Webhooks

Webhooks are automatic notifications via HTTP that are triggered by an event in an application. They enable the immediate transfer of data to other systems without the need for constant polling, and are well suited for integrations and workflow automation.

As an administrator, go to the settings of your account. Under the menu item “Webhooks” you will find the list of webhooks that have already been stored and the option to add new ones.

Create new webhooks:

To create a new webhook, please click on the “Create Webhook” menu item. In the following, you can give the webhook any name you like. This is only for your reference and has no further influence on the actual webhook.

Next, please specify for which category you want to receive the corresponding events.

Example:

  • Single category: webinar.created → A webinar was created
  • Multiple categories: webinar.created, webinar.deleted → Webinar created & deleted
  • Wildcard categories: webinar.* → includes for example webinar.created, webinar.updated, webinar.deleted

To finalize the webhook setup, you need to add the address of the HTTP endpoint below and save the settings.

Webhooks are sent serialized as JSON. You can find more information about JavaScript Object Notation in this Wikipedia article.

In the webhook overview, you can directly see if there were any errors in the delivery of individual webhooks.

Failed webhooks are retried for up to 24 hours. Retries are delayed exponentially:

  • First delivery: Immediate
  • Second: After two seconds
  • Third: After four seconds
  • Fourth: After eight seconds
  • Fifth: After 16 seconds
  • etc.
  • 17th delivery: After 24 hours

You can find further details about failed deliveries by selecting the corresponding webhook. There you also have the option to manually trigger the delivery again.

Urgent security notice:

Webhooks can be sent by anyone. To ensure that edudip is the sender, you must verify the signature. We use ECDSA to sign the data in the payload.

  • Each webhook request contains the following relevant HTTP headers:
    • X-Edudip-Signature-Algorithm: The algorithm that was used for the signature (e.g., SHA256).
    • X-Edudip-Signature: The actual signature of the payload, which is needed for verification.
  • To verify the signature:
    • Download the public key that belongs to our private key. We provide this public key.
    • Hash the payload of the webhook with the algorithm from the X-Edudip-Signature-Algorithm header to get the payload hash.
    • Use the public key to compare the received signature (X-Edudip-Signature) with the hashed payload.

      Click here to download the Public Key