the expected signature
Compute an HMAC with the SHA256 hash function and encode it using base64. Use the webhook’s signing secret as the key, and use the request's payload string as the message.
Example in PHP:

$signature = base64_encode(hash_hmac('sha256', $payload, $secret, true));

2. Compare the signatures
Compare the signature in the webhook-signature header to the expected signature.