Simply put, webhooks are used to trigger an action in response to an event. They are generally used to communicate between systems. This is the simplest way to receive an alert when something happens in Dastra. The aim is to notify third-party applications (APIs, CRM, serverless functions, etc.) in real time.
Select the event(s) you wish to subscribe to. The type of data returned will differ according to the type of event. For example, you can trigger the webhook when a new request to exercise a right is created. In this case, the request body will contain a json
create the webhook
This takes you to the webhook details screen.
β
How to receive the webhook π¬
To receive webhook requests, you need to create an event capture API endpoint. The request is made as a POST and will always be structured in this way. The request body contains a json with details of the event triggered.
Here is the general structure of the response sent:
{
"webhookId": <id of the webhook configured in dastra>,
"signatureUrl": "https://yourapi.com/webhooks/handle",
"userId": <The user whot triggered the event>,
"eventType": <The id of the event>,
"eventName": <The label of the event>,
"data": <Event dynamic data>,
"date": <date of the event>
}
A timeout of 10 seconds is applied to the request, after which the request will be in error. The response code must be 200.
There may be a small delay between the moment the event occurs in the application and the webhook triggering (this delay is linked to the asynchronous nature of webhook execution in our infrastructure). This delay is more or less important depending on the load of our infrastructure, and can go up to 60-120 seconds maximum.
At present, there is no system for replaying failed webhooks and thus compensating for any unavailability of webhook reception servers. In this case, we recommend manual synchronization of failed events.
Test your webhooks url π§ͺ
You can now test your webhook in real-life conditions by clicking on the βSend a test webhookβ button.
How to secure the webhook? π‘οΈ
Although it's not mandatory, it is recommended to validate the incoming webhook request to avoid potential attacks by a hacker who has sniffed the network and is thus able to post anything on your webhook url and trigger or spam the creation of elements in your system.
Each time a request is made to modify or delete an element in Dastra, we'll post an object to all the urls you've configured for the desired event. Each POST request will include a Dastra-Signature header, which can be retrieved on the server side.
This header corresponds to the entire posted JSON, hashed using the HMAC-Sha256 algorithm with the webhook's validation key.
Here are some examples of query signature validation:
What happens when the url answers something other than 200
The webhook will be automatically blocked and considered in error when the threshold of 5 errors is exceeded.
How to set up webhooks with APIs
Retrieve webhooks linked to your account (in all workspaces)
Get all webhooks urls configured in workspace
get
Required scopes
This endpoint requires the following scopes:
: Access database operations
: Access operations
Authorizations
OAuth2clientCredentialsRequired
Authorization URL: Token URL:
OAuth2authorizationCodeRequired
Authorization URL: Token URL:
Query parameters
workspaceIdinteger Β· int32Optional
Responses
200
Success
application/json
get
/v1/WebHookUrls
200
Success
Create a new webhook url using the POST endpoint. Fill in the events to which you wish to subscribe your webhook with the subscribedEvents webhooks parameter.
β
β