Learn the basics of how webhooks work to help you build and set up integrations.
Webhooks are a way to configure Forumbee to connect with other apps and send a notification automatically when something new happens. When an event occurs in Forumbee, it summarizes the data about that event and sends it to a webhook URL that you specify.
- When a new member joins your community, add them as a lead in your CRM.
- When someone RSVPs to an event in your community, add them to a Google Sheet or Airtable.
- When a new idea is submitted by a customer in your community, add it to a Trello board.
Setting up a webhook
To set up a webhook, go to Admin > Integrations > Webhooks and click Add New Webhook.
Enter a short name for the webhook.
Enter the webhook request endpoint URL. This is the URL of the server that will receive the webhook notifications which are sent as POST requests. The endpoint URL can be a webhook service such as Zapier, IFTTT, or Pipedream; or your own custom app. For this example, we are going to use Pipedream as the endpoint URL.
Click Add event.
From the Events menu, select an event. Certain events involving category activity also provide the option to select a specific category.
Optionally, you can add more than one event. Any events that you specify here will automatically be sent as they happen to your endpoint URL.
Finally, slide the Status toggle to ON.
That’s it! Your webhook has been successfully configured. You can test it by performing the event and seeing that the data (payload) is sent to your endpoint URL.
Here is the webhook data sent to Pipedream from our example:
Securing your webhooks
Each webhook endpoint you create in Forumbee includes a Signing Secret. The Signing Secret allows you to verify that events and data sent to the endpoint URL are from Forumbee.
Under your webhook endpoint, click reveal to show the full signing secret.
Forumbee uses this Signing Secret combined with the JSON data to create a hash signature with each payload. Forumbee uses an HMAC-SHA256 hexdigest to compute the hash. The hash signature is passed along with each webhook request in the headers as “x-webhook-signature”.
You can use this to validate the data is from Forumbee. To validate, compute a hash using your Signing Secret and the webhook JSON data. Then compare to the hash in the “x-webhook-signature” header to ensure it matches.
A third-party online test tool is available for testing the creation of the HMAC-256 digest:
To use the test tool:
- Paste the body of the webhook JSON message.
- Enter your Signing Secret into the Secret Key field.
- Select SHA256 from the menu.
- Click ‘Compute HMAC’.
- Check that the value generated matches the value in the “x-webhook-signature” header.