Webhooks
Receiving webhooks from the GraphQL API
Depending on your use case for the GraphQL API you may wish to have your application notified when data has been updated or a certain event occurs within the Ideavate platform.
We support these notifications in the form of webhook POST requests to your application.
We have harnessed the power and flexibility of GraphQL and provide a mechanism whereby you can choose which exact information you want to receive in the notification.
The process within the platform is as follows:
Trigger is fired within Ideavate platform
The platform makes a GraphQL query on your behalf
The platform POSTs the GraphQL response to your server
This way you can choose to receive as much or as little information as you require.
Triggers
Webhooks are triggered when a particular action occurs on an entity in the Ideavate platform.
The triggers are named using the convention . e.g. when a User is added a UserAdded trigger occurs.
Available triggers include:
User
Added
UserAdded
User
Deleted
UserDeleted
Account
Updated
AccountAdded
Document
Added
DocumentAdded
ToDo
Added
ToDoAdded
ToDo
Done
ToDoDone
EnergySwitch
Added
EnergySwitchAdded
EnergySwitch
Updated
EnergySwitchUpdated
We can enable triggers for most entities and actions so if the one you want isn't in the above table then let us know and we will enable it for you.
Request format
Requests are made as HTTP POST with an application/json body. The JSON body will contain the following properties:
webhook.id
string
A unique ID for this webhook request. Can be used for deduplication.
webhook.trigger
string of trigger name
The trigger that caused this webhook request.
webhook.date
string of ISO8601 date time
The date when the webhook was triggered.
query.api
string
The GraphQL endpoint that the query was executed against.
query.query
string
The GraphQL query that was executed.
query.variables
object
The GraphQL variables used in the query.
data
object
The GraphQL response itself. The structure will depend on the configured query. Please refer to the main Data Model documentation.
A sample request made after an energy switch is triggered is as follows:
The HMAC-SHA1 shared secret used for this example request was sharedSecret.
JSON formatting
For readability the JSON body of this request has been pretty formatted. For real requests the ordering and whitespace are not guaranteed.
Verifying requests
You should validate that the POST requests you receive are genuine requests from the Ideavate platform.
To do so, it is recommended that you make use of the request signing feature. When enabled, the JSON body of the request will be signed using a shared key. The hex encoded HMAC-SHA1 is placed in the X-Signature HTTP request header.
On receipt of a request you should then calculate the HMAC-SHA1 for the received request body using the shared key, and compare it to the one given in the X-Signature header.
Expected response
Your server is expected to return an HTTP 200 response within 30 seconds (lower timeouts can be configured if you wish).
Requests returning a non-200 response will be retried for 72 hours before permanently failing.
Provisioning webhooks
We will need the following information to get the webhook provisioned in the platform:
Triggers to receive requests for
You can have different queries for each trigger, or have a common query.
HTTPS URL to receive POST request
This must be an HTTPS endpoint with a certificate from a commonly trusted Certificate Authority. The URL can contain query parameters if needed.
GraphQL query to be executed
See recommended queries below.
Shared key for HMAC-SHA1 signature
Recommended.
Recommended queries
EnergySwitch
Full details of a new switch:
Minimal details of a switch where you plan to make GraphQL requests to lookup more details:
Updated switch with latest commission status:
Last updated