Overview
Boxme provides notification push subscription for developers to receive notification in a timely manner. Developers need to provide a callback url. When the business scenario meets the conditions for message triggering, Boxme will process the message and distribute it to the webhook Url configured by the app that meets the conditions.
How to set up webhook
Push Authorization
To prevent cyberattacks, we have provided an authorization signature for each Push request, which can be located in the Authorization field of the HTTP request header. With this, you can identify Boxme's authorization information.
This step is technically optional, but we strongly recommend that developers use the following steps to validate the request to generate the authorization signature, ensuring that it matches the authorization signature generated from the Push request. Here's how you can generate the signature:
Example of Boxme's request headers:
Authorization: WEBHOOK_TOKEN
Monitoring
Testing webhooks
You can test your webhook configuration, or view the webhook payload, by triggering the webhook. You can trigger webhooks in the following ways:
- By performing the related action in Boxme account.
Retry Rules
Developers are required to provide a proper response to declare having received the notification successfully. Please return http header code 200 within 3 seconds for each notification, otherwise retries will be triggered as the follows:
| Retry Times | Trigger Point |
|---|---|
| 1st Retry | 2 minutes after the initial push failure |
| 2nd Retry | 30 minutes after the 1st retry failure |
| 3rd Retry | 3 hours after the 2nd retry failure No further attempt will be made after the 4th retry failure |
Note: You need to rely on the request_id to check for the duplicate data before processing.