Authorized Subscribers

Overview #

In certain use cases, you don’t want all subscribers of a topic to get all the events for that topic. Certain events may only be applicable to certain subscribers. An example of this would be a createdOrder topic, you would only want the supplier who should fulfil the order to get that specific createdOrder topic. To solve this use case webhookie has the concept of authorized subscribers. Events published to webhookie can be tagged with a wh-authorized-subscriber header. The value of this header is the entity id of the entity that should receive this event. When a wh-authorized-subscriber header is present only those entities will receive the event regardless of the number of subscribers to the topic. The header can be repeated multiple times for all the authorized subscribers to a particular event.

How to implement Authorized Subscribers #

In order to implement authorized subscribers you need to follow these steps:

1. The ids used in the entity claim (in the JWT tokens) need to be used in the wh-authorized-subscriber header.
2. When publishing a message to webhookie, either via AMQP or the API, you need to specify the wh-authorized-subscriber header in the event.
3. Only subscriptions created by users with the same entity, as that specified in the message, will get the event.