Weebhooks

What is a Webhook?​

A webhook is a systemic notification service that allows asynchronous integration between systems, where one system notifies the other through a trigger. This way, webhooks can keep systems updated with the latest information without the need for constant polling for updates.

How to Configure the Webhook

To configure the webhook, the following information is required:

• Notification URL: This is the endpoint used by by Unico for notifications about status updates.

• Authentication Type: This is the authentication method used to invoke the endpoint. The following options are available:

  • OAuth2.

  • Basic Authorization.

  • API Key.

  • No authentication.

• For OAuth2, the following information needs to be provided:

  • Webhook endpoint.

  • OAuth2 provider URL.

  • OAuth2 provider ClientId.

  • OAuth2 provider Secret.

• For Basic Authorization, it is necessary to send in the format user:pass.

• For API Key, two formats are possible:

  • header:value, when a specific header name is desired.

  • value, when the desired header is Authorization.

• Retry Settings: Indicates the number of attempts in case of a failure in calling the endpoint:

  • Maximum number of attempts.

  • Interval between attempts (in seconds).

  • Rate Limit: Maximum number of simultaneous sends (maximum: 500).

  • Timeout: Maximum wait time for the endpoint's response (in seconds).

• Status to be Notified: Currently, the notification is sent whenever the state of a process changes to:

  • PROCESS_STATE_FINISHED: Process finished.

Integration with the Unico IDCloud Platform

When configuring a webhook on the platform, you can receive information about processes through notifications sent to an endpoint of the API developed by you to receive these updates.

The information sent by the platform to the API includes:

• processId: ID of the transaction.

• state: State of the transaction.

• flow: Flow of the transaction.

• lastEvent: Last event of the transaction (We only return this parameter if the process has expired).

• lastEventDescription: Description of the last event of the transaction (We only return this parameter if the process has expired).

Requests​

The request must be a POST method in a REST API, making it easier and more secure to send the information. All fields must be mandatory. The body of the request must accept the transaction ID and the status, as shown in the following example:

{
  "processId": "8263a268-5388-492a-bca2-28e1ff4a69f0",
  "state": "PROCESS_STATE_FINISHED",
  "flow": "id",
  "lastEvent":"EVENT_TYPE_PROCESS_CREATED",
  "lastEventDescription":"Process created"
}

The response should be synchronous. The status for successful requests must be in the range of 200 to 299. Any other status is considered a failure, and the platform will then retry the notifications (with exponential backoff between attempts), until receiving a 2xx response or reaching the maximum number of retries.

Points of attention

Fallback

In case of any unavailability in the webhook service, it is recommended to have a fallback method in place so that you can continue receiving transaction statuses within the established response time. The query to the endpoint is described in the GetProcess sections for each integration method.

Rate limit

In order to avoid overloading your resources in situations of high transaction volume, it is possible to specify an upper limit on the number of times the endpoint can be invoked.

Error rate

The error rate (responses outside the [200, 299] range) should always be low. Otherwise, the webhook throughput will be automatically reduced, and this reduction, along with the retry mechanism, may lead to an increase in the execution time of new webhooks.

Idempotency

The current webhook implementation guarantees at-least-once delivery, meaning the same status may be notified more than once. Therefore, the endpoint implementation must be idempotent.