DASTRA
English
English
  • What is Dastra
  • 🇪🇺USEFUL REMINDERS
    • What is GDPR ?
    • GDPR key concepts
      • Personal data
      • Record of processing activities (ROPA)
      • Privacy impact assessment
      • Data retention period
      • Data Subject Rights (DSR)
      • Privacy by design and by default
      • Security measures
      • Data breach notifications
    • Risk management
      • Definition of risks
      • Risk assessment
      • Vendor risk management
  • 🧑‍🎓GETTING STARTED
    • Setting up
      • Create and set up a workspace
      • Create and set up organizational units
      • Appointing a DPO
      • Add a lead authority
      • Invite users
      • Managing roles and permissions
      • Create and assign teams
      • Frequently asked questions
    • Tutorial
      • Step 1: Setting up
      • Step 2: Map your personal data processing and draw up a register
      • Step 3: Managing risks
      • Step 4: Prioritize actions
      • Step 5: Implement internal processes
      • Step 6: Document compliance
    • Support
      • The dastronaut's assistant
      • Online help
      • Request support
      • The customer support process
  • ⚙️Features
    • Dashboard
    • General
      • Advanced Filters
      • Import your data (Excel, Csv)
      • Tag management
      • Custom fields
      • AI Assistant
      • Email templates
    • Data Mapping
    • Record of processing activities
      • "Data controller" record
      • "Data processor" record
      • Establish your record
      • Export / import the record
      • Use a processing activity template
      • Declare a processing activity
      • Complete a data processing activity
        • General information
        • Stakeholders
        • Purposes
        • Dataset
        • Assets
        • Data subjects
        • Data subjects rights (DSR)
        • Recipients
          • Data transfers outside the EU
        • Security measures
        • Impact analysis
        • Documentation
      • Create relationships between processing activities
      • Processing freshness
      • Share the record of processing
      • Data visualization
        • View the treatment tree
        • View the record data map
        • View the transfers map
      • Frequently asked questions
    • Audits and DPIA
      • Create or modify an audit template or DPIA
      • Scheduling an audit or a PIA
      • Share an audit report or PIA
      • FAQ
    • Privacy hubs
      • Create a Privacy hub
      • Configure your Privacy hub
        • Homepage and general configuration
        • Questionnaires
        • Data subject requests
        • Record of processing activities
        • Attachments
        • Organizational chart
        • Contacts
        • Security
        • Appearance and design
      • Preview and share your privacy hub
      • Collecting data processing projects from a Privacy hub.
    • Contracts
      • Declare a Contract
      • Structure of a contract
      • Documents
      • Assets
      • Signers
      • Linked users
      • Sign the contract
      • Docusign integration
      • Contract versions
      • Contract templates
    • Risk management
      • Glossary of terms
      • Risk management process
        • 1. Identification
        • 2. Assess
        • 3. Monitor
        • 4. Control
        • Let's recap
      • Dastra / eBios RM comparison
      • Attach a risk to a processing activity
      • FAQ
    • Planning
      • Create your action plan
      • Create or modify a project or an iteration
      • Monitor, screen or export your tasks
      • Customise the task workflow
      • Share as calendar
      • Customise the task workflow
      • Go further with planning
      • FAQ
    • Data subject right request
      • Manage data subject right requests
      • Set up a data subject right request widget
      • Technical integration
      • API integration
    • Manage data breach notifications
      • Report a data breach
      • Export your data breach notifications
    • Manage cookies consent
      • Widget configuration
        • Preliminary study
        • Cookies scanning
        • Classify cookies by consent categories
        • The purposes of cookies
        • Implement a cookie consent widget
        • Collect proof of cookie consent
        • Go further on cookie consent
        • In case of unavailability
      • Technical integration
        • Functioning of the widget
        • Quick start
          • Wordpress
        • Language management
        • Test the integration of a widget
        • Blocking cookies
          • Blocking iframes (twitter/youtube...)
          • Google Tag Manager
        • Advanced Design
        • Manage consent programmatically
        • User identification
        • Mobile applications
          • Hybrid applications
          • Native applications
        • TCF 1.1/2.0
      • RGAA compliance
      • Breakdown service
    • Regular review (freshness)
    • Custom Reporting
      • Integration with data analysis tools (BI)
    • AI Systems
      • Establishing a record of AI systems
      • Risk analysis and business value
      • Transparency notice
      • AI Models repository
    • Advanced configuration
      • SCIM
      • Roles and permissions
      • Single Sign On (SSO)
        • SAML 2
        • OpenId
        • ADFS
        • Active Directory
        • Okta
        • Known problems
      • References
      • API key management
      • Notifications
      • Workflow steps / process flow
      • Incoming mail data collection
      • OneDrive/Google Drive integrations
      • Webhooks
      • SMTP configuration
      • Workflow rules
      • Message templates
      • Email domains
  • PARTNERS
    • Portal
  • 📄API documentation
    • Configuration
    • Authentication
    • API References
    • Integrations
      • Frequently asked questions
  • 🛡️Security
    • Security at Dastra
    • Security roadmap
    • Quality of Service
  • Certifications
  • 🤖Other
    • FAQ
    • Known problems
    • Changelog
  • Referentials
    • CNIL referentials
      • HR referential from CNIL
Propulsé par GitBook
Sur cette page

Cet article vous a-t-il été utile ?

