Webhooks
Use webhooks to get an HTTPS post when data changes in the Firm App system.
Webhooks will send a POST request to your URL along with
the information on what data changed.
You can subscribe to specific models (such as "Users") and to specific
fields if needed.
If multiple documents are changed at the same time (e.g. a data import) then the system will attempt to batch those changes into a single webhook call to your URL.
Here is a sample of the POST request that you'll receive:
POST https://example.com/your_url
Content-Type: application/json
{
"payload": {
"date": "2024-07-27T05:48:53.657Z",
"events": [
{
"action": "update",
"schema": "user",
"docId": "ussampleuser1id",
"docUpdatedDate": "2024-07-27T05:48:53.657Z",
"diff": {
"name": "Sam Smith"
}
},
{
"action": "create",
"schema": "user",
"docId": "ussampleuser2id",
"docUpdatedDate": "2024-07-27T05:48:53.657Z"
},
{
"action": "delete",
"schema": "user",
"docId": "ussampleuser3id",
"docUpdatedDate": "2024-07-27T05:48:53.657Z"
}
]
},
"signature": "07bc7ab3d34b05bada9735d53f85d7716116d9b48629676907fb9a87e38ae5cd"
}The payload of the webhook is signed so you can know for sure the data came from the Firm App system. To verify this signature, convert the payload to JSON then create an HMAC SHA-256 hex hash using the secret key provided on your webhook's page.
// Verifying the signature in NodeJS/Express
const secret = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
const signature = crypto.createHmac('sha256', secret)
.update(JSON.stringify(req.body.payload))
.digest('hex');
const isValid = signature === req.body.signature;
Next up, check out the Live Console »