Webhooks
Webhooks function like notifications, alerting one application when a specific event occurs in another. This system enables seamless communication between different software, enhancing real-time interaction and response.
Webhooks in WebinarGeek
Webhooks in WebinarGeek are designed to be your real-time information gatherers. They act as personalized alerts that trigger specific actions based on the events happening within our app. For instance, if you're hosting a webinar and someone subscribes, our webhook feature promptly sends you a neatly organized packet of the subscriber's data directly to the URL you've set up. This ensures you stay updated and can respond dynamically to interactions, without the need to constantly check for updates manually. Our webhooks are here to streamline your workflow and keep you connected with what matters most in your app.
Creating A Webhook Integration
Custom Label
Add a Custom Label to a webhook to help differentiate between your webhooks in the integrations menu. This field is required.
URL
URLs for Webhooks must have a scheme, a host and a path. Only HTTPS URLs are accepted. This field is required.
Valid URL:
https://hooks.zapier.com/hooks
Invalid URLs:
hooks.zapier.com/ (missing scheme)
https://.com/ (missing host)
https://hooks.zapier.com/ (missing path)
http://hooks.zapier.com/hooks (http instead of https)
Secret
Configuring the webhook with a secret that can be used to validate the origin of the request is optional. To understand why using a secret is recommended see the section on Validating Webhook Deliveries. This field is optional.
Headers
Content-Type: "application/json"
User-Agent: "WebinarGeek”
ID: Unique ID of the event
Signature: This header is sent if the webhook is configured with a secret. This is the HMAC hex digest of the request body, and is generated using the SHA-256 hash function and the secret as the HMAC key.
Payload
The Webhook payload is made up of information about the event that triggers the
request and data for the entity that the event is associated with.
Information about the event:
ID: ID of the event
Event: Name of the event
Timestamp: Timestamp of the request in UNIX time
Entity Type: The type of object that the entity key contains
Entity: The object that the event is associated with. We currently support Subscriptions only. Our webhooks serialize Subscriptions in the same way that our API does:
https://webinargeek.docs.apiary.io/#reference/0/subscriptions/retrieve-a-subscription
Below is an example of how a request looks.
POST /payload HTTP/2
> Content-Type: application/json
> User-Agent: WebinarGeek
> ID: 11111111
> Signature: sha256=d57c68ca6f92289e6987922ff26938930f6e66a2d
> {
> "id": "2222222",
> "event": "webinar_subscribed",
> "timestamp": 1238716248712,
> "entity_type": "Subscription"
> "entity": {
> ...
> }
> }
Please note! The client must be able to respond to HEAD requests.
Validating Webhook Deliveries
When your server is set up to receive data, it listens for payloads sent to the endpoint you've set. To ensure that these payloads are legitimate and have not been altered, it's strongly suggested to validate their signatures. This validation process helps protect against unauthorized sources and potential security threats, like man-in-the-middle attacks.
Steps for Validation
Create a Secret Token for Your Webhook:
This token should be a random, high-entropy string of text.
You can either create a new webhook with this token or add it to an existing one.
Securely Store the Secret Token:
Keep the token in a secure place accessible to your server.
Avoid hardcoding or publicly exposing the token in any way.
Validate Incoming Webhook Payloads:
Each payload should come with a hash signature, found in the header ‘Signature’.
Use your secret token to compute a hash and compare it with the signature sent with the payload.
Key Points in Validation:
The hash is an HMAC hex digest.
The signature starts with a prefix like sha256=.
The hash is generated using your webhook's secret token and the payload content.
Handle the payload as UTF-8, especially if it contains Unicode characters.
For comparison, use secure methods like secure_compare or crypto.timingSafeEqual to avoid vulnerabilities in timing attacks.
Testing the webhook payload validation
You can use the following secret and payload values to verify that your implementation is correct:
secret: "It's a secret"
payload: "\"Hello World!\"" (as JSON)
If your implementation is correct, the signatures that you generate should match the following signature values:
Signature: sha256=a6353e505082e0614d4f1760c1d25e523ee34141bd2d2e5ef1e4648fc1ed128b
Updating Webhook settings
The Custom Label, URL and Secret of an active Webhook integration can be edited from the integrations menu.
Logs for triggered Webhook events
The logs of all events triggered for a given trigger can be found in the trigger log page, this can be accessed through a trigger in the integrations menu.
Using Zapier for your webhook integration
Creating a webhook to transfer information about an event from WebinarGeek to Zapier allows you to easily connect your WebinarGeek account with over 6000 apps. The process is explained below.
Create a Zap
Open Zapier.
Log in to the website or create an account if you don’t have one yet.
Click ‘Create’ > ‘Zaps’.
Click on ‘Trigger’.
Search for ‘Webhooks’ and select ‘Webhooks by Zapier’.
Under ‘Event’, select ‘Catch Hook’ to work with the payload only (recommended) or ‘Catch Raw Hook’ if you want to use the headers and payload (advanced).
If using ‘Catch Raw Hook’, the ‘Pick off a Child Key’ allows you to choose whether you want to work with the whole payload or a subsection.
Zapier will generate a URL meant to receive the WebinarGeek requests. Copy this URL and save it somewhere before continuing to the next step.
Connect the webhook in WebinarGeek
Open WebinarGeek and log into your account.
Go to ‘Account’ > ‘Integrations’.
Select ‘Webhooks’ and paste the URL from Zapier into the URL field.
Press ‘Connect’.
Create the webhook
After connecting WebinarGeek to Zapier webhooks, click ‘Add trigger’.
Select the desired trigger for your webhook.
Click ‘Add trigger’.
Testing the webhook
Zapier requires a test record to configure what it should do with the payload. That’s why we’ll have to trigger the webhook once before continuing.
Complete your chosen trigger on WebinarGeek (eg. if you selected ‘New registration’, subscribe to a webinar as a test subscriber) then return to Zapier.
Finishing the Zap
Back on Zapier, click ‘Test trigger’.
Once the test is complete and successful, click ‘Continue with the selected record’.
Select which software should receive the webhook data.
The rest of the Zap is up to you! Make sure to check our Zapier documentation for tips and tricks.