Comment on page
Custom Webhooks
Custom webhooks are triggered by steadybit whenever e.g. an experiment has started or failed. You can configure them at
Settings / Application Settings / Integrations / Custom webhook. The content type is application/json and the message is described in our OpenAPI specification as WebhookPayload.Name | The name for this integration will not show up in the JSON body. |
URL | The URL, which will receive a HTTP Post request with the JSON body |
Secret | |
Team | If no team is specified, you'll receieve all events. If you do specify a team you'll only receive events relevant for this team |
Events | You may select the events you want to recieve. |
If a secret is provided a signature of the body is computed using
HMAC SHA-256 and sent as X-SB-Signature http header. You can use this header to verify the message.Here is an example of doing this in Java:
private static boolean validateSignature(byte[] body, String secret, String header) throws Exception {
//calculate the signature using the secret
Mac mac = Mac.getInstance("HmacSHA256");
mac.init(new SecretKeySpec(secret.getBytes(StandardCharsets.UTF_8), "HmacSHA256"));
byte[] signature = mac.doFinal(body);
//remove the algorithm prefix and decode the hex to bytes[]
byte[] receivedSignature = Hex.decode(header.replaceFirst("^hmac-sha256 ", ""));
//compare using time-constant algorithm
return MessageDigest.isEqual(signature, receivedSignature);
}
Last modified 5d ago