Setting up Webhooks

Setting up webhooks

The settings page allows you to configure the webhooks notifications you want to receive, as well as view a log of attempts we have made to deliver notifications to you.

Webhooks Settings

The settings part of the screen allows you to configure the following pieces of information.

URL

This field should contain the full URL to your webhooks endpoint. Our system will send an HTTP POST request to this address. Your address must use HTTPS, and must be configured with a valid certificate.

Webhooks secret

This field allows you to specify a secret that we will use to sign the request. This allows you to verify that any webhooks notifications have come from ResDiary, and not anyone else, and allow you to ensure that the contents haven't been tampered with.

The secret is used to generate an HMAC signature using SHA-1, similar to the approach taken at Github. If you specify a secret, we will pass it in a X-ResDiary-Signature header in each request we send to you. It will look something like this:

X-ResDiary-Signature: sha1=7542bc6b67f46a1c5f1c5cdaab51ffc9fa007eb3

To verify that the request is valid, and has come from ResDiary, you should take your secret, and generate a hash of the request body, and then compare it to the value sent in the X-ResDiary-Signature header.

For example, you can use the following C# code to generate a signature:

public string GenerateSignature(byte[] message, string key)
{
    var keyBytes = Encoding.UTF8.GetBytes(key);
    using (var hmac = new HMACSHA1(keyBytes))
    using (var messageStream = new MemoryStream(message))
    {
        var hash = hmac.ComputeHash(messageStream);
        return string.Format("sha1={0}",
        BitConverter.ToString(hash).ToLowerInvariant().Replace("-", string.Empty));
    }
}

Obviously we recommend that you specify a key and verify it properly in your webhooks endpoint, but if you don't want to do this you can just leave the field empty.

Event Type

This field contains the types of changes that you want to receive notifications about. You must choose at least one of these types in order to receive notifications.

Enabled Restaurants

This field contains the restaurants that you want to receive notifications about. You must choose at least one of these types in order to receive notifications.

Logs

The logs tab allows you to view a log of all of the attempts we've made to send you webhooks notifications. Each row contains the timestamp of when we tried to send the request, the URL we sent it to, the status code we received, along with a log message explaining what happened. You can also view the request we sent you.

Errors

Our webhooks service will make an HTTP POST request to the URL you have configured. It treats any 2xx response code as a success, and any other response as a failure.

Timeouts

Your webhooks endpoint must return a response within 30 seconds. If it takes longer than 30 seconds it will be considered to have failed.

Retries

If any webhooks request fails, we will try to re-deliver the request to you. We will try to re-deliver each request 5 times, waiting at least 30 seconds between each retry. If we don't receive a success response within those 5 times we will temporarily disable your webhooks endpoint for 60 minutes. We'll also send you an email telling you this. After 60 minutes your endpoint will be automatically re-enabled and a further 5 attempts will be made to deliver your requests. If these all fail then your endpoint will be disabled again and we will not deliver any more notifications to that endpoint until you re-enable it.

If your endpoint is disabled then a notification will be displayed at the top of your webhooks settings screen.

Once you have figured out what the problem is, you can re-enable your endpoint yourself by clicking on the re-enable button.