WebHooks plugin allows you to send notifications to external scripts. It works by sending http requests with event data to url defined in your webhook.
Installation
Proceed to Settings »
Module. Search and activate "WebHooks" module.
After that you can navigate to Extras »
WebHooks to manage your webhooks.
WebHook settings
...
- Name - name or description that will identify your webhook
- URL to be called - provide an URL to the script that will handle notifications, it does not have to be public but it has to be reachable from your HostBill installation.
- Verify SSL certificate - check this option to verify that SSL certificate is valid before sending data.
- Status - set disabled if you do not want to send notification.
- Request Content type - content type for the http request
- Secret - It will be generated automatically after you add new webhook, it can be used to validate requests.
- Events - Select which events will be sent to specified url
HTTP Request
Each request will include special headers that will allow you to validate it and with details about executed event and webhook
...
Code Block | ||
---|---|---|
| ||
firstname=Joe&lastname=Doe |
Request validation
Each request is signed with your secret key, this allows you to validate that the events were sent by your HostBill installation, not by a third party.
Here are the steps required to validate request signature.
Step 1: Obtain timestamp and signature from response headers, the HB-Signature
header contains signature that you want to verify and HB-Timestamp
contains timestamp used to generate that signature.
...
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
<?php $secret = ''; // paste your Secret here //fetch request body $data = file_get_contents('php://input'); $payload = $_SERVER["HTTP_HB_TIMESTAMP"] . $data; $signature = hash_hmac('sha256', $payload, $secret); //compare signature in header with the one computed above if($signature !== $_SERVER["HTTP_HB_SIGNATURE"]) die('invalid signature') // signature valid, verify timestamp if($_SERVER["HTTP_HB_TIMESTAMP"] < time() - 60) die('timestamp older than 60 sec') |
Note: Webhooks plugin helps you by showing sample code for each webhook you generate in webhook details.