Webhook
A webhook is a mechanism for one system to send data to another system as soon as a specific event occurs. It's a way to automate data exchange and communication between different software
Last updated
Was this helpful?
A webhook is a mechanism for one system to send data to another system as soon as a specific event occurs. It's a way to automate data exchange and communication between different software
Last updated
Was this helpful?
Use the callback_url provided on a task request
Link:
Webhook Url Expectations:
POST request is supported on the webhook URL and the URL provides 200 as the response code for successful request
The webhook URL should not have any authentication in place
Retry mechanism:
On Webhook fall failure we will retry for 4 times Exponentially backing ( 1Hr, 2Hr, 4Hrs)) off until the 4th retry limit is reached.
Request to callback URL will Auto Timeout after 5 seconds \
For enhanced security and data integrity, CloudFactory employs a robust authentication mechanism for all dispatched webhook events. This mechanism guarantees the authenticity and origin of received data, allowing clients to process information with confidence.
Verification Process:
Signature Generation: Each transmitted webhook event includes a unique signature. This signature is derived through a cryptographically secure hashing function (SHA-256) applied to the event payload utilizing a confidential key shared exclusively between CloudFactory and the client’s service.
Signature Transmission: The generated signature is appended to the HTTP request headers delivered to the client’s designated webhook URL, specifically within the "X-CF-Signature" header.
Signature Verification: Upon receiving a webhook event, it is imperative to independently compute a signature using the identical shared secret key and the received event payload.
Authentication Validation: The computed signature is compared against the received "CF-Signature" header value (v1). A successful match conclusively verifies the event's authenticity and confirms its origination from CloudFactory. Conversely, any discrepancy denotes a potential security concern, necessitating the immediate rejection of the event.
By adopting this authentication process, CloudFactory safeguards client data integrity and empowers clients to utilize reliable information for optimized decision-making confidently.
As the webhook endpoint is open, clients can verify the request is valid using following mechanism:
Step 1: Extract the timestamp and signatures from the header
Firstly, split the X-CF-Signature header value using the ; character as the separator to get a list of elements. Then split each element using the = character as the separator to get a prefix and value pair. The t corresponds to the timestamp, v1 corresponds to the signature.
Step 2: Prepare signed_payload
Concatenate the following to create a signed_payload string:
the timestamp t
the character .
the request body
Step 3: Generate the expected signature
Generate a unique security code (HMAC) using SHA256, where the secret key is the API Key and the signed_payload string as the message.
Step 4: Compare against the signature
Check if the newly generated security code is the same as the signature (v1) provided, if it matches we can make sure the API webhook is valid.
Example:
Use HTTPS Endpoint: To guarantee secure webhook delivery, exclusively configure callback_url with https:// URLs for TLS encryption and verify they point to applications solely under your ownership.
Prevent Replay Attacks:
Check if the timestamp is not too old.
Check if the webhook for the task request id has already been acknowledged by the system.
task.error
There has been an error processing the task
task.result_available
Results are now available
task.result_avalilable
Results are now available with extra metadata. Note: Configuration change required from CloudFactory personnel
uuid
string
A unique identifier for the event.
event_type
string
The type of event that occurred. In this case, "task.error"
timestamp
string
The time the event occurred in UTC.
task_id
string
The task identifier.
diagnostic
array
An array of key-value pairs containing diagnostic information about the event.
diagnostic.workstream_id
string
The identifier for the workstream that the event occurred in.
diagnostic.configuration_id
string
The identifier for the configuration that the event occurred in.
diagnostic.tool_project_id
string
The identifier for the tool project that was used when the event occurred.
task_details
object
An object containing internal state of the tasks.
task_details.state
string
The task state at the time of the webhook.
task_details.exisiting_tags
array
The tags associated with the task provided by the clients.
task_details.updated_tags
array
The tags associated with the task updated by CloudFactory.
metadata
array
An array of key-value pairs containing client specific data.