Outbound Webhooks
Configure an Outbound Webhook URL to post events such as incoming messages from customers, incoming call events, and/or status receipts for your outbound messages
Outbound Webhooks can be used to forward the following events or messages to your applications or systems:
- Status receipts for the outbound messages sent using Webex Connect (E.g., Submitted, Failed, Delivered, etc. subject to channel specific capabilities.)
- Incoming calls and messages from customers across channels
- Incoming call events
Note
We only support HTTPs URLs. We make a test call to the configured URL and expect a standard 200 HTTP Response before you can save your configuration.
All notifications will be delivered by making POST requests.
SHA256 and SHA512 support
With the v5.6.0 release we have added support for SHA256 and SHA512 signatures while setting up outbound webhooks. SHA1 signature option that was earlier available is no longer supported and cannot be used for new outbound webhook configurations.
Note
The SHA-1 feature is no longer supported for new configurations. The feature will work as is for the existing configurations.
Configuring Outbound Webhooks at a Service Level
To configure an outbound webhook for a given service on Webex Connect platform, perform the following steps:
- Navigate to Assets > Integrations.
Integrations in Assets Menu
- Click Add Integration > Outbound Webhook.
Create Outbound Webhook
- Enter/select details like Name, Entity, Endpoint Configuration.
- Name - the name that you want to use for your outbound webhook configuration
- Entity - the Service to which you want to associate your outbound webhook
- URL - the URL at which the Webex Connect platform notifies your application of incoming events and messages.
- Which Notifications Do You Want To Receive - select the required notification you want to receive for the Outbound Webhook.
Outbound Webhook Configuration
Note
For Email Channel, the events marked with Asterisk are applicable only if 'Email via AWS SES' is the selected route.
- Enable Hub Signature (Optional Configuration) - The value of the hub secret is used as the key to creating a signature of the notification data and is sent along with the notification, which can then be verified by the receiving server. The signature is the hexadecimal (40-byte) representation of the signature computed using the HMAC algorithm selected during configuration (E.g., one of SHA256 or SHA 512) as defined in RFC2104. When enabled, you will receive an additional header called x-hub-signature.
- When you select a phone number from the Entity drop-down and select Incoming Message, the Forward to SMPP checkbox becomes visible if you don't select Enable Hub Signature. When you select the Forward to SMPP checkbox you also need to select a value from Select ESME Bind ID drop-down list.
- Click Save.
Configuring Outbound Webhook at Apps Level
To configure an outbound webhook for a given app on Webex Connect platform, perform the following steps:
- Click Add Integration > Outbound Webhook.
- Enter Name for your outbound webhook configuration.
- Select Entity to which you want to associate your outbound webhook at App level. It must be an In-App app asset.
- Select the checkboxes for the notifications you want to receive.
- Click Save.
How to use Outbound Webhooks to forward delivery receipts
To receive delivery receipts for your outbound messages:
- Select a service from the Entity dropdown
- Select the outbound channel for which you want to receive the delivery receipts
- Select the receipt types you want the notifications for. Please note that different channels offer different kinds of receipts.
The below table shows which notifications are available for each channel supported by Webex Connect. By default, none of the notifications are selected. You must explicitly select the required notifications channel-wise.
| Channel | Applicable Delivery Status |
|---|---|
| SMS | Submitted Delivered Undelivered Failed Clicked |
| Voice | Offered Accepted Answered Dropped Rejected Released Disconnected Trombone Connect Trombone Releas |
| MMS | Submitted Delivered Failed |
| Messenger | Submitted Delivered Failed Read |
| In-App Messaging / Live Chat | Submitted Delivered Read Failed Clicked |
| Submitted Delivered Read Failed | |
| Push | Submitted Delivered Read Failed |
| Submitted Delivered Not verified Invalid Bounced Complaint Failed Read Clicked Note: Delivered, Not verified, Invalid, Bounced, Complaint, Read, and Clicked events are only available if Email via AWS SES is the selected route. | |
| Apple Messages for Business | Submitted |
| RCS | Submitted Delivered Read Failed |
| Read Submitted Failed | |
| Google Business Messages | Submitted Delivered Read Failed |
Sample Payloads for Outbound Message Status and Incoming Messages
Sample Payloads
For Information related to the sample payloads, refer to the section Outbound Webhooks in the API Reference documentation. Please note that the payloads vary for each message type, each event type, and each channel. Also, enhancements are made to these payloads overtime as new message types or events are added and/or existing ones are updated or deprecated. Please keep your application at the receiving end flexible to avoid any impact when such changes are made.
Error Codes
Error Codes
For Information related to the common and channel-specific error codes, refer to the section Channel Specific Status Codes in the API Reference documentation.
