What is a Webhook and How to Configure it?

What is a Webhook and How to Configure it?

Introduction

Webhooks allow administrators to automate the delivery of real-time location data directly to their chosen websites. Webhooks send location information from WeTrack to a designated URL whenever a specified event occurs. Data is sent straight to the company’s website, removing the need to open WeGuard for every location update. Once a webhook link is set up, the destination website can request and receive data from the WeGuard server as long as the link remains active. This eliminates the need for manual data retrieval or continuous polling, offering an efficient and seamless way to stay updated.

Key Features

One Webhook Per Account: Currently, only one Webhook can be generated per WeGuard account.
Platform Compatibility: Webhooks are supported on Android, iOS, and Windows.
Efficiency: Webhooks are faster and more efficient than traditional API methods, ensuring timely and uninterrupted data delivery.

Process for enabling WebHooks through the WeGuard Enterprise Portal

  1. Log in to the WeGuard Console and click on Settings.

  1. Now, click on Web Hooks and toggle ON the Enable WebHooks option to enable WebHooks.

  1. Click on the + button to create a new plan.

  1. Enter the fields Name and URL, select the Configurable Fields needed and ensure "Active" is selected from the list in order to get the location information, and click on Submit.

  1. Upon successful submission, a confirmation message, Webhook has been created, will appear. The configured Webhook details (Name, URL, Active, Actions) will be displayed in the Webhook tab.

  1. The new Webhook sends location data (latitude and longitude) to the specified URL. The destination website can display this data in any preferred format, ensuring flexibility and compatibility with various applications.

Editing a Webhook

To edit an existing Webhook:
  1. Navigate to the Actions section in the Webhook tab.
  2. Select the Edit option.
  3. Update the desired fields and save the changes.
The Webhook sends location data (latitude and longitude) to the specified URL. The destination website can display this data in any preferred format, ensuring flexibility and compatibility with various applications.

Configuring Webhook

Webhook URL: The webhook URL is the endpoint on your server where location updates will be sent. Ensure the following:
  1. Internet Accessibility: The URL must be publicly accessible.
  2. Secure Communication: HTTPS is mandatory for secure data transmission.
  3. HTTP POST Compatibility: The server must accept HTTP POST requests.

Data Payload Structure

When location updates are sent to your webhook, the data payload will have the following structure:

Quote
{
  "eventType": "locationUpdate",
  "data": {
    "accountId": "your-account-id",
    "latitude": 0.0,
    "longitude": 0.0,
    "locationTime": 0,
    "altitude": 0.0,
    "platform": "PlatformName",
    "IMEI": "device-imei",
    "DeviceId": "your-device-id"
  }
}

Security and Authentication

HTTPS Requirement: All webhook URLs must use HTTPS to ensure that data is encrypted during transit.
Shared Secret Key
To authenticate requests, use a shared secret key:

  1. Navigate to the Webhook Configuration section in your dashboard.

  2. Click on View Secret Key (masked by default).

  3. Securely store this key on your server.

HMAC Signature Generation

We use HMAC with SHA256 to sign each request.

  • Signature Algorithm: HMAC-SHA256

  • String to Sign: The JSON payload as a string

  • Secret Key: Your shared secret key

Verifying the Signature

To verify incoming requests:

  1. Extract the signature from the X-Weguard-Signature header.

  2. Compute the HMAC signature using the payload and your shared secret key.

  3. Compare the computed signature with the received signature:

    • If they match, the request is authentic.

    • If not, reject the request.

  1. Additionally, we include a header, X-Webhook-Source: weguard, in our requests, which you can use to verify that the request originated from us.

Client-Side HMAC Signature Verification Example (Go)

Here’s an example of verifying the signature in Go:

Quote

package main

import (

   "crypto/hmac"

   "crypto/sha256"

   "encoding/hex"

   "io/ioutil"

   "net/http"

)

func verify(w http.ResponseWriter, r *http.Request) {

   key := []byte("your-shared-secret-key")

   sig := r.Header.Get("X-Weguard-Signature")

   body, _ := ioutil.ReadAll(r.Body)

   mac := hmac.New(sha256.New, key)

   mac.Write(body)

   expectedSig := hex.EncodeToString(mac.Sum(nil))

   if hmac.Equal([]byte(sig), []byte(expectedSig)) {

       // Signature is valid

       w.WriteHeader(http.StatusOK)

   } else {

       // Signature is invalid

       w.WriteHeader(http.StatusUnauthorized)

   }

}

func main() {

   http.HandleFunc("/", verify)

   http.ListenAndServe(":8080", nil)

}

Custom Headers

Each webhook request includes the following custom headers:

  • X-Webhook-Source: Weguard

  • X-Weguard-Signature: The HMAC signature for verification.


Retry Mechanism

To ensure reliable data delivery, the webhook employs a retry mechanism:

  • Automatic Retries: If the endpoint is unreachable or returns an error, retries will be attempted.

  • Retry Limit: Up to 3 retries.

  • Exponential Backoff: Delays between retries increase to avoid overwhelming your server.

  • Failure Handling: After exhausting retries, data will be moved to a dead-letter queue and eventually discarded.

Rate Limiting Considerations

The frequency of location updates depends on:

  • The number of devices in your account.

  • The update frequency of each device.

Notes
Ensure your server can handle the potential load. Consider implementing queueing or throttling mechanisms to manage bursts of data efficiently.



We hope this article was useful. Thank you for reading.

For more WeGuard insights, please explore the  Visual Knowledge-base Series

For more details, please visit  https://www.weguard.com

If you need any help on this, do call up WeGuard Support at +1(737) 931-1410 Ext. 102 or  contact  WeGuard Support Email  or Initiate  Chat


    • Related Articles

    • Data Usage-How to configure & track WiFi data usage?

      Hello and Welcome to WeGuard Enterprise Visual Knowledge-base Series. In this KB article, We will explain the procedure to configure & track WiFi data usage. Login to WeGuard Console with valid credentials. Click on "Policy Groups" on the left menu. ...

    • Data Usage-How to configure & track mobile data usage?

      Hello and Welcome to WeGuard Enterprise Visual Knowledge-base Series. In this KB article, We will explain the procedure to configure & track mobile data usage. Login to WeGuard Console with valid credentials. Click on "Policy Groups" on the left ...

    • ADVANCED - How to configure auto-launch of an application?

      Hello and Welcome to WeGuard Enterprise Visual Knowledge-base Series. In this KB article, We will explain how to configure auto-launch of an application on the device. WeGuard platform provides an option to auto-launch an application after device ...

    • Configure iOS Enrollment Setup Skip Options

      The MDM enrollment setup skip options allow administrators to customize and streamline the device setup experience by bypassing unnecessary screens, reducing user interaction, and ensuring compliance with organizational policies. These settings are ...

    • How do I configure AirPrint on iOS devices?

      AirPrint is a convenient feature exclusive to Apple devices, enabling users to print high-quality output without the hassle of downloading and installing printer-specific drivers. With AirPrint, you can wirelessly print photos and documents directly ...