YouCanREST Hooks
Introduction
What’s REST Hooks?
REST Hooks itself is not a specification, it’s a collection of patterns that treat webhooks like subscriptions. the rest hook subscription are (created, updated or deleted) using a REST API.
With REST Hooks, the rest api is able to communicate with order apps in real time, via webhooks, without a complicated setup.
The REST Hooks pattern has four basic requirements
- Mechanism to store subscriptions
- Mechanism to modify subscriptions via API
- List of event types & implementation of events
- Mechanism to send hooks
Available events
| Event | Description |
|---|---|
order.create | Subscription to all events of creating a new order. |
inventory.low | Subscription to all events who supposed to increment or decrement a product inventory. |
upsell.accept | Subscription to event when customer accepts upsell. |
YouCan Signature
REST Hook events hold a header paremeter under the name x-youcan-signature.
The signature is an hmac hash of the response payload, the hashing algorithm used is sha256 while signing key is the OAuth Client secret key. (The OAuth Client that's being in use while creating the event).
Example of validating the signature on PHP:
function isValidYouCanSignature(string $signature, array $payload, string $signingKey): bool
{
$expectedSignature = hash_hmac(
'sha256', // Hashing Algorithm
json_encode($payload), // Response Payload
$signingKey // OAuth Client Secret Key
);
return hash_equals($expectedSignature, $signature);
}Retry Policy
In case of a failure while pushing a REST Hook event, a retry policy in place that covers retry pushing the event 3 times in a delay of 1 second for each (with a max delay of 2.5 seconds).