Webhooks
Integrate hotglue with your own workflow by configuring a webhook
Configure the webhook
To configure a webhook for your environment, head to the environment settings and set the webhook options. There are two fields:
| Name | Description |
|---|---|
| Webhook URL | This is the webhook endpoint you want hotglue to send POST requests to |
| Webhook Secret | Optional - if provided, hotglue will generate a signature of every payload using this secret and include it as the X-Hub-Signature in the request headers. Used to verify the payload is from hotglue. |
Webhook payload
hotglue will send a webhook POST request to your hook every time a job moves forward in the job lifecycle. You can read about the job lifecycle here.
Example payload
{
"job_id": "16FzN",
"env_id": "dev.dummy.hotglue.xyz",
"flow_id": "l8odS2mce",
"job_name": "test_job:kr8J8ks-u",
"tenant": "default",
"started_by": "default",
"s3_root": "default/flows/l8odS2mce/jobs/16FzN",
"start_time": "2020-12-30T20:29:21.614299+00:00",
"state": {},
"tap": "quickbooks:sandbox",
"status": "JOB_COMPLETED",
"task_id": "dab752626e3944db960b7c9cc9ab3a25",
"last_updated": "2020-12-30T20:31:00.081282+00:00"
}
Validating the signature
If you've chosen to set a webhook secret, we will send an X-Hub-Signature in the request headers to your webhook URL. The purpose of this is to verify that the payload came from hotglue.
See below for sample logic for how to validate the signature using JavaScript.
// Get the X-Hub-Signature header
const signature = req.normalizedHeaders['x-hub-signature'];
// Get the payload of the webhook as a string
const payload = typeof req.rawBody == "object" ? JSON.stringify(req.rawBody) : req.rawBody;
// Get your webhook secret
const secret = hotGlue.webhookSecret;
// Compute the signature using the above parameters
const computedSignature = crypto.createHmac('sha1', secret).update(payload).digest("hex");
const checksum = Buffer.from(signature, 'utf8');
const newChecksum = Buffer.from(computedSignature, 'utf8');
// Verify that the signature matches the X-Hub-Signature that was passed to you
if (checksum.length !== computedSignature.length || !crypto.timingSafeEqual(newChecksum, checksum)) {
// This signature is invalid, and was not sent by hotglue
console.error("Unable to verify Signature " + payload);
return false;
}
// The signature was valid, it is safe to act on this webhok payload
console.log("Verified Payload Signature !");
return true;
Updated 9 months ago