Comment on page
Pushback endpoints are a configurable inbound endpoints on Revvin. They allow for a particular Saga to run whenever a given endpoint is called with a valid request. Parameters are passed to the Saga via HTTP Post.
A Pushback Endpoint can be set up either under a specific Site or more globally under a given Partner, allowing for highly configurable webhook and callback behavior.
The flow for a pushback endpoint is fairly simple, taking place in three distinct steps:
- 1.Request Received: The request is received at the given endpoint. This endpoint is configured during setup and will be unique to your pushback endpoint.
- 2.Credentials Verified: The security credentials are verified by the endpoint, matching against one of our allowed authentication methods. If the request is valid and authenticates it will proceed, otherwise it will return a 401 status.
- 3.Saga Triggered: The Saga attached to the Pushback Endpoint will trigger, allowing for system-wide, configurable behavior and the request will be marked as a success.
A security method is configured for each Pushback Endpoint. Currently the following security methods are supported:
A security method is required - posts with no security method are no permitted. Talk to Revvin about adding additional security methods to meet your needs.
- Basic Authentication: A request header titled
HTTP_AUTHORIZATIONshould have a Base64 encoded username and password set for it. The username and password are configurable.
- Token and Secret: Two headers should be passed, one with
HTTP_ACCESS_TOKEN, set to the token, and another with
HTTP_ACCESS_SECRET, set to the secret. The token and secret are configurable.
- Signature Header: A header with a configurable name (e.g.
PUSHBACK_SIGNATURE) is set to be a Sha256 digest of the Base64 encoded version of the Post body. The Sha256 secret is configurable.
Example code to generate a Signature Header header value:
// Example .NET Code to generate a signature header
// secret is the configurable shared secret
// message is the post body
var encoding = new System.Text.ASCIIEncoding();
byte keyByte = encoding.GetBytes(secret);
byte messageBytes = encoding.GetBytes(message);
using (var hmacsha256 = new HMACSHA256(keyByte))
byte hashmessage = hmacsha256.ComputeHash(messageBytes);
# Example Ruby Code to generate a signature header
# secret is the configurable shared secret
# message is the post body
digest = OpenSSL::Digest.new('sha256')
Base64.encode64(OpenSSL::HMAC.digest(digest, secret, message)).gsub("\n", "")