TBD
Limitations
- Webhooks are only available for applications with grant type client_credentials using an access of type "Agency Manager" (single agency access) and scope "api.profilesondemand.read".
- Notifications can not be tailored to include / exclude specific profiles. Notifications will be sent for all profiles within a travel agency.
- Notifications might be delivered, even if no actual profile data has been changed.
- The notification itself denotes a profile identifier and nothing more. Specifically, it does not contain any profile data or information on what may have changed within the profile.
Receiving Webhooks
TBD
Payload
{ "eventTime": "18.03.2024T09:56:17Z" "profileType": "TRAVELLER", "event": "UPDATE", "uuid": "25b46ba4-0e9e-4baa-83bd-ac21a50ef998", "company": { "uuid": "34f277f5-2618-4c9e-aa08-affa9f02dfaa" } }
Field | Description |
---|---|
eventTime | UTC-Timestamp in format "dd.MM.yyyy'T'HH:mm:ss'Z'" of when the event has originally happened |
profileType | The profile type for which this notification is sent:
|
event | The notification type:
|
uuid | The Umbrella Faces UUID of the affected profile |
company.uuid | For profileType TRAVELLER only: UUID of the company currently associated with the traveler profile. |
Message authentication
Each Webhook invocation will include the custom header "X-FacesWebhookSignature", which consist of the request body hashed using HMAC-SHA256 with the secret configured during Webhook setup in hex format.
Example: Using the above payload and secret S3cret! one would compute a hash value of bd5c6ea7cbf75262ec0f835213f213b345dd9645624945622555475592def94f
Delivery
Payloads are delivered via HTTPS POST only. Each notification will be transmitted with an individual POST request without applying any batching logic.
The recipient Server must present a trusted certificate and return a HTTP 2XX status code within 10 seconds for the notification delivery to be considered successful.
In case of an error Umbrella Faces will attempt to re-deliver the the notification up to 5 times before silently discarding the notification.
Managing Webhooks
Webhooks are managed in a self-service fashion via the following set of APIs.
Each create / update triggers an immediate "PING" notification (with no retries) to the configured endpoint, and will only be accepted if the PING is succesful
Search / List Webhooks
Endpoint | api/v1/configuration/webhooks |
---|---|
Request method | GET |
Allows searching through a paged list of active Webhook subscriptions for the calling application.
Parameters
Name | Description | Validation |
---|---|---|
q | Freetext query for finding webhooks | Required parameter |
page | Current page within the result set, starts at 0 | Optional, number >= 0 |
pageSize | Maximum number of results per page. Default 10 | Optional, number > 0 and <= 100 |
curl -v -H "Authorization: Bearer <token>" \ "https://hurricane.umbrellanet.ch/uf-test/api/v1/configuration/webhooks?q=&page=0&pageSize=10"
Create new Webhook
Endpoint | api/v1/configuration/webhook |
---|---|
Request method | POST |
Register a new Webhook subscription
curl TBD
Update existing Webhook
Endpoint | api/v1/configuration/webhook/<uuid> |
---|---|
Request method | PATCH |
Modify Webhook subscription
Parameters
Name | Description | Validation |
---|---|---|
<uuid> | The UUID of the subscription to be modified | Required parameter |
curl TBD
Delete Webhook
Endpoint | api/v1/configuration/webhook/<uuid> |
---|---|
Request method | DELETE |
Remove Webhook subscription
Parameters
Name | Description | Validation |
---|---|---|
<uuid> | The UUID of the subscription to be deleted | Required parameter |
curl -v -X DELETE \ -H "Authorization: Bearer <token>" \ https://hurricane.umbrellanet.ch/uf-test/api/v1/configuration/webhook/c7c769bc-9310-4b29-b27c-f34355ec66b4