Comment on page
Webhooks
Configure webhooks for events that occur in the platform. This page covers platform events
To enable webhooks, you can configure
WEBHOOK_URL
and WEBHOOK_SECRET
environment variables and you will start receiving the following events.Triggered whenever a user registration is successful.
user_id
: The unique identifier of the registered user.user_email
: The email address of the registered user.
Sample Payload:
{
"version": 1,
"event": "USER_REGISTER_SUCCESS",
"payload": {
"user_id": "1234abcd",
"user_email": "[email protected]"
}
}
Triggered when graph migration is initiated.
actor_id
(optional): The identifier of the actor initializing the migrationSample Payload:
{
"version": 1,
"event": "APOLLO_MIGRATE_INIT",
"payload": {
"actor_id": "user5678"
}
}
Triggered when graph migration succeeds.
federated_graph
: An object representing the federated graph details.id
: The unique identifier for the federated graph.name
: The name of the federated graph.
actor_id
(optional): The identifier of the actor initializing the migration.
Sample Payload:
{
"version": 1,
"event": "GRAPH_MIGRATE_SUCCESS",
"payload": {
"federated_graph": {
"id": "graph123",
"name": "MainGraph"
},
"actor_id": "user5678"
}
}
To ensure the webhook data is coming from a trusted source and hasn't been tampered with during transit, we employ HMAC signatures. When setting up a webhook, you provide a secret. This secret is used to compute a signature that is sent along with each webhook request.
The header containing this signature is
X-Cosmo-Signature-256
.To verify the webhook request, you need to compute the HMAC signature on your server and compare it to the signature in the
X-Cosmo-Signature-256
header.Here's an example in Node.js:
import crypto from 'crypto';
function verifySignature(body, receivedSignature, secret) {
const computedSignature = crypto
.createHmac('sha256', secret)
.update(body)
.digest('hex');
return computedSignature === receivedSignature;
}
// Usage:
const isVerified = verifySignature(JSON.stringify(req.body), req.headers['x-cosmo-signature-256'], YOUR_SECRET);
Last modified 2mo ago