A webhook in web development is a method of augmenting or altering the behavior of a web page or web application with custom callbacks. These callbacks may be maintained, modified, and managed by third-party users and developers who may not necessarily be affiliated with the originating website or application. This guide shows you how to create a private webhook.
You must be a store owner and login to admin with the owner account.
You can register a webhook to receive notifications about particular events in a shop.
+ Notification contains a JSON payload.
+ Only support HTTPS.
How to create a private webhook
- Login to Haravan's admin site by owner account. Then click on "Settings" on the left menu bar and then click on the "Notifications" button.
- After scroll to the end site and click to "Add webhook" button.
- Chose an event for which you want to receive data. Then fill your API path in the URL textbox.
- Finally, click on the "Update" button to complete and copy the API key to use Haravan's API resource.
Receive notifications from webhook.
After completing the above steps, webhooks will send a request to notify your application with the method POST.
When sending notify, the webhook will include data in the request, but first, you need to pay attention to:
+ org_id: to know which shop.
+ topic: to know which notifications for which events.
For example, we register an account update event. When you update your account at https://accounts.haravan.com/, webhook will notify your application with the topic is "user/update" and data of your account via CallBack URL.
Authenticate webhook (Optional).
When you receive data from webhook, you need to verify that it’s data sent from the system.
- Choose “Settings” on the sidebar, copy the webhook authentication string on the notifications page.
- Next, get X-Haravan-Hmacsha256.
- To authenticate the webhook:
+ First, we use hash_mac function with “sha256” algorithms to encode a string (data in webhook request + App Secret) to get the hash code.
+ Second, use the base64 function to encode this hash.
+ Finally, compare it with X-Haravan-Hmacsha256 (header of webhook request).
- If not matches, response status 401.
- If matches, response status 200.
- Example in PHP:
$calculated_hmac = base64_encode(hash_hmac('sha256', $data, Haravan_APP_SECRET, true));
return ($hmac_header == $calculated_hmac);
$hmac_header = $_SERVER['X-Haravan-Hmacsha256'];
$data = file_get_contents('php://input');
$verified = verify_webhook($data, $hmac_header);
error_log('Webhook verified:'.var_export($verified, true));
//check error.log to see the result
Bài viết này có giúp ích cho bạn không?