Limitations
- Webhooks are only available for applications with grant type client_credentials using an access of type "Agency Manager" (single agency access) and scope "api.profilesondemand.read".
- Notifications can not be tailored to include / exclude specific profiles. Notifications will be sent for all profiles within a travel agency.
- Notifications might be delivered, even if no actual profile data has been changed.
- The notification itself denotes a profile identifier and nothing more. Specifically, it does not contain any profile data or information on what may have changed within the profile.
Receiving Webhooks
Payload
{
"eventTime": "18.03.2024T09:56:17Z"
"profileType": "TRAVELLER",
"event": "UPDATE",
"uuid": "25b46ba4-0e9e-4baa-83bd-ac21a50ef998",
"company": {
"uuid": "34f277f5-2618-4c9e-aa08-affa9f02dfaa"
}
}
| Field | Description |
|---|---|
| eventTime | UTC-Timestamp in format "dd.MM.yyyy'T'HH:mm:ss'Z'" of when the event has originally happened |
| profileType | The profile type for which this notification is sent:
|
| event | The notification type:
|
| uuid | The Umbrella Faces UUID of the affected profile |
| company.uuid | For profileType TRAVELLER only: UUID of the company currently associated with the traveler profile. |
Message authentication
Each Webhook invocation will include the custom header "X-FacesWebhookSignature", which consist of the request body hashed using HMAC-SHA256 with the secret configured during Webhook setup in hex format.
Example: Using the above payload and secret S3cret! one would compute a hash value of bd5c6ea7cbf75262ec0f835213f213b345dd9645624945622555475592def94f
Delivery
Payloads are delivered via HTTPS POST only. Each notification will be transmitted with an individual POST request without applying any batching logic and without any guaranteed order.
The recipient Server must present a trusted certificate and return a HTTP 2XX status code within 10 seconds for the notification delivery to be considered successful.
In case of an error Umbrella Faces will attempt to re-deliver the the notification up to 5 times before silently discarding the notification.
Managing Webhooks
Webhooks are managed in a self-service fashion via the following set of APIs.
Each create / update triggers an immediate "PING" notification (with no retries) to the configured endpoint, and will only be accepted if the PING is succesful
Search / List Webhooks
| Endpoint | api/v1/configuration/webhooks |
|---|---|
| Request method | GET |
Allows searching through a paged list of active Webhook subscriptions for the calling application.
Parameters
Name | Description | Validation |
|---|---|---|
| q | Freetext query for finding webhooks | Required parameter |
| page | Current page within the result set, starts at 0 | Optional, number >= 0 |
| pageSize | Maximum number of results per page. Default 10 | Optional, number > 0 and <= 100 |
Example request
curl -v -H "Authorization: Bearer <token>" \
"https://hurricane.umbrellanet.ch/uf-test/api/v1/configuration/webhooks?q=&page=0&pageSize=10"
Create new Webhook
| Endpoint | api/v1/configuration/webhook |
|---|---|
| Request method | POST |
Register a new Webhook subscription
Example request
curl -v -X POST \
-H "Authorization: Bearer <token>" \
-H "Content-Type: application/json" \
--data '{
"name": "Notify myIntegrationX",
"profileTypes": [
"TRAVELLER",
"CORPORATE"
],
"eventTypes": [
"CREATE",
"UPDATE",
"DELETE"
],
"url": "https://my.example.com/webhook/notify",
"secret": {
"value": "MyNewSecret"
}
}' https://hurricane.umbrellanet.ch/uf-test/api/v1/configuration/webhook
Update existing Webhook
| Endpoint | api/v1/configuration/webhook/<uuid> |
|---|---|
| Request method | PATCH |
Modify Webhook subscription
Parameters
Name | Description | Validation |
|---|---|---|
| <uuid> | The UUID of the subscription to be modified | Required parameter |
Example request
curl -v -X PATCH \
-H "Authorization: Bearer <token>" \
-H "Content-Type: application/json" \
--data '{
"name": "Notify myIntegrationX",
"profileTypes": [
"TRAVELLER",
"CORPORATE"
],
"eventTypes": [
"CREATE",
"UPDATE",
"DELETE"
],
"url": "https://my.example.com/webhook/notify",
"secret": {
"value": "MyNewSecret"
}
}' https://hurricane.umbrellanet.ch/uf-test/api/v1/configuration/webhook/c7c769bc-9310-4b29-b27c-f34355ec66b4
Delete Webhook
| Endpoint | api/v1/configuration/webhook/<uuid> |
|---|---|
| Request method | DELETE |
Remove Webhook subscription
Parameters
Name | Description | Validation |
|---|---|---|
| <uuid> | The UUID of the subscription to be deleted | Required parameter |
Example request
curl -v -X DELETE \
-H "Authorization: Bearer <token>" \
https://hurricane.umbrellanet.ch/uf-test/api/v1/configuration/webhook/c7c769bc-9310-4b29-b27c-f34355ec66b4