Payload

Cada payload de evento es un objeto JSON con propiedades de objetos event y data. El objeto event contiene el evento, y la propiedad data contiene una representación del recurso en el momento en que se emitió el evento.

Eventos Soportados

Payloads de Eventos

incident.created
incident.updated
incident.mitigated
incident.resolved
incident.cancelled
incident.deleted

incident.scheduled.created
incident.scheduled.updated
incident.scheduled.in\_progress
incident.scheduled.completed
incident.scheduled.deleted

incident\_post\_mortem.created
incident\_post\_mortem.updated
incident\_post\_mortem.published
incident\_post\_mortem.deleted

alert.created
pulse.created

Verificación de Webhooks

Cada solicitud HTTP de webhook incluye un encabezado X-Rootly-Signature, utilizado para verificar que la solicitud provino de Rootly. El encabezado de firma contiene una marca de tiempo con el prefijo t= y una firma con el prefijo v= .

Text
X-Rootly-Signature:
t=1492774588,
v1=6657a869e8ecebeda32affa62cdca3fa51cad7e77a0e56ff536d0ce8e108d8bd

Para verificar la solicitud, concatena la marca de tiempo con el cuerpo de la solicitud y genera un resumen HMAC SHA256 utilizando el secreto del webhook disponible en la configuración del webhook. El resumen HMAC debe coincidir con la firma proporcionada.

Ruby
require 'openssl'

# Assuming 'request' is an object representing the incoming HTTP request
header = request.headers['X-Rootly-Signature']
parts = header.split(',')
timestamp = parts[0].split('t=').last
signature = parts[1].split('v1=').last
secret = 'webhook secret'

# Reading the request body
request_body = request.body

# Create a signature using HMAC SHA256
expected_signature = OpenSSL::HMAC.hexdigest('SHA256', secret, timestamp + request_body)

# Compare the computed signature with the received signature
is_valid = expected_signature == signature
Python
import hmac
import hashlib

header = request.headers['X-Rootly-Signature']
parts = header.split(',')
timestamp = parts[0].split('t=')[1]
signature = parts[1].split('v1=')[1]
secret = "webhook secret"

# Reading the request body
request_body = request.data  # or request.body depending on the framework

# Create a signature using HMAC SHA256
expected_signature = hmac.new(
    key=secret.encode(), 
    msg=(timestamp + request_body).encode(), 
    digestmod=hashlib.sha256
).hexdigest()

# Compare the computed signature with the received signature
is_valid = expected_signature == signature
JS
const crypto = require('crypto');

// Assuming 'request' is an object representing the incoming request
const header = request.headers['x-rootly-signature'];
const parts = header.split(',');
const timestamp = parts[0].split('t=')[1];
const signature = parts[1].split('v1=')[1];
const secret = "webhook secret";

// Reading the request body
// Ensure that the request body is raw or a string
const request_body = request.body; 

// Create a HMAC SHA256 signature
const expectedSignature = crypto.createHmac('sha256', secret)
                                 .update(timestamp + request_body)
                                 .digest('hex');

// Compare the computed signature with the received signature
const isValid = expectedSignature === signature;