Connecting Webhook
-
Go to the “Connect account” section and select Webhook.
-
Fill in the details
Webhook name — any custom name used for convenient display of the account in the list.
URL address — the address where the request for connecting the account and publishing the Webhook will be sent.
Secret token — required for client request authentication. The request's x-hub-signature is sent in Headers, which must be verified and compared on the client side.
-
Domain confirmation When connecting the account, your server will receive a POST request with JSON data. In response, the server must return the string
1qsRgoUgt
.{
"type": "confirmation",
"project_id": "your-project-id"
} -
Client-side secret token verification
<?php
public const CLIENT_SECRET_KEY = '{The key specified in the "Secret token" field when connecting the account}';
/**
* Request signature verification
* @return bool
*/
public function checkSignature()
{
$data = getPayload();
$expectedSignature = hash_hmac('sha1', $data ? json_encode($data) : '', self::CLIENT_SECRET_KEY);
$headerSignature = getRequestHeaders('x-hub-signature');
$signature = strlen($headerSignature) === 45 && strpos($headerSignature , 'sha1=') === 0 ? substr($headerSignature, 5) : '';
return hash_equals($signature, $expectedSignature);
}
/**
* Retrieving request data
* @return array
*/
private function getPayload()
{
$data = file_get_contents('php://input');
return json_decode($data, true);
}
/**
* Retrieving request header
* @param string $headerCode
* @return string|null
*/
private function getRequestHeaders($headerCode)
{
$requestHeaders = apache_request_headers();
return isset($requestHeaders[$headerCode]) ? $requestHeaders[$headerCode] : null;
}
?> -
Post publication When publishing a post, your server will receive a POST request with JSON data.
{
"action": "create_post",
"project_id": int,
"id": int,
"type": "string",
"title": "string",
"content": "string",
"location": {
"id": int,
"name": "string",
"description": "string",
"lat": float,
"lng": float
},
"attaches": []
}