Get up to speed on handling events from push subscriptions
POST
request from Sailhouse when you send an event to a topic. They’re great for serverless applications, hosted on platforms like Netlify, Vercel, Cloudflare or Google Cloud Run.
POST
request to the endpoint specified in the subscription. In the screenshot above, you can see this defined as https://api.acme.dev/api/send-welcome/email
.
The data of your event is sent within the body, alongside some additional headers.
Sailhouse-Signature
- HMAC signature to verify the request authenticity and prevent replay attacksidentifier
- Checksum combining the event ID, subscription and time sent - globally unique for your applicationevent-id
- ID of the eventSailhouse-Signature
header using HMAC-SHA256. This provides cryptographic proof that the webhook came from Sailhouse and prevents replay attacks.
Sailhouse-Signature
header contains a timestamp and signature in this format:
<timestamp>.<request_body>
identifer
header passed contains a checksum built up of the following data.
atleast-once
. This identifier
header value can be used to check if you have processed this event for this subscription before.
You should use this value over the event-id
header, as that value is the same across all subscriptions for a topic.