  1. Features
  2. Advanced configuration

Webhooks

Learn all about integrating webhooks into Dastra

Dernière mise à jour il y a 4 mois

Cet article vous a-t-il été utile ?

Concept 👓

Simply put, webhooks are used to trigger an action in response to an event. They are generally used to communicate between systems. This is the simplest way to receive an alert when something happens in Dastra. The aim is to notify third-party applications (APIs, CRM, serverless functions, etc.) in real time.

Configuration 🛠️

To configure your webhooks, go to : ​​

  • Click on "create a webhook url ”

  • Enter your webhook reception url.

  • Enter the relevant workspace

  • Select the event(s) you wish to subscribe to. The type of data returned will differ according to the type of event. For example, you can trigger the webhook when a new request to exercise a right is created. In this case, the request body will contain a json

  • create the webhook

This takes you to the webhook details screen.

​

How to receive the webhook 🛬

To receive webhook requests, you need to create an event capture API endpoint. The request is made as a POST and will always be structured in this way. The request body contains a json with details of the event triggered. Here is the general structure of the response sent:

{
 "webhookId": <id of the webhook configured in dastra>,
 "signatureUrl": "https://yourapi.com/webhooks/handle",
 "userId": <The user whot triggered the event>,
 "eventType": <The id of the event>,
 "eventName": <The label of the event>,
 "data": <Event dynamic data>,
 "date": <date of the event>
} 

A timeout of 10 seconds is applied to the request, after which the request will be in error. The response code must be 200.

There may be a small delay between the moment the event occurs in the application and the webhook triggering (this delay is linked to the asynchronous nature of webhook execution in our infrastructure). This delay is more or less important depending on the load of our infrastructure, and can go up to 60-120 seconds maximum.

At present, there is no system for replaying failed webhooks and thus compensating for any unavailability of webhook reception servers. In this case, we recommend manual synchronization of failed events.

Test your webhooks url 🧪

You can now test your webhook in real-life conditions by clicking on the “Send a test webhook” button.

How to secure the webhook? 🛡️

Although it's not mandatory, it is recommended to validate the incoming webhook request to avoid potential attacks by a hacker who has sniffed the network and is thus able to post anything on your webhook url and trigger or spam the creation of elements in your system.

Each time a request is made to modify or delete an element in Dastra, we'll post an object to all the urls you've configured for the desired event. Each POST request will include a Dastra-Signature header, which can be retrieved on the server side.

This header corresponds to the entire posted JSON, hashed using the HMAC-Sha256 algorithm with the webhook's validation key.

DastraSignature = HMAC256(<JSON serialized POST>,<webhook validation key>)

Here are some examples of query signature validation:

error_reporting(E_ALL);
ini_set('display_errors', 1); 
c
$secret = "your dastra validation key";// your secret key
$payload = "";// equest body
$headers = "";// request message headers array

$signature = "";// the HMAC hash key in the HTTP header 'Dastra-Signature'
$result = false;// verification result

if (isset($_POST)) {
    try {
        $payload = file_get_contents('php://input');
        $headers = get_ds_headers();
        if (array_key_exists("Dastra-Signature", $headers)) {
            $signature = $headers["Dastra-Signature"];
            $result = hash_is_valid($secret, $payload, $signature);
            log_result($signature, $payload, $result);
        }
     } catch (Exception $e) {
        logger("\nException: " . $e->getMessage() . "\n");
    }
    header("HTTP/1.1 200 OK");
}

function get_ds_headers()
{
    $headers = array();
    foreach ($_SERVER as $key => $value) {
        if (strpos($key, 'HTTP_') === 0) {
            $headers[str_replace(' ', '', ucwords(str_replace('_', ' ', strtolower(substr($key, 5)))))] = $value;
        }
    }
    return $headers;
}
 
function compute_hash($secret, $payload)
{
    $hexHash = hash_hmac('sha256', $payload, utf8_encode($secret));
    $base64Hash = base64_encode(hex2bin($hexHash));
    return $base64Hash;
}
 
function hash_is_valid($secret, $payload, $verify)
{
    $computed_hash = compute_hash($secret, $payload);
     return hash_equals($verify,$computed_hash);
 }
[HttpPost]
public IActionResult Handle(){
    string dastraSignature = Request.Headers["Dastra-Signature"];
    string key = "Your validation key";
    string payload = GetRequestBody();
}

private static bool ValidateSignature(string signature, string payload, string secret)
{
    using (var hmacsha256 = new HMACSHA256(Encoding.UTF8.GetBytes(secret)))
    {
        var hash = hmacsha256.ComputeHash(Encoding.UTF8.GetBytes(payload));
        var result = Convert.ToBase64String(hash);
    }
    
    return result.Equals(signature)
}

private static string GetRequestBody()
{
    var bodyStream = new StreamReader(Request.InputStream);
    bodyStream.BaseStream.Seek(0, SeekOrigin.Begin);
    var bodyText = bodyStream.ReadToEnd();
    return bodyText;
} Some code

What happens when the url answers something other than 200

The webhook will be automatically blocked and considered in error when the threshold of 5 errors is exceeded.

