Setting up webhooks

Not with webhooks. Instead I continuously poll using the API:

forum.example.com/groups/{groupname}/members.json

Hi,

I have looked on the forum about Badge earned webhook, and saw there is something that has been made or maybe still in development.
Is there any plugin doing that, I was trying to test badges with a new post webhook but it’s called much more times than needed, calling a webhook on every new post is a bit intensive for my website.

Is there a way to use a Data Explorer query as a source for a Web Hook?

Whenever a new entry is returned from the SQL query, it would trigger a web hook for that entry with all the row content as JSON.

4 Likes

Not entirely sure how that would work. It would have to trigger the query at some set interval and have to know which data was new.

One thing you can do now though is make an API call to a data explorer query.

5 Likes

I found this PR: https://github.com/discourse/discourse/pull/8038

It looks like an “event hook” was added for exactly this purpose (user added/removed from group), though I still do not receive these events at my webhook endpoint with “Send Everything” selected.

Are these different systems?

1 Like

Hi,

I’ve been trying to set up a webhook which only fires when admins flag a post:

The above configuration does not work :thinking: What am I doing wrong? (I used the ping feature to test the webhook and I do receive the ping).

Also, is there any way to add headers to discourse webhooks?

Cheers!

Your configuration looks correct to me. I have tried setting up a flag event webhook on my own site and am having trouble getting the webhook to fire.

4 Likes

Thanks Simon! What does this mean? Are you going to take a closer look? Will you report back here afterwards? Thanks again.

Yes, one of our engineers is going to look into the issue with Flag Event webhooks. One of us will report back here with what they find.

1 Like

Hey, i have a use case where where i want to trigger actions on my system (intergrated with discourse) on event where user is added or removed or made_owner of a group. Is there a webhook present for this case? thanks in advance!

The issue with the Flag Event webhook is going to be fixed, but after an internal discussion about the issue it has been decided to deprecate that webhook in favour of the Reviewable Event webhook. The Reviewable Event webhook was added to replace the Flag Event webhook and offers the same functionality. If you are configuring new webhooks on your site, you should use the Reviewable Event webhook instead of the Flag Event webhook.

5 Likes

Is there a way to receive the raw field in a webhook event? At the moment it seems its only possible to get the cooked HTML representation, which means I need to make an extra API request to get the raw message using the ?include_raw=1 parameter ( i.e. Discourse API Documentation )

3 Likes

I’ve updated the post webhook serializer to include the raw field for you.

https://github.com/discourse/discourse/commit/1ce6ff0a5597b2990ab6b451d0489ba7a2525c95

Hopefully that helps :grinning:

5 Likes

Awesome, thanks @blake !

2 Likes

I want to trigger a webhook when a specific tag is attached to the topic. How can I do that?

It should work if you add the tag in “Triggered Tags” field.

3 Likes

What is the equivalent for:

const hmac = crypto.createHmac('sha256', secret);
const hash = `sha256=${hmac.update(rawBody).digest('hex')}`;

in PHP to get the same sha256 key for validation?

hash_hmac("sha256","", $secret,FALSE);

Is giving me a different one for the same secret. Anybody?

There’s a PHP example of validating the webhook secret here that might help: https://github.com/discourse/wp-discourse/blob/master/lib/webhook.php#L24-L49.

It checks that hash_hmac( 'sha256', $payload, $secret ) === $sig. To get the signature, it removes the first 7 characters (sha256=) from the value of the X-Discourse-Event-Signature. That is done on this line: https://github.com/discourse/wp-discourse/blob/master/lib/webhook.php#L28.

2 Likes

Thank you! That worked, I did not pass the $payload as message in the PHP hash_hmac function, but an empty string.

1 Like

For those using Rails to process webhooks, the signature verification looks like (in controller)

raw_post = request.raw_post
event_signature = request.headers[“X-Discourse-Event-Signature”]
calculated_hmac = “sha256=#{OpenSSL::HMAC.hexdigest(‘sha256’,SHARED_SECRET,raw_post)}”
ActiveSupport::SecurityUtils.secure_compare(calculated_hmac, event_signature)

3 Likes