| ID | NFR-2006 |
|---|---|
| Name | Keelvar WebHook Registration and Orchestration |
| Author | Richard McArthur ( richard.mcarthur-ext@syensqo.com ) |
| Approver | Sascha Wenninger ( sascha.wenninger-ext@syensqo.com ) |
Summary
Several single execute processes need to be processed before Keelvar is able to communicate effectively with SAP CI, because of the single execution nature of these calls (for registration) they are being considered as technical configuration but doesn't form part of official configuration documents as they are required only by the Syensqo integration build to facilitate integration.
Description and Technical Details
Webhook registration overview
Sample Request
{
"url": "https://dev-api.syensqo.com/status",
"name": "AwardFeed",
"description": "All WebHook SCPI DEV",
"triggers": [
"AWARD_FEED_UPDATED","JOB_UPDATED","SOURCING_EVENTS_FEED_UPDATED"
],
"signing_alg": "HMAC_SHA256",
"signing_key": "tEnAvVNFx4YYTnAimo1ABwtfGNyndEM7yZwh8BZ4BrI="
}
Sample Request Breakdown
Elements of the registration URL
| JSON Component | Value | Context | Comments |
|---|---|---|---|
| url | https://dev-api.syensqo.com/status | APIM endpoint and entry point into Syensqo Integration Landscape | This endpoint is exposed with no traditional Authentication |
| name | AwardFeed | Unique identifier in Keelvar | Simple descriptive name for labeling purpose only |
| description | All WebHook SCPI DEV | More information on the individual webhook | Simple description can be blank |
triggers | AWARD_FEED_UPDATED","JOB_UPDATED","SOURCING_EVENTS_FEED_UPDATED | Registration of "WHEN" this hook will be triggered in Keelvar | Keelvar triggering events |
signing_alg | HMAC_SHA256 | signing algorithum | |
signing_key | tEnAvVNFx4YYTnAimo1ABwtfGNyndEM7yZwh8BZ4BrI= | Initial "seeding" of signing key → this is not the actual signing key | real signing key is returned in the response from Keelvar |
Sample Response from Keelvar
{
"uuid": "e8309c18-4437-45d7-bc8c-0bbe137db54e",
"name": "AwardFeed",
"description": "All WebHook SCPI DEV",
"url": "https://dev-api.syensqo.com/status",
"triggers": [
"AWARD_FEED_UPDATED",
"JOB_UPDATED",
"SOURCING_EVENTS_FEED_UPDATED"
],
"signing_alg": "HMAC_SHA256",
"signing_key": "0006f99f3e831ae640596b119d85c3f097620c147296c8d2d2f1a022348ec621"
}
Sample Response Breakdown
| JSON Component | Value | Context | Comments |
|---|---|---|---|
| uudi | e8309c18-4437-45d7-bc8c-0bbe137db54e | Keelvar UUID of registered webhook | Used for other operations like delete |
name | AwardFeed | confirmation | |
description | All WebHook SCPI DEV | confirmation | |
url | https://dev-api.syensqo.com/status | confirmation | |
triggers | "AWARD_FEED_UPDATED", "JOB_UPDATED", "SOURCING_EVENTS_FEED_UPDATED" | trigger confirmation | |
signing_alg | HMAC_SHA256 | confirmation | |
signing_key | 0006f99f3e831ae640596b119d85c3f097620c147296c8d2d2f1a022348ec621 | actual signing key that will be used moving forward for messages propogated by this webhook | This will be used to decrypt all future inbound webhook traffic to confirm it is legitimate |
Final usage of resulting registration
The returned signing key is stored in APIM for verification of future traffic - as this is an open service on the internet this verification step is crucial to secure operation.
Additional services against webhooks
Delete
Note - HTTP Verb (DELETE) and the URL is pathed to the UUID of the webhook
List
Note - HTTP Verb (GET), Results returned are similar to original registration response but WITHOUT the signing key