How to set up webhooks with APIs

Retrieve webhooks linked to your account (in all workspaces)

Create a new webhook url using the POST endpoint. Fill in the events to which you wish to subscribe your webhook with the subscribedEvents webhooks parameter.

A webhook ID will be returned to you

⚙️
https://app.dastra.eu/general-settings/webhooks

Get all webhooks urls configured in workspace

get
Autorisations
Paramètres de requête
workspaceIdinteger · int32Optionnel
Réponses
200
Success
application/json
get
GET /v1/WebHookUrls HTTP/1.1
Host: api.dastra.eu
Accept: */*
200

Success

[
  {
    "signatureKey": "123e4567-e89b-12d3-a456-426614174000",
    "errorMessage": "text",
    "nbErrors": 1,
    "dateLastError": "2025-05-11T12:19:42.379Z",
    "inError": true,
    "workSpace": {
      "id": 1,
      "tenantId": 1,
      "primaryColor": "text",
      "secondaryColor": "text",
      "label": "text",
      "logoUrl": "text",
      "state": "Active",
      "permissions": [
        {
          "name": "text",
          "tenantId": 1,
          "workSpaceId": 1,
          "shortName": "text"
        }
      ],
      "dataSubjectArchivedRetentionDays": 1,
      "nbEntities": 1
    },
    "id": 1,
    "url": "text",
    "workSpaceId": 1,
    "subscribedEvents": [
      "ProcessingCreation"
    ]
  }
]

Get webhook by id

get
Autorisations
Paramètres de chemin
idinteger · int32Requis
Réponses
200
Success
application/json
get
GET /v1/WebHookUrls/{id} HTTP/1.1
Host: api.dastra.eu
Accept: */*
200

Success

{
  "signatureKey": "123e4567-e89b-12d3-a456-426614174000",
  "errorMessage": "text",
  "nbErrors": 1,
  "dateLastError": "2025-05-11T12:19:42.379Z",
  "inError": true,
  "workSpace": {
    "id": 1,
    "tenantId": 1,
    "primaryColor": "text",
    "secondaryColor": "text",
    "label": "text",
    "logoUrl": "text",
    "state": "Active",
    "permissions": [
      {
        "name": "text",
        "tenantId": 1,
        "workSpaceId": 1,
        "shortName": "text"
      }
    ],
    "dataSubjectArchivedRetentionDays": 1,
    "nbEntities": 1
  },
  "id": 1,
  "url": "text",
  "workSpaceId": 1,
  "subscribedEvents": [
    "ProcessingCreation"
  ]
}

Delete webhook url

delete
Autorisations
Paramètres de chemin
idinteger · int32Requis
Réponses
200
Success
delete
DELETE /v1/WebHookUrls/{id} HTTP/1.1
Host: api.dastra.eu
Accept: */*
200

Success

Aucun contenu

  • Concept 👓
  • Configuration 🛠️
  • How to receive the webhook 🛬
  • Test your webhooks url 🧪
  • How to secure the webhook? 🛡️
  • What happens when the url answers something other than 200
  • How to set up webhooks with APIs
  • GETGet all webhooks urls configured in workspace
  • POSTPost a new webhook url
  • GETGet webhook by id
  • DELETEDelete webhook url

Post a new webhook url

post
Autorisations
Corps
idinteger · int32Optionnel
urlstringRequis
workSpaceIdinteger · int32 | nullableOptionnel
Réponses
200
Success
application/json
post
POST /v1/WebHookUrls HTTP/1.1
Host: api.dastra.eu
Content-Type: application/json-patch+json
Accept: */*
Content-Length: 79

{
  "id": 1,
  "url": "text",
  "workSpaceId": 1,
  "subscribedEvents": [
    "ProcessingCreation"
  ]
}
200

Success

{
  "signatureKey": "123e4567-e89b-12d3-a456-426614174000",
  "errorMessage": "text",
  "nbErrors": 1,
  "dateLastError": "2025-05-11T12:19:42.379Z",
  "inError": true,
  "workSpace": {
    "id": 1,
    "tenantId": 1,
    "primaryColor": "text",
    "secondaryColor": "text",
    "label": "text",
    "logoUrl": "text",
    "state": "Active",
    "permissions": [
      {
        "name": "text",
        "tenantId": 1,
        "workSpaceId": 1,
        "shortName": "text"
      }
    ],
    "dataSubjectArchivedRetentionDays": 1,
    "nbEntities": 1
  },
  "id": 1,
  "url": "text",
  "workSpaceId": 1,
  "subscribedEvents": [
    "ProcessingCreation"
  ]
}