ExaVault Webhooks

A webhook is an HTTP callback: a simple event-notification via HTTP POST. If you define webhooks for Exavault, ExaVault will POST a message to a URL when certain things happen.

Webhooks can be used to receive a JSON object to your endpoint URL. You choose what events will trigger webhook messages to your endpoint URL.

Webhooks will attempt to send a message up to 8 times with increasing timeouts between each attempt. All webhook requests are tracked in the webhooks log.

Getting started

  1. Go to the Account tab inside SWFT.
  2. Choose the Developer tab.
  3. Configure your endpoint URL and select the events you want to trigger webhook messages.
  4. Save settings.

You are all set to receive webhook callbacks on the events you selected.

Verification Signature

ExaVault includes a custom HTTP header, X-Exavault-Signature, with webhooks POST requests which will contain the signature for the request. You can use the signature to verify the request for an additional level of security.

Generating the Signature

  1. Go to Account tab inside SWFT.
  2. Choose the Developer tab.
  3. Obtain the verification token. This field will only be shown if you've configured your endpoint URL.
  4. In your code that receives or processes the webhooks, you should concatenate the verification token with the JSON object that we sent in our POST request and hash it with md5.
  5. md5($verificationToken.$webhooksObject);
  6. Compare signature that you generated to the signature provided in the X-Exavault-Signature HTTP header.

Example JSON Response Object

    {"accountname": "mycompanyname",
     "username": "john"
     "operation": "Upload",
     "protocol": "https",
     "path": "/testfolder/filename.jpg"
     "attempt": 1}

Webhooks Logs

You can keep track of all your webhooks requests in the Activity sevtion of your account. You can find the following info for each request:

  1. date and time - timestamp of the request.
  2. endpoint url - where the webhook was sent.
  3. event - what triggered the webhook.
  4. status - HTTP status or curl error code.
  5. attempt - how many times we tried to send this request.
  6. response size - size of the response from your server.
  7. details - you can check the response body if it was sent.