WebHooks
WebHooks allow you to build or set up integrations that subscribe to certain events on LoginRadius. When one of these events is triggered, LoginRadius will automatically send a POST payload over HTTPs to the WebHook's configured URL in real time. WebHooks can be used to update an external tracker or update a backup mirror.
Note: Once the request is submitted to the WebHook's configured URL, LoginRadius does not track payload deliverability.
Events
When configuring a WebHook, you can select the events for which you would like to receive payloads. Only subscribing to the specific events you plan on handling is useful for limiting the number of HTTP requests to your server. You can change the list of subscribed events through the API at any time. By default, WebHooks are only subscribed to the push event. The following are the allowed events: Login, Register, UpdateProfile, ResetPassword, ChangePassword, EmailVerification, AddEmail, RemoveEmail, BlockAccount, DeleteAccount, SetUsername, AssignRoles, UnassignRoles, SetPassword, LinkAccount, UnlinkAccount, UpdatePhoneId, VerifyPhoneNumber, UpdateCustomobject, DeleteCustomObject, CreateCustomObject, InvalidateEmailVerification, InvalidatePhoneVerification, RemovePhoneId, RemoveRoleContext, ConsentProfileUpdate, SetPIN, ResetPIN and ChangePIN.
The APIs associated with these events can be found here.
WebHook sample header
All webhook POST request headers will contain the following fields: host, accept, accept-encoding, content-type, request-context, request-id, signature, user-agent, content-length, connection.
Here is the sample for WebHook payload header:
WebHook Security
All the WebHook's configured URL must use https as it is more secure. If you use https, your SSL/TLS certificate must be validated.
A signature field is passed in every WebHook payload header to subscribed URL in Admin Console. The signature field value contains API secret and payload body in the hashed form. The signature data field can be used to verify the source of data for each incoming POST request is LoginRadius.
The following .net script can be used to generate a signature field from the LoginRadius API secret and WebHook payload Body. You can compare this generated signature with the signature field value in the WebHook payload header to validate the WebHook source of data.
-
Replace
<LoginRadius API Secret>with the API Secret for your LoginRadius site in the below code.Note: LoginRadius facilitates selecting either the primary API secret or any of the secondary API secret (having the access to Webhook API) for generating the hashed webhook signature. You need to use the same LoginRadius API secret that has been used while configuring the corresponding webhook in the Webhooks section of the Admin Console.
-
Replace
<WebHook Payload Body>with WebHook Payload Body in string format. -
The code will write derived signature in the console.
using System;
using System.Text;
using System.Security.Cryptography;
public class Program
{
private const string key = "<LoginRadius API secret>";
private const string message = "<WebHook payload body>";
private static readonly Encoding encoding = Encoding.UTF8;
static void Main(string[] args)
{
var keyByte = encoding.GetBytes(key);
using (var hmacsha256 = new HMACSHA256(keyByte))
{
hmacsha256.ComputeHash(encoding.GetBytes(message));
Console.WriteLine("Result: {0}", ByteToString(hmacsha256.Hash));
}
}
static string ByteToString(byte[] buff)
{
string sbinary = "";
for (int i = 0; i < buff.Length; i++)
sbinary += buff[i].ToString("X2"); /* hex format */
return sbinary;
}
}
WebHook Sample Payload Body
| Event | Sample Payload |
|---|---|
| Login | Link |
| Register | Link |
| UpdateProfile | Link |
| ResetPassword | Link |
| ChangePassword | Link |
| emailVerification | Link |
| AddEmail | Link |
| RemoveEmail | Link |
| BlockAccount | Link |
| DeleteAccount | Link |
| SetUsername | Link |
| AssignRoles | Link |
| UnassignRoles | Link |
| SetPassword | Link |
| LinkAccount | Link |
| UnlinkAccount | Link |
| UpdatePhoneId | Link |
| VerifyPhoneNumber | Link |
| UpdateCustomobject | Link |
| DeleteCustomObject | Link |
| CreateCustomObject | Link |
| InvalidateEmailVerification | Link |
| InvalidatePhoneVerification | Link |
| RemovePhoneId | Link |
| RemoveRoleContext | Link |
| SetPin | Link |
| ResetPin | Link |
| ChangePin | Link |
Configure WebHook
WebHook can be configured on LoginRadius in Admin Console or by leveraging LoginRadius WebHook APIs.
Below are the steps to add a WebHook event to LoginRadius via the Admin Console.
Step 1: Navigate to Integrations > Data Sync > Webhooks in the Admin Console. The following screen will appear.
Step 2: Click Add button and assign a Webhook Name of your choice, select an event from those available under the Webhook Event dropdown, enter a Subscribe URL where payload data will be sent when the webhook event is triggered, select an API Secret Name and click Add.
Note: LoginRadius facilitates selecting either the primary API secret (select None) or any of the secondary API secret (having the access to Webhook API) for generating the hashed webhook signature. You can use this LoginRadius API secret to validate the webhook source of data for the corresponding webhook.
Step 3: Now, the successfully configured webhook will be displayed under the Configured Requests table.
To add or edit the Custom Objects or select any different API secret within the Webhook, click the dropdown button from the Action column for the corresponding Event in the Configured Requests table, and select Edit.
Note: Custom Objects can be updated through webhooks that are configured with an SQS URL. This URL is generated automatically by the backend system once you configured the integration and can be found in the webhook section.
Here, you can add the Custom Objects directly in the Webhook form or select any other API secret and click Update to save the changes.
To remove any Webhook event from LoginRadius, click the corresponding dropdown button from the Action column in the Configured Requests table and select Unsubscribe.
Note: For more details on the APIs associated with WebHooks, its handling, payload information, and the WebHook APIs, refer to the Webhook API Overview document.