Due to popular demand, we have continued to improve our webhook feature set. Our latest upgrade includes the ability to authenticate Zabo payloads to your webhook endpoint and test your webhook on demand. Let’s dive in!
Setting up a webhook in your application server means that you have to open a public endpoint for Zabo to reach. Having a public endpoint also means it can be called by anyone, causing challenges with validating whether or not Zabo is sending a POST request. Not anymore. You can now add a secret key to your webhook endpoint in the Zabo dashboard, and we will use that secret key to sign and send the payload to your endpoint. We use the same methods discussed in our server authentication, which means the process to validate the Zabo payload in your server is the same.
First, let’s review how we form the signed data, as explained in our documentation. We take the following steps:
- Generate a timestamp
- Concatenate the
- Sign the string formed using the SHA-256 HMAC algorithm with the secret key given in your Zabo admin dashboard.
- Send the POST request to your endpoint with the timestamp used in the
X-Zabo-Timestampheader, and the generated signature in the
When you receive the request, you can place your parameters around the timestamp’s validity and validate the signature. To add the secret key Zabo should use to sign the payload, go to your dashboard at https://zabo.com/dashboard. Navigate to Team Settings > Developer Settings. Scroll to the bottom and select ‘Webhook.’ You should see the Secret Key input pictured in the following screenshot:
In addition to authenticated webhooks, we have unlocked the ability to test your webhook outside our regular webhook intervals. When you create a user with an account and provide a webhook, we POST an update to your webhook every hour. During development, however, you may want to test your webhook on demand. Testing your webhook is now possible in your sandbox application, through your Zabo admin dashboard. To get there, follow the same process earlier and go to your dashboard at https://zabo.com/dashboard. Navigate to Team Settings > Developer Settings. Scroll to the bottom and select ‘Webhook.’ You should see the “Test Webhook Events” button pictured in the following screenshot:
That’s it for now! If you have any additional suggestions for webhook features, questions, or concerns, leave some comments below.