With the release of ARK Core 2.0, a new feature was introduced, called Webhooks which allows you to create more flexible and automated systems while also reducing traffic/load on your server.
Before we start working on the implementation of a webhook handler, we will take a look at handling authorization.
To guarantee that only your server is allowed to send data to your webhook handler, an authorization token is generated on creation of a webhook. The generated token will only be returned once and not be visible again.
To generate an authorization token, you need to create a webhook.
Lets take the following token as an example
fe944e318edb02b979d6bf0c87978b640c8e74e1cbfe36404386d33a5bbd8b66 which is 64 characters long and breaks down into 2 parts at 32 characters length each.
The first 32 characters will be stored in the database and sent to you as a header
Authorization: fe944e318edb02b979d6bf0c87978b64 via a POST request.
The last 32 characters
0c8e74e1cbfe36404386d33a5bbd8b66 need to be stored by you and will serve as a way for you to verify that the request is authorized.
Now that we know how the token is structured and what it is used for we can continue with implementing a webhook handler.
A webhook handler is just a simple POST endpoint that you need to implement at the URL you specified when creating a webhook.
Let's break down the steps we took here:
- Grab the
- Create the full token based on the
- Deny access if the
full tokendoes not equal the
- Log and process the request body if the
full tokenis valid.
Now you should know enough on how to secure and handle incoming webhooks. Head over to the API docs for webhooks to get started.