Webhook

A webhook is a means of automating responses for software. They are called “event-based APIs.” What that means is that a new user or application will do something specific or an event occurs, and that specific action will trigger the webhook to respond as programmed.

Specifically, webhooks exist to help two devices communicate, but that communication is really one-sided. If you are using an app and it needs to download data for you to carry on with what you’re doing, then a webhook is likely running the show.

As a result, webhooks can be fairly complicated tools, but they always revolve around this unifying concept.

Webhooks are necessary to enable one device to talk to another device (unless you use a different communication tool, which might include an API). They connect your app to a server or device that has the data that you need.

OneAuxilia webhooks

OneAuxilia webhooks allow you to receive event notifications from OneAuxilia, such as when a user is created or updated. When an event occurs, OneAuxilia will send an HTTP POST request to your webhook endpoint configured for the event type. The payload carries a JSON object. You can then use the information from the request's JSON payload to trigger actions in your app, such as sending a notification or updating a database.

You can find the Webhook signing secret when you click on the endpoint you created on the page in the OneAuxilia Dashboard.

Supported webhook events

To find a list of all the events OneAuxilia supports:

1. Navigate to the OneAuxilia Dashboard.

2. In the navigation sidenav, select Webhooks.

3. Tick the Event Catalog tab.

Payload structure

The payload of a webhook is a JSON object that contains the following properties:

• object: always set to event.

• type: the type of event that triggered the webhook.

The following example shows the payload of a member.create event:

{
    "data": {
        "id": 4,
        "email": "[email protected]",
        "last_name": "O'Reilly",
        "created_at": "2024-08-30 07:31",
        "created_by": {
            "id": 16,
            "email": "[email protected]",
            "last_name": "Oneauxilia",
            "first_name": "Sample"
        },
        "first_name": "Amparo",
        "updated_at": "2024-08-30 07:31",
        "updated_by": {
            "id": 16,
            "email": "[email protected]",
            "last_name": "Oneauxilia",
            "first_name": "Sample"
        },
        "phone_number": "+84123456789",
        "public_metadata": {},
        "additional_information": {}
    },
    "type": "member.create",
    "object": "event"
}

The payload should always be treated as unsafe until you validate the incoming webhook. Webhooks will originate from another server and be sent to your application as a POST request. A bad actor would fake a webhook event to try and gain access to your application or data.