Webhook
Overview
The Webhook allows you to subscribe to different Sitefinity CMS events. When a particular event is registered by the EventHub system, the data for the event is sent to a particular URL that you have registered in the Webhook.
The URL can be the URL of an external system or application that you want to integrate with Sitefinity CMS. The Webhook allows you to accomplish this without writing code in Sitefinity CMS.
Implementation
The Webhook mechanism has its own module and configuration section in the Advanced settings. The Webhook module is disabled by default.
In the configuration section, you can configure a collection of event types. For these types you register one or more URLs.
These are events that are raised by the Sitefinity CMS EventHub and can only be public interfaces that inherit from IEvent
, for example -Telerik.Sitefinity.Web.Events.ILoginCompletedEvent
.
For each event, you can have a collection of URLs. To these URLs, the Webhook sends a POST
request with Content-Type:
application/json
. The body of the request contains the event properties serialized in JSON format.
Supported events
The Webhook module supports the following events:
Telerik.Sitefinity.Web.OutputCache.IOutputCacheInvalidationEvent
Telerik.Sitefinity.Web.Events.ILoginCompletedEvent
Telerik.Sitefinity.Modules.Forms.Events.IFormEntryCreatedEvent
Setup procedure
PREREQUISITES: To use the Webhook, you must activate the Webhook module from Administration » Modules & Services.
To setup the Webhook, perform the following:
- In Sitefinity CMS backend, navigate to Administration » Settings » Advanced.
- In the treeview on the left, expand Webhook and click Webhook events » Create new.
- Enter the Event type that you want to register.
You can enter one of the supported events.
- Save your changes.
- To register a URL where the event will send its data, expand the already registered event and click URLs » Create new.
- In URL, enter the URL where you want to send the event’s data.
- Add a layer of security using the Secret field.
Enter a secret that is strong enough.
Sitefinity CMS uses this secret to compute a Hash-based message authentication code (HMAC) of a string in this format: {body_of_request}_{timestamp}
. This is converted to Base64 string. The timestamp is the current Unix timestamp in milliseconds. The hashing algorithm used is SHA256. Sitefinity CMS sends the HMAC as a Sf-Signature
header and the timestamp as a Sf-Signature-Timestamp
header.
IMPORTANT: If you configure a secret, then you must compute the hash on the other side, using the secret and the timestamp, and compare it with the Sf-Signature
header. This way you can ensure that the request comes from Sitefinity CMS and can prevent others from sending invalid data to the endpoint.
- Save your changes.
Webhook sample JSONs
IOutputCacheInvalidationEvent
ILoginCompletedEvent
IFormEntryCreatedEvent