TBD
Limitations
- Webhooks are only available for applications with grant type client_credentials using an access of type "Agency Manager" (single agency access) and scope "api.profilesondemand.read".
- Notifications can not be tailored to include / exclude specific profiles. Notifications will be sent for all profiles within a travel agency.
- Notifications might be delivered, even if no actual profile data has been changed.
- The notification itself denotes a profile identifier and nothing more. Specifically, it does not contain any profile data or information on what may have changed within the profile.
Receiving Webhooks
TBD
Payload
{
"eventTime": "18.03.2024T09:56:17Z"
"profileType": "TRAVELLER",
"event": "UPDATE",
"uuid": "25b46ba4-0e9e-4baa-83bd-ac21a50ef998",
"company": {
"uuid": "34f277f5-2618-4c9e-aa08-affa9f02dfaa"
}
}
| Field | Description |
|---|---|
| eventTime | UTC-Timestamp in format "dd.MM.yyyy'T'HH:mm:ss'Z'" of when the event has originally happened |
| profileType | The profile type for which this notification is sent:
|
| event | The notification type:
|
| uuid | The Umbrella Faces UUID of the affected profile |
| company.uuid | For profileType TRAVELLER only: UUID of the company currently associated with the traveler profile. |
Message authentication
Each Webhook invocation will include the custom header "X-FacesWebhookSignature", which consist of the request body hashed using HMAC-SHA256 with the secret configured during Webhook setup in hex format.
Example: Using the above payload and secret S3cret! one would compute a hash value of bd5c6ea7cbf75262ec0f835213f213b345dd9645624945622555475592def94f
Delivery
Payloads are delivered via HTTPS POST only. Each notification will be transmitted with an individual POST request without applying any batching logic.
The recipient Server must present a trusted certificate and return a HTTP 2XX status code within 10 seconds for the notification delivery to be considered successful.
In case of an error Umbrella Faces will attempt to re-deliver the the notification up to TBD times with a delay of TBD between calls before silently discarding the notification.
Managing Webhooks
Webhooks are managed in a self-service fashion via the following set of APIs.
Each create / update triggers an immediate "PING" notification to the configured endpoint, and will only be accepted if the PING is succesful
Search / List Webhooks
| Endpoint | api/v1/configuration/webhooks |
|---|---|
| Request method | GET |
Allows searching through a paged list of active Webhook subscriptions for the calling application.
Parameters
Name | Description | Validation |
|---|---|---|
| q | Freetext query for finding webhooks | Required parameter |
| page | Current page within the result set, starts at 0 | Optional, number >= 0 |
| pageSize | Maximum number of results per page. Default 10 | Optional, number > 0 and <= 100 |
Example request
curl -v -H "Authorization: Bearer <token>" \
"https://hurricane.umbrellanet.ch/uf-test/api/v1/configuration/webhooks?q=&page=0&pageSize=10"
Create new Webhook
| Endpoint | api/v1/configuration/webhook |
|---|---|
| Request method | POST |
Register a new Webhook subscription
Example request
curl TBD
Update existing Webhook
| Endpoint | api/v1/configuration/webhook/<uuid> |
|---|---|
| Request method | PATCH |
Modify Webhook subscription
Parameters
Name | Description | Validation |
|---|---|---|
| <uuid> | The UUID of the subscription to be modified | Required parameter |
Example request
curl TBD
Delete Webhook
| Endpoint | api/v1/configuration/webhook/<uuid> |
|---|---|
| Request method | DELETE |
Remove Webhook subscription
Parameters
Name | Description | Validation |
|---|---|---|
| <uuid> | The UUID of the subscription to be deleted | Required parameter |
Example request
curl -v -X DELETE \
-H "Authorization: Bearer <token>" \
https://hurricane.umbrellanet.ch/uf-test/api/v1/configuration/webhook/c7c769bc-9310-4b29-b27c-f34355ec66b4