Appearance
Enabling Webhooks
Webhooks allow developers to receive events as they occur, greatly simplifying the overhead for loading data and polling through restful API endpoints for changes in data.
How to enable webhooks
- Login to your Zinc developer account.
- Click the edit button correspondingg to the application you'd like to update.
- Enter your secure server side URL endpoint in the Webhooks URL field. (ex: https://myapp.mycompany.com/zubie)
- Specify the types of events you wish to receive by selecting the corresponding checkboxes.
Using webhook data
You will receive an HTTP POST with a JSON body containing details about the event. Each post contains:
| Property | Type | Description |
|---|---|---|
| user_key | string | The unique identifier for the user that has granted your app permission. |
| account_key | string | The unique identifier for the account. |
| event | string | The type of event. |
| timestamp | string | UTC with local offset. |
Additional attributes/objects specific to that event type (see Sample Payloads for more details). Note user_id and account_id will also be included for legacy integrations.
Development Tips
You can use a service like RequestBin or Webhook.site to inspect webhooks for events in your test account (requires an active device)
Payload Security
All webhook payloads requests include an additional security header named, Zubie-Signature. This header is used to validate Zubie as the source of the inbound post.
The signature value is a base 64 encoded HMAC digest hash, which is generated from the application’s secret key and the web hook payload string. Upon receipt of a web hook post, generate your own hash for the given payload using your secret key and compare to the request header. Discard any requests fail to pass the comparison.
For examples on how to generate the hash in various languages, check out these HMAC examples.