Secure your endpoint
While developing to our APIs in our sandbox environment, you can set up your webhook URL and authentication details in your Developer Portal. In production, however, our team will set this up for you.
Please see below on how to setup the Menu Update Webhook URL in the developer portal.
You can find webhook settings page on the dashboard,
Set the webhook URL and if you intend to use HTTP Basic Authentication, please set both Access Key and Access Secret.
Requirements for Update Notice Webhook:
- Webhook will be https
- HTTP verb for Webhook will be POST
- Headers consist of:
- payload consists of JSON with location identifier value:
- HTTP response code of successful update notice will be 200
{
"content-type": "application/json",
"accept": "application/json"
}
{
"location_id": [ insert location identifier as INTEGER for your location here ]
}
Optionally, you may also implement Basic authentication on your end. You will need to explicitly tell us that you want to do this or we will not add anything to the headers.
(example with further details on swagger.io)
Basic authentication is a simple authentication scheme built into the HTTP protocol.
The client sends HTTP requests with the Authorization header that contains the word Basic followed by a space and a base64-encoded string username:password.
For this use case, to keep things simple, we ask the Third Party Platform to decide on the API Key and API Secret and update the same on Webhook details section of the Developer portal [explained at top of this document]. This API Key and API Secret can be used as the username and password, respectively.
For example, to authorize as demo / p@55w0rd (which would be the API Key / API Secret pair, for our use case) the client would send:
Authorization: Basic ZGVtbzpwQDU1dzByZA==
using the Ruby Base64 module, you could have derived that value like so:
> username = "demo"
=> "demo"
> password = "p@55w0rd"
=> "p@55w0rd"
> Base64.strict_encode64(username + ":" + password)
=> "ZGVtbzpwQDU1dzByZA=="