Webhook

post https://www.yourwebsite.com/webhook/endpoint

This page will help you get started with our webhooks.

First set up your webhook URL in the Chargeblast dashboard in the settings tab.

Chargeblast will begin emitting events to your webhook URL with the following schema. These events will be fired anytime a new alert is generated.

Authentication

To authenticate the integrity of incoming webhooks, a header is passed into the post request to your endpoint under the header name svix-signature. The value in this header is an HMAC-SHA256 encoded string using the payload of the request with the webhook secret as key.

In order to authenticate the request, you perform a HMAC-SHA256 encoding using a concat of webhook request body, svix_timestamp and svix_id and your webhook secret (whsec_xxxxxxxxxxxx) and ensure these strings match. Then input string to SHA256 HMAC will look like:

signedContent = "${svix_id}.${svix_timestamp}.${body}"

This is a common method for ensuring that the webhook messages you receive in your server are from a trusted source and haven't been tampered with.

# Your webhook secret key
key = "ws_xxxxxxxxx"

# The JSON string representation of the request body
message = "{ ... }"  # Replace with actual JSON data

# Create a new HMAC object using the SHA256 hash algorithm
hmac_sha256 = hmac.new(key.encode(), message.encode(), hashlib.sha256)

# Get the hexadecimal representation of the HMAC
hmac_hex = hmac_sha256.hexdigest()

# The X-Webhook-Signature from the request header
received_signature = "..."  # Replace with the actual signature from the request header

# Verifying the signature
if hmac_hex == received_signature:
    print("Verification successful: Signatures match.")
else:
    print("Verification failed: Signatures do not match.")

import hashlib
import base64

svix_id = "your_svix_id"
svix_timestamp = "your_svix_timestamp"
body = "your_request_body"

signed_content = f"{svix_id}.{svix_timestamp}.{body}"
secret = "whsec_5WbX5kEWLlfzsGNjH64I8lOOqUB6e8FH"

# Need to base64 decode the secret
secret_bytes = base64.b64decode(secret.split('_')[1])
signature = hashlib.sha256(secret_bytes + signed_content.encode('utf-8')).digest()
encoded_signature = base64.b64encode(signature).decode('utf-8')

print(encoded_signature)

# The Svix-Signature from the request header
received_signature = '...'  # Replace with the actual signature from the request header

# Verifying the signature
if encoded_signature == received_signature:
    print('Verification successful: Signatures match.')
else:
    print('Verification failed: Signatures do not match.')

Types

There is currently only one type of webhook, the alert.create webhook, however additional events are coming soon.

Language
Click Try It! to start a request and see the response here!