Hiweb Developers

# Webhooks

You can use webhook subscriptions to receive resource update events in a website. Hiweb will always send a POST request with JSON:API document (body)

By default, 3 events will be registered for you, they are:

  • app_tokens.create: Trigger when a website installed your app.
  • app_tokens.update: Trigger when a website update your app token, like disable or refresh token.
  • app_tokens.delete: Trigger when a website uninstalled your app.

A webhook request will include the following headers:

  • Hiweb-Website-Id: (uuid)
  • Hiweb-Webhook-Signature: You will use this to verify the request
  • Hiweb-Webhook-Event: The event name, for example: app_tokens.create

# Verify webhook request

To verify if a webhook request came from Hiweb, compute the signature with your secret key and compare with the value in request header.

SIGNATURE = HMAC-SHA256(requestJsonPayload: string, YOUR-APP-SECRET-KEY)

Menus