Adding Authorization at Service Level
To add a new authorization, follow the below steps:
- Navigate to Assets → Integrations.
- Click Add Authorization.
- Enter a name for the authorization.
- Select the Type of authorization and configure the details.vYou must configure the following parameters based on the authorization type:
- No Auth – select this type when you do not need an authorization
- Basic Auth – select this type when you need to do an authorization using username and password
| Field | Description |
|---|---|
| Username/Password | Login credentials that you want to use for authentication. |
| Parameter value | This is applicable if the parameter is static. Provide value. |
c. Digest Auth - select this option when you need to validate the user identity before sending any sensitive information like online banking transactional details. In this type of authorization, a network server receives the request from a user and then sends it to a domain controller. The domain controller responds with a special session key.
| Field | Description |
|---|---|
| Username | Username to authenticate the request |
| Realm | String from the server within the www-Authenticate response header |
| Password | The password to authenticate the request |
| Nonce | Unique string from the server within the www-Authenticate response header |
| Algorithm | String that indicates a pair of algorithms used to produce the digest and a checksum |
| QOP | The quality of protection applied to the message. The value must be one of the alternatives specified by the server in the www-Authenticate response header. |
| Nonce Count | The hexadecimal count of the number of requests (including the current request) that the client has sent with the nonce value in this request.You must specify the count only if a QOP directive is sent in the www-Authenticate response header. |
| Client Nonce | An opaque quoted string value provided by the client. This value is used by both client and server to avoid chosen plaintext attacks, provide mutual authentication, and message integrity protection.You must specify the count only if a QOP directive is sent in the www-Authenticate response header. |
| Opaque | A string specified by the server in the www-Authenticate response header. Use this string as is with URLs in the same protection space. Webex Connect recommends that this string be base64 encoded data. |
d. AWS Signature - select this option when you want to use the Amazon Work Services workflow for authorization. You must use a custom HTTP scheme based on a keyed-HMAC (Hash Message Authentication Code) for authentication.
| Field | Description |
|---|---|
| Access_Key | Unique access key for an account used to send the request. |
| Secret_Key | The unique secret key for an account used to send the request. |
| Region | The region that receives the request. |
| Service_Name | Service that receives the request. |
e. API Key - Enter the Key and Key Value.
f. OAuth 2.0 – is a well-adopted delegated authorization framework. Supports two different grant types for OAuth 2.0.
- Authorization code - server issues the token in the context of a user.
- Client credentials - grant type is used to obtain an access token outside of the context of a user.
| Field | Description |
|---|---|
| Consumer ID | Unique identifier of the consumer obtained during the registration process |
| Grant Type | Type of authentication - Authorization Code or Client Credentials. Its selection depends on the grant type offered by the API. |
| Client ID (Client Credentials only) | Unique identifier of the client obtained from the platform through which the authorization is done. |
| Client Secret (Client Credentials only) | The unique secret of the client obtained from the platform through which the authorization is done. |
| Consumer ID (Authorization Code only) | Unique identifier of the consumer obtained during the registration process. |
| Consumer Secret (Authorization Code only) | The unique secret of the consumer obtained during the registration process. |
| Call Back URL (Authorization Code only) | Webex Connect callback URL will be used during the registration process at the authorization provider’s end. Note: The callback URL is not accessible from a web browser. You need to test it using the custom node only. |
| Authorization URL (Authorization Code only) | Endpoint for authorization server, which retrieves the authorization code must be provided by the authorization provider. |
| Scope | Scope of the access request (multiple space-separated values). This is optional. |
| Access Token URL | Endpoint for the resource server, which exchanges the authorization code for an access token |
| Access token has a limited validity | Specifies if the token has a limited validity and must be provided by the authorization provider. |
| Validity | Validity of the token. |
| Refresh URL Token | It should be provided by the authorization provider. It ensures smooth functioning of authorization in the case provided access token has limited validity. |
| Advance Settings | Toggle button that allows you to enable or disable advanced settings. |
| Access Token URL Method | An additional method for the access token. |
| Access Token URL Parameter type | Type of access token URL parameter – Body or URL. |
| Access Token URL Headers | Additional URL header parameters for the access token |
| Get Access Token | Button to retrieve the access token |
| Access Token | Displays the refresh token |
| Refresh Token | Displays the refresh token |
| Client Authentication | Value of Client Authentication is defined by the authorization provider’s API. Send client credentials in body is selected by default. |
| Validity | The validity of the token |
- Click Save.
The created authorization will be displayed in the list of authorizations which you can associate with an integration while enabling authorization for that integration.
Updated 1 day ago