ZignSec

Webhooks

A webhook is a method to retrieve and store data from a certain event. You register an http or https URL where the event data can be stored in JSON or XML formats. Webhooks are used differently for different API’s. For the SMS API we sent a webhook every time SMS delivery status changes. Note that this may happen several times.

The response body contains a object with same parameters as the API being used.

Configuring your webhook settings
You need to provide ZignSec with http URL you would like to receive webhooks on.There are some tools that can help the development, for example, RequestBin, Pagekite and ngrok.

If you are unsure please contact ZignSec for help to set up your integration.

Receiving a webhook
Once you have registered a webhook we will send HTTP POST calls to the Specified URL each time an event occurs. POST data contains relevant information from the event that triggered the request.

To acknowledge that you have received data of an webhook, your endpoint should return a 2xx HTTP status code. If a webhook for any reason are not received correctly, ZignSec will try 20 times in 48 hours.

It is important that a webhook answered as quickly as possible. It is recommended to wait to process until after a response has been sent.

Verify a webhook created through the API
Webhooks created through the API can be verified by calculating a digital signature. X-ZignSec-Hmac-SHA256 header which is generated using the AppId secret you have from ZignSec. It also use the data sent in the request.

To verify that a Webhook comes from ZignSec calculate the HMAC digest according to the algorithm below, and compare with the X-ZignSec-Hmac-SHA256 header. If they match, you can be sure that the Webhook was sent from ZignSec and the data has not been compromised.

            byte[] data = Encoding.UTF8.GetBytes(postedJSONString);

using (HMACSHA256 hmac = new HMACSHA256(Encoding.UTF8.GetBytes(yourPersonalAccessTokenString)))
{
   callbackRequest.Headers.Add("X-ZignSec-Hmac-SHA256", System.Convert.ToBase64String(hmac.ComputeHash(data)));
}