Comment on page

Pushback Endpoints

Pushback endpoints are a configurable inbound endpoints on Revvin. They allow for a particular Saga to run whenever a given endpoint is called with a valid request. Parameters are passed to the Saga via HTTP Post.
A Pushback Endpoint can be set up either under a specific Site or more globally under a given Partner, allowing for highly configurable webhook and callback behavior.

How Do Pushback Endpoints Work?

The flow for a pushback endpoint is fairly simple, taking place in three distinct steps:
  1. 1.
    Request Received: The request is received at the given endpoint. This endpoint is configured during setup and will be unique to your pushback endpoint.
  2. 2.
    Credentials Verified: The security credentials are verified by the endpoint, matching against one of our allowed authentication methods. If the request is valid and authenticates it will proceed, otherwise it will return a 401 status.
  3. 3.
    Saga Triggered: The Saga attached to the Pushback Endpoint will trigger, allowing for system-wide, configurable behavior and the request will be marked as a success.

Security Methods

A security method is configured for each Pushback Endpoint. Currently the following security methods are supported:
A security method is required - posts with no security method are no permitted. Talk to Revvin about adding additional security methods to meet your needs.
  • Basic Authentication: A request header titled HTTP_AUTHORIZATION should have a Base64 encoded username and password set for it. The username and password are configurable.
  • Token and Secret: Two headers should be passed, one with HTTP_ACCESS_TOKEN, set to the token, and another with HTTP_ACCESS_SECRET, set to the secret. The token and secret are configurable.
  • Signature Header: A header with a configurable name (e.g. PUSHBACK_SIGNATURE) is set to be a Sha256 digest of the Base64 encoded version of the Post body. The Sha256 secret is configurable.
Example code to generate a Signature Header header value:
// Example .NET Code to generate a signature header
// secret is the configurable shared secret
// message is the post body
var encoding = new System.Text.ASCIIEncoding();
byte[] keyByte = encoding.GetBytes(secret);
byte[] messageBytes = encoding.GetBytes(message);
using (var hmacsha256 = new HMACSHA256(keyByte))
byte[] hashmessage = hmacsha256.ComputeHash(messageBytes);
return Convert.ToBase64String(hashmessage);
# Example Ruby Code to generate a signature header
# secret is the configurable shared secret
# message is the post body
digest ='sha256')
Base64.encode64(OpenSSL::HMAC.digest(digest, secret, message)).gsub("\n", "")