squircy2

GitHub Repo

Webhooks

Webhooks allow squIRCy2 to respond to data received by HTTP endpoints.

Webhooks are validated by hashing and signing the payload contents with SHA1 and the generated Webhook key. squIRCy2 will look for this signature in the Webhook’s configured Signature header.

Below is an example Go implementation that hashes and signs the payload before submitting it.

package main

import (
	"crypto/hmac"
	"crypto/sha1"
	"encoding/hex"
	"fmt"
	"net/http"
	"strings"
	"io/ioutil"
)

func main() {
	// The Webhook's ID
	id := "8519993742264042640"
 	// The Webhook's generated key
	key := "c6983a9f-fbd1-4b9c-67fb-5e4e48a7a838"
	// The Webhook's signature header
	header := "X-Signature"
	// The desired payload
	payload := "Hello, World!"
	
	// Hash and sign the payload
	mac := hmac.New(sha1.New, []byte(key))
	_, err := mac.Write([]byte(payload))
	if err != nil {
		panic(err)
	}
	signature := hex.EncodeToString(mac.Sum(nil))

	// Create the web request
	req, err := http.NewRequest("POST", fmt.Sprintf("http://localhost:3000/webhooks/%s", id), strings.NewReader(payload))
	if err != nil {
		panic(err)
	}
	
	// Uncomment if you've enabled BasicAuth
	//req.SetBasicAuth("username", "password")
	
	// Set the signature header to the generated signature
	req.Header.Add(header, fmt.Sprintf("sha1=%s", signature))

	resp, err := http.DefaultClient.Do(req)
	if err != nil {
		panic(err)
	}

	body, err := ioutil.ReadAll(resp.Body)
	if err != nil {
		panic(err)
	}
	fmt.Println(string(body))
	// Outputs: OK
}

A simple handler for the above configuration might look like:

bind('hook.8519993742264042640', function(e) {
    console.log(e.Body);
    // Outputs: Hello, World!
});