Overview

Webhooks follows subscribe and publish logic where the client can ‘subscribe’ to a webhook event and when that event occurs they will receive a notification. The notification comes as a HTTP Post with a JSON body informing the client that the event has been triggered and the data has been updated. Webhooks are only active when data has been updated meaning that webhooks are fantastic in situations where there aren’t constant updates.

To receive webhooks from the Bracken System the client needs to have a public URL endpoint that is able to receive the response.

The URL will accept the data and from there it can activate a workflow to react to the data received in the response.

Steps

1. Make a request to subscribe to a webhook
2. When the webhook is triggered the subscribed URL will receive a POST
3. Authenticate the signature to confirm it came from Bracken
4. React to the webhook event

Authentication of the Webhook

The domainkey, client_id and client_secret are how the API is able to authenticate the identity of the client connecting with it.

Once the client has received the response of a webhook they need to authenticate that the response has indeed come from Bracken. To do this the client needs to encrypt the secret and the JSON body using the HMACSHA256 algorithm which produces a binary digest, then use base64 to encode it as a string output. Next, compare if their signature matches the Authorisation header from the response they received. If this matches then the response is authenticated and it is confirmed to come from Bracken

Note: There is a detailed explanation of this in ‘Step By Step Webhook Tutorial’.