Logs, Validation and Testing of Webhooks

Interactive Guide

Webhook logs

A log is created for each request to the webhook URL. The logs for all webhooks can be accessed from the webhook list page.

Webhook Log fields

This section lists all the fields displayed in the webhook logs table.

Webhook Log Details

For each webhook log, you can view detailed information about the log. This includes more information about the request sent and the response received from your URL.

Webhook retries

If we receive an HTTP 200 response from your webhook URL, we consider the webhook successful. If your application returns any other response, we mark the webhook as failed and will resend the same payload.

We will attempt to send the webhook up to 3 times. If we receive a non-HTTP 200 response code or experience a timeout (3 seconds or more) three times, we consider the webhook failed and will not resend that particular event.

We do not disable webhooks due to a few failures. We will only disable them if you remove the URL from your webhook configuration

VALIDATING AND TESTING A WEBHOOK

Validating a Webhook Event

Aiwifi uses the secret token to generate a hash signature with each payload. A hash signature is calculated using HMAC with SHA256 algorithm; with your webhook secret as the key and the webhook request body as the message. This hash signature is included with the headers of each request as Aiwifi-Signature.

Signature of the request

To confirm the information comes from Aiwifi, you can use any modern language to compute HMAC hashes: Node, PHP, Python, etc. In general, they provide a method to generate an encrypted value through a key using the HMAC algorithm.

You will need the payload which is the body of the POST request that you received. This is a JSON representation of an event. And secret-key which is the key provided by Aiwifi for identification of the webhook URL configured in your brand.

This is an example for PHP

$hash = hash_hmac('sha256', $payload, $secret);

This is an example for Python

import hmac
import hashlib

hash = hmac.new(secret.encode('utf8'), payload.encode('utf8'), hashlib.sha256).digest()

This is an example for Node.js

const crypto = require("crypto");

const hash = crypto.createHmac('sha256', secret)
  .update(payload) // raw webhook request body
  .digest('hex');

You need to compare the resulting hash $signature with the hash received in the header named Aiwifi-Signature.

Testing a webhook

In the webhook list, you can see your created webhook configurations. Each configuration has a button to test the webhook event.

Click the Test button to check if your webhook URL is valid. The Aiwifi Platform will send an event to the webhook URL.

When you click on the Test Webhook button, a modal will appear, allowing you to select from a list of events that the Aiwifi Platform can test.

When choosing the event you want to test, click the Test URL button. The Aiwifi Platform will fire the event to your configured URL.

When Aiwifi fires a test event, you can see the event details, including the sent request and the received response.

The sent request represents the payload that Aiwifi sends in the event request to your URL. This payload varies depending on the event type. The response received represents the response that the Aiwifi Platform received from your configured URL.

Webhook testing events considerations

The Aiwifi platform tests the webhook URL sending an event, based on the following considerations:

We need five essential components for all three events to send testing events to the configured URL.

  • 1. Campaign: Aiwifi needs the brand to have at least one interest campaign type and one survey campaign type, for sending events guest.interests and surveyAnswer.created. Also, those campaigns must be active.
  • 2. Access Point: The brand needs to have at least one access point enabled and assigned to a location.
  • 3. Location: The brand needs to have one location active with an access point assigned.
  • 4. Guest: Aiwifi will use the last guest connected in your brand portal captive in the case at the moment to event test your brand doesn't have at least one guest connected, Aiwifi makes a fake guest to do the test.
  • 5. Device: In the same way Aiwifi needs a device assigned to the guest.

Was this article helpful?

Generic Payload and Event Details
Webhook Setup and Configuration