Configuring the Webhook

The most important field you need to enter is the webhook URL - this is the remote server address you want to ping when the trigger entity/event condition is met.

As well as the URL, you also have the option to set up any number of custom headers in the request. These would most often be used for authentication against the remote API, for example: Authorization: Bearer 238ujdfnd8gudjfdnfg

Built-In Headers

Note that Pakk, by default and without you having to specify them, will send a number of additional headers with the request:

• User-Agent: Pakk-Webhook-Tester

• X-Pakk-WebhookID: xxxxxxxxxxxxxxxxxxxxxxxxx (actually sends the unique ID of the webhook)

• X-Pakk-Webhook-TriggerEvent: Create/Edit

• X-Pakk-Webhook-TriggerEntity: entityName

• X-Pakk-Webhook-Signature: xxxxxxxxxxxxxxxxxxxxx (sends the verification signature)

You can use the X-Pakk-WebhookID as a simple method to secure the API endpoint on the remote server since the webhook unique identifier won't be known to any external systems and so functions as a quasi API key. If you ever need to 'revoke' the key, you can simple inactivate that webhook, duplicate it, and you'll have a new one with a different ID.

We recommend, however, that you implement webhook signature verification on your server, if you have code control over the endpoint.