In order to enable the webhooks feature, login to your SendHub application, browse to the My Settings page and enter a valid URL in the WebHook URL textbox as shown in the . When you enter the URL, it automatically sends a test webhook to the URL you entered.
Supported WebHooksCurrently, SendHub will send seven types of webhooks:
● Received Message: Sent when a user receives an inbound message
● Received Block: Sent when a user is blocked (by a contact texting STOP)
● Received Unblock: Sent when a user is unblocked (by a contact texting START)
● Received Subscription: Sent when a contact subscribes to a group
● Received Confirmed: Sent when a contact confirms their subscription to a group
● Received Unsubscribe: Sent when a contact unsubscribes from a group
● Test: Sent when a user initiates a webhook test (via the settings page)
All webhook data is sent as JSON within the body of a POST request to the configured URL.
Validating Requests are coming from SendHubIf your application exposes sensitive data, or is possibly mutative to your data, then you may want to be sure that the HTTP requests to your web application are indeed coming from SendHub, and not a malicious third party. To allow you this level of security, SendHub cryptographically signs its requests. Here's how it works:
- Turn on SSL on your server and configure your webhook url to use HTTPS.
- SendHub appends the JSON body to the full URL.
- SendHub takes the resulting string (the full URL and the JSON body) and signs it using HMAC-SHA1 and your API Key as the key.
- SendHub sends this signature in an HTTP header called X-SendHub-Signature
- Take the full URL of the request URL.
- If the request is a POST, sort all of the POST parameters alphabetically (using Unix-style case-sensitive sorting order).
- Append the full URL and the body of the request.
- Sign the resulting string with HMAC-SHA1 using your API Key as the key.
- Base64 encode the resulting hash value.
- Compare your hash to ours, submitted in the X-SendHub-Signature header. If they match, then you're good to go.