Webhook Java SDK Integration
To integrate using the Java SDK please use the latest version available on Maven Central.
Pre-Requisite
- Yapily Application Id
- Yapily Application Secret
How to get the Application Id
and Application Secret
please read the Integration Setup(API Authentication)
Add SDK Dependency
Add the SDK as a dependency to your project
Maven
<dependency>
<groupId>com.yapily.sdk.webhook</groupId>
<artifactId>webhook-sdk</artifactId>
<version>${yapily.webhook.sdk.version}</version>
</dependency>
Gradle
implementation group: 'com.yapily.sdk.webhook', name: 'webhook-sdk', version: $yapilyWebhookSdkVersion
Create Webhook Client
var webhookClient = WebhookClient.newClient(applicationId, applicationSecret);
Retrieve Event Categories
This call will give you all available categories for possible for registering a webhook
GetAllCategoryResponse response = webhookClient.getWebhookEventsCategories();
Registering a Webhook
CreateWebhookResponse response = WebhookClient.registerWebhook(createRequestPayload);
Extracting webhook secret
using the response from registering a webhook we can extract the webhook secret
var webhookSecret = response.data().webhookSecret();
note
This is the only API call that would display the webhook secret, you will not be able to retrieve the secret using the API after registration call, please store it if you want to use the webhook signature validation feature
Retrieve registered webhooks
RetrieveAllWebhooksResponse response = webhookClient.retrieveAllWebhooks();
Resetting webhook secret
ResetWebhookSecretResponse response = webhookClient.webhookSecretReset(webhookId);
Deleting a webhook
RemoveWebhookResponse response = webhookClient.removeWebhook(webhookId);
Validating an event signature
All payloads are being signed using HMAC algorithm HmacSHA256
, when receiving an event do the following:
-
Use the saved
webhookSecret
provided to you during webhook registration or key rotation to generate the hash - The payload received should be read and processed in String format
- Use the SDK to validate the signature and map the event
try {
EventHandler eventHandler = new EventHandler(webhookSecret)
WebhookEvent event = eventHandler.process(eventPaylodString, requestHeadersMap);
} catch(InvalidInputException e) {
// thrown when required headers are missing
} catch(InvalidSignatureException e) {
// thrown when signature validation fails
}
note
Do not map the event to any structure that may affect the order or structure of the payload before generating the signature, read the event as a string and pass it to the SDK