Feedier

Webhooks

In this guide, we will look at how to register and consume webhooks to integrate your app with Feedier. With webhooks, your app can know when something happens in Feedier, such as someone sending a message or adding a contact.

Registering webhooks

To register a new webhook, you need to have a URL in your app that Feedier can call. You can configure a new webhook from the Feedier dashboard under Advanced Settings. Give your webhook a name, pick the events you want to listen for, and add your URL.

Now, whenever something of interest happens in your app, a webhook is fired off by Feedier. In the next section, we'll look at how to consume webhooks.

Consuming webhooks

When your app receives a webhook request from Feedier, check the type attribute to see what event caused it. The first part of the event type will tell you the payload type.

Example webhook payload

{
  "id": "1ead5993-efa0-49f4-987f-b6d659c9b122",
  "type": "user.joined",
  "payload": {
    "id": 1004
    // ...
  }
}

In the example above, a user was invited, and the payload type is a user.

See all event types

Event types

  • Name
    user.joined
    Description

    A new user has been invited within a team of your organization.

Example payload

{
  "id": "a5d32734-f293-4d50-b351-204b5a1947cb",
  "type": "user.joined",
  "payload": {
    "id": 50,
    //
  }
}

Security

To know for sure that a webhook was, in fact, sent by Feedier instead of a malicious actor, you can verify the request signature. Each webhook request can optionally contain a header named X-Signature, which you can define when creating the webhook on the Feedier platform. You can verify this signature using your secret webhook key. The signature is an HMAC hash of the request payload hashed using your secret key.

Verifying a request

const signature = req.headers['X-Signature']
const hash = crypto.createHmac('sha256', secret).update(payload).digest('hex')

if (hash === signature) {
  // Request is verified
} else {
  // Request could not be verified
}

Important Notes

  • If your generated signature matches the X-Signature header, you can be confident that the request was truly sent by Feedier.
  • The X-Signature header is optional and must be explicitly configured when setting up the webhook on the Feedier platform.
  • Keep your secret webhook key safe and secure. Never commit it to public repositories like GitHub, as this compromises the integrity of your webhook verification. Copy code

Was this page helpful?