A Webhook API is a collection of webhooks or topics that can be subscribed to. Similar to a REST API which is a collection of endpoints that can be called.
If you think of any product or application there are normally multiple data domains managed by it. With each data domain, there will be a series of events associated with them – the most common are the CRUD events. A typical implementation would make all of these events available as their own webhook/topic within a webhook API.
A webhook API is specified using the ASYNC API specification. In addition to the specification, it is also important to define which groups of developers could discover these events and subscribe to them. Lastly, you must define which group of developers can manage this API (normally some of your teammates). More details to follow below.
A user must have the WH_PROVIDER role to be able to create and manage Webhook APIs. This role is assigned to your user in your identity platform.
When creating a Webhook API the user must select which consumer groups can discover and subscribe to the webhooks.
There is also an option to make the Webhook API public which means that any unauthenticated user can discover the Webhook API and any authenticated user can subscribe to a webhook within the API.
Consumer groups need to be set up by your administrator and in your identity platform. For more details read about creating consumer groups.
It is also required to specify which developers can manage the API, including seeing the subscriptions to the API, via the provider groups.
Alternatively, if there is only one team using webhookie, the user can select the All Provider groups option allowing any authenticated user with a WH_PROVIDER role to manage the API.
Provider groups need to be set up by your administrator and in your identity platform. For more details read about creating provider groups.
The requirements of the webhook API, which includes primarily topics, schema, and security options, are specified using the ASYNC API specification.
At this stage, we don’t use the full specification. The below table has the fields of the ASYNC API specification which are used:
hmacSig: type: symmetricEncryption description: HMAC Signature
When you publish the API it will become available for the consumers you specified to discover and subscribe to the webhooks/topics within the API.
Powered by BetterDocs