SupportCandy provides a powerful webhook feature that allows users to receive notifications and data updates for various actions within the system. Webhooks are outgoing requests sent to a specified URL whenever a trigger event occurs, such as creating a ticket, changing status, assigning tickets, closing tickets, or replying to tickets.
This documentation guides you through the process of setting up and managing webhooks in SupportCandy.
Creating a New Webhook
- In the SupportCandy settings, go to the “Webhooks” section.
- Click on “Add New”
- Fill in the required details, including the webhook name and the Delivery URL where the webhook requests will be sent.
- Choose the trigger events that will activate the webhook.
- Generate the secret for webhook.
- Submit the webhook configuration.
Webhook Settings
- Webhook Name: A descriptive name for the webhook.
- Delivery URL: The URL where webhook requests will be sent.
- Triggers: Select trigger that will activate the webhook.
- Secret Key: (Optional) Add a secret key for enhanced security.
How to authentic webhook response?
The secret key used to generate a hash of the delivered webhook and provided in the request headers.
The hash is received – as a HTTP header in the webhook response. “X-WPSC-Webhook-Signature – A base64 encoded HMAC-SHA256 hash of the payload”.
You can use following php code to generate a base64 encoded hash MAC on your receiving side to compare with the X-WPSC-Webhook-Signature value in the HTTP header in order to validate the message. If your encoded hash signature and the one in the HTTP header match then you are able to assume this is a valid response from your site.
$yourHashSig = base64_encode(hash_hmac(‘sha256’, $webhook_payload, wp_specialchars_decode( $secret, ENT_QUOTES ), true));
The secret used here is the same secret value set on the webhooks configuration page.