About Webhooks
Learn the basics of how webhooks work to help you build and set up integrations.
Webhooks are a way to configure Forumbee to connect with other apps and send a notification automatically when something new happens. When an event occurs in Forumbee, it summarizes the data about that event and sends it to a webhook URL that you specify.
You can use tools such as Zapier, IFTTT, or your own custom app to receive webhooks and configure integrations between Forumbee and other apps. Examples of webhook integrations:
- When a new member joins your community, add them as a lead in your CRM.
- When someone RSVPs to an event in your community, add them to a Google Sheet or Airtable.
- When a new idea is submitted by a customer in your community, add it to a Trello board.
Setting up a webhook
To set up a webhook, go to Admin > Integrations > Webhooks and click Add new Webhook.
Enter a short name for the webhook.
Enter the webhook request endpoint URL. This is the URL of the server that will receive the webhook notifications which are sent as POST requests. The endpoint URL can be a webhook service such as Zapier, IFTTT, or Pipedream; or your own custom app. For this example, we are going to use Pipedream as the endpoint URL.
Click Save.
Click Add event.
From the Events menu, select an event. Certain events involving category activity also provide the option to select a specific category.
Optionally, you can add more than one event. Any events that you specify here will automatically be sent as they happen to your endpoint URL.
Finally, slide the Status toggle to ON.
That’s it! Your webhook has been successfully configured. You can test it by performing the event and seeing that the data (payload) is sent to your endpoint URL.
Here is the webhook data sent to Pipedream from our example:
Events available as webhooks
The following events can trigger the sending of a webhook:
Topic Events
- Topic Posted
- Topic Updated
- Topic Scheduled
- Topic Removed
- Topic Restored
- Topic Liked
- Topic Event Rsvp
- Topic Any (triggered with any topic event from this list)
Topic Draft Events
- Topic Draft Created
- Topic Draft Updated
- Topic Draft Published
- Topic Draft Any (triggered with any topic draft event from this list)
Reply Events
- Reply Posted
- Reply Updated
- Reply Removed
- Reply Restored
- Reply Liked
- Reply Any (triggered with any reply event from this list)
Post Events
Posts include both topics and replies.
- Post Posted
- Post Updated
- Post Removed
- Post Restored
- Post Liked
- Post Status Changed
- Post Require Approval
- Post Flagged by User
- Post Flagged as Spam
- Post Any (triggered with any post event from this list)
Member Events
- Member Signup
- Member Login
- Member Requested Access
- Member Updated Profile
- Member Completed Custom Fields
- Member Unsubscribed
- Member Stopped Notifications
- Member Restarted Notifications
- Member Followed Category
- Member Unfollowed Category
- Member Followed Member
- Member Unfollowed Member
- Member Followed Topic
- Member Unfollowed Topic
- Member Followed Tag
- Member Unfollowed Tag
- Member Any (triggered with any member event from this list)
Admin Events
- Admin Removed Member
- Admin Restored Member
- Admin Deleted Member
- Admin Approved Member Access Request
- Admin Rejected Member Access Request
- Admin Any (triggered with any admin event from this list)
Securing your webhooks
Each webhook endpoint you create in Forumbee includes a Signing Secret. The Signing Secret allows you to verify that events and data sent to the endpoint URL are from Forumbee.
Under your webhook endpoint, click reveal to show the full signing secret.
Forumbee uses this Signing Secret combined with the JSON data to create a hash signature with each payload. Forumbee uses an HMAC-SHA256 hexdigest to compute the hash. The hash signature is passed along with each webhook request in the headers as “x-webhook-signature”.
You can use this to validate the data is from Forumbee. To validate, compute a hash using your Signing Secret and the webhook JSON data. Then compare to the hash in the “x-webhook-signature” header to ensure it matches.
A third-party online test tool is available for testing the creation of the HMAC-256 digest:
https://www.freeformatter.com/hmac-generator.html
To use the test tool:
- Paste the body of the webhook JSON message.
- Enter your Signing Secret into the Secret Key field.
- Select SHA256 from the menu.
- Click ‘Compute HMAC’.
- Check that the value generated matches the value in the “x-webhook-signature” header.