Webhook

A representation of the webhook object

Property

Type

Description

url

string

The URL of the webhook endpoint.

secret

string

The endpoint’s secret used to generate webhook signatures.

events

array

The list of events to enable for this endpoint. Allowed values: ["meetingScheduled", "meetingCancelled", "meetingRescheduled"]

created_at

string

The ISO-8601 time at which the object was created.

uuid

string

Unique identifier (UUID v4) of the object.

The example webhook object

{
   "events":[
      "meetingRescheduled",
      "meetingCancelled",
      "meetingScheduled"
   ],
   "url":"https://example.com/webhook",
   "secret":null,
   "created_at":"2021-05-24T11:04:11+00:00",
   "uuid":"2ba9ee0b-e62a-43bd-aed0-31b26056ecdc"
}

The example request that's being made when the meeting is scheduled

Request Method: POST

Request headers:

Header

Description

webhook-signature

Harmonizely can optionally sign the webhook events it sends to your endpoints by including a signature in each event’s Webhook-Signature header. This allows you to verify that the events were sent by Harmonizely, not by a third party

user-agent

The user agent. Always set to Harmonizely.

Request payload:

{
  "data": {
    "rescheduling": null,
    "pretty_canceled_at": null,
    "pretty_scheduled_at": "Wednesday, June 23, 2021 09:30",
    "pretty_scheduled_at_in_invitee_timezone": "Wednesday, June 23, 2021 at 9:30 AM",
    "pretty_canceled_at_in_invitee_timezone": null,
    "event_type": {
      "name": "Demo Call",
      "location": null,
      "location_label": null,
      "description": null,
      "duration": 15,
      "slug": "demo-call",
      "is_secret": false,
      "confirmation_page_type": "internal",
      "confirmation_page_url": null,
      "notification_type": "email",
      "pass_details_to_redirected_page": false,
      "type": "regular",
      "position": 0
    },
    "scheduled_at": "2021-06-23T07:30:00+00:00",
    "end_date": "2021-06-23T07:45:00+00:00",
    "invitee": {
      "first_name": "Bernice",
      "email": "bernice@example.com",
      "full_name": "Bernice J. Cervantez",
      "timezone": "Europe/Warsaw",
      "phone_number": "+48123456789",
      "locale": "en"
    },
    "state": "new",
    "canceled_at": null,
    "uuid": "601f15fb-c7e8-4988-863e-78a6ac4446df",
    "notes": null,
    "details": null,
    "answers": [
      {
        "question_label": "Details",
        "value": "My extra details",
        "question_type": "textarea"
      },
      {
        "question_label": "Agree to terms?",
        "value": 1,
        "question_type": "checkbox"
      }
    ],
    "location": "https://zoom.us/j/xxxxxx",
    "cancellation": null,
    "payment": null
  },
  "event": "meetingScheduled",
  "uuid": "ccc3d816-c44d-4a38-9eb1-e1c7d05538dc"
}

Verifying signature manually

Determine the expected signature

Compute an HMAC with the SHA256 hash function and encode it using base64. Use the webhook’s signing secret as the key, and use the request's payload string as the message.

Example in PHP:

$signature = base64_encode(hash_hmac('sha256', $payload, $secret, true));

2. Compare the signatures

Compare the signature in the webhook-signature header to the expected signature.

PreviousWebhooks

Last updated 3 years ago

Was this helpful?

{ "events":[ "meetingRescheduled", "meetingCancelled", "meetingScheduled" ], "url":"https://example.com/webhook", "secret":null, "created_at":"2021-05-24T11:04:11+00:00", "uuid":"2ba9ee0b-e62a-43bd-aed0-31b26056ecdc" }

The example request that's being made when the meeting is scheduled

Request Method: POST

Request headers:

Header

Description

webhook-signature

user-agent

The user agent. Always set to Harmonizely.

Request payload:

{
  "data": {
    "rescheduling": null,
    "pretty_canceled_at": null,
    "pretty_scheduled_at": "Wednesday, June 23, 2021 09:30",
    "pretty_scheduled_at_in_invitee_timezone": "Wednesday, June 23, 2021 at 9:30 AM",
    "pretty_canceled_at_in_invitee_timezone": null,
    "event_type": {
      "name": "Demo Call",
      "location": null,
      "location_label": null,
      "description": null,
      "duration": 15,
      "slug": "demo-call",
      "is_secret": false,
      "confirmation_page_type": "internal",
      "confirmation_page_url": null,
      "notification_type": "email",
      "pass_details_to_redirected_page": false,
      "type": "regular",
      "position": 0
    },
    "scheduled_at": "2021-06-23T07:30:00+00:00",
    "end_date": "2021-06-23T07:45:00+00:00",
    "invitee": {
      "first_name": "Bernice",
      "email": "bernice@example.com",
      "full_name": "Bernice J. Cervantez",
      "timezone": "Europe/Warsaw",
      "phone_number": "+48123456789",
      "locale": "en"
    },
    "state": "new",
    "canceled_at": null,
    "uuid": "601f15fb-c7e8-4988-863e-78a6ac4446df",
    "notes": null,
    "details": null,
    "answers": [
      {
        "question_label": "Details",
        "value": "My extra details",
        "question_type": "textarea"
      },
      {
        "question_label": "Agree to terms?",
        "value": 1,
        "question_type": "checkbox"
      }
    ],
    "location": "https://zoom.us/j/xxxxxx",
    "cancellation": null,
    "payment": null
  },
  "event": "meetingScheduled",
  "uuid": "ccc3d816-c44d-4a38-9eb1-e1c7d05538dc"
}

Verifying signature manually

Harmonizely generates webhook signatures using a hash-based message authentication code () with which is then base64 encoded.

Determine the expected signature

Compute an HMAC with the SHA256 hash function and encode it using base64. Use the webhook’s signing secret as the key, and use the request's payload string as the message.

Example in PHP:

$signature = base64_encode(hash_hmac('sha256', $payload, $secret, true));

2. Compare the signatures

Compare the signature in the webhook-signature header to the expected signature.