Webhooks
Webhooks allow you to build or set up integrations which subscribe to certain events on Appwrite. When one of those events is triggered, we'll send an HTTP POST payload to the webhook's configured URL. Webhooks can be used to purge cache from CDN, calculate data or send a Slack notification. You're only limited by your imagination.
Add Your Webhook
You can set your webhook by adding it from your Appwrite project dashboard. You can access your webhooks settings from your project dashboard or on the left navigation panel. Click the 'Add Webhook' button and choose your webhook name and the events that should trigger it. You can also set an optional basic HTTP authentication username and password to protect your endpoint from unauthorized access.
Payload
Each event type has a specific payload format with the relevant event information. All event payloads mirror the payloads for the API payload which parallel to the event types.
Headers
HTTP requests made to your webhook's configured URL endpoint will contain several special headers:
| Header | Description |
|---|---|
| X-Appwrite-Webhook-Id version >= 0.7 | The ID of the Webhook who triggered the event. |
| X-Appwrite-Webhook-Events | Names of the events that triggered this delivery. |
| X-Appwrite-Webhook-Name | Name of the webhook as specified in your app settings and events list. |
| X-Appwrite-Webhook-User-Id version >= 0.7 | The user ID of the user who triggered the event. Returns an empty string if an API key triggered the event. Note that events like `account.create` or `account.sessions.create` are performed by guest users and will not return any user ID. If you still need the user ID for these events, you can find it in the event payload. |
| X-Appwrite-Webhook-Project-Id version >= 0.7 | The ID of the project who owns the Webhook and API call. |
| X-Appwrite-Webhook-Signature version >= 0.15.0 | The HMAC-SHA1 signature of the payload. This is used to verify the authenticity of the payload. |
| User-Agent | Each request made by Appwrite will be 'Appwrite-Server'. |
Verification
Webhooks can be verified by using the X-Appwrite-Webhook-Signature header. This is the HMAC-SHA1 signature of the payload. You can find the signature key in your webhooks properties in the dashboard. To generate this hash you append the payload to the end of webhook URL (make sure there are no spaces in between) and then use the HMAC-SHA1 algorithm to generate the signature. After you've generated the signature, compare it to the "X-Appwrite-Webhook-Signature" header value. If they match, the payload is valid and you can trust it came from your Appwrite instance.
Events
Appwrite has events that fire when a resource changes. These events cover all Appwrite resources and can reflect create, update, and delete actions. You can specify one or many events to subscribe to with webhooks.