Webhook Requests & Responses [Deprecated]
이 페이지의 내용
중요
타사 서비스 & 푸시 알림 사용 중단
App Services의 타사 서비스 및 푸시 알림은 함수에서 외부 종속성을 사용하는 HTTP 엔드포인트를 만들기 위해 더 이상 사용되지 않습니다.
웹훅은 동작에 대한 변경 없이 HTTPS 엔드포인트로 이름이 변경되었습니다. 기존 웹훅을 마이그레이션해야 합니다.
기존 서비스는,9월까지 30 계속2025 작동합니다.
타사 서비스 및 푸시 알림은 이제 더 이상 사용되지 않으므로 App Services UI에서 기본적으로 제거되었습니다. 기존 타사 서비스 또는 푸시 알림을 관리해야 하는 경우 다음을 수행하여 구성을 UI에 다시 추가할 수 있습니다.
왼쪽 탐색 메뉴의 Manage 섹션에서 App Settings을(를) 클릭합니다.
Temporarily Re-Enable 3rd Party Services 옆의 토글 스위치를 활성화한 다음 변경 사항을 저장합니다.
개요
Depending on the service, incoming webhooks offer several ways to validate requests and customize the response that Atlas App Services sends back to the external service.
Request Validation Methods
To validate that a webhook request is coming from a trusted source, some external services require that incoming requests incorporate a secret string in one of several prescribed manners. Other services, like the HTTP service, allow you to optionally require request validation.
There are two type of Request Validation for webhooks: Payload Signature Verification and Secret as a Query Parameter.
요청 시 HTTP/1.1 이상이 필요합니다.
참고
For maximum security, programmatically generate the secret string
using a secure package such as the Python secrets module. Make sure that
you do not publish the secret or include it in your version control
system.
Payload Signature Verification
The Verify Payload Signature request validation option
requires that incoming requests include a hexadecimal-encoded
HMAC SHA-256 hash
generated from the request body and secret string in the
X-Hook-Signature header.
예시
Consider the following webhook request body and secret:
const body = { "message":"MESSAGE" } const secret = 12345
The following Atlas Function generates the hash
for this body and secret:
// Generate an HMAC request signature exports = function(secret, body) { // secret = the secret validation string // body = the webhook request body return utils.crypto.hmac(EJSON.stringify(body), secret, "sha256", "hex"); } // Returns: "828ee180512eaf8a6229eda7eea72323f68e9c0f0093b11a578b0544c5777862"
The hash value must be assigned to the X-Hook-Signature HTTP
request header on every request:
X-Hook-Signature:sha256=<hex-encoded-hash>
To test that the request was properly signed, we could run the
following curl command:
curl -X POST \ -H "Content-Type: application/json" \ -H "X-Hook-Signature:sha256=828ee180512eaf8a6229eda7eea72323f68e9c0f0093b11a578b0544c5777862" \ -d '{"message":"MESSAGE"}' \ <webhook URL>
Secret as a Query Parameter
The Require Secret as Query Param request validation option
requires that incoming requests include the specified secret string
as a query parameter
appended to the end of the URL.
예시
Consider a webhook configured to use a secret value of
12345. All requests must be made to the webhook URL appended with
the secret as a query parameter:
<webhook URL>?secret=12345
To test that requests to this URL are properly verified, we could run
the following curl command:
curl -H "Content-Type: application/json" \ -d '{ "message": "HELLO" }' \ -X POST '<webhook URL>?secret=12345'
Webhook Response Object
App Services automatically passes a response object that represents the
webhook's HTTP response as the second argument to webhook Function.
The following table lists the available methods for modifying the
response object:
메서드 | Arguments | 설명 | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
| Set the HTTP response status code. 예시 | |||||||||
|
| Set the HTTP response body. If 예시 | |||||||||
| name stringvalue string | Set the HTTP response header
specified by 예시 | |||||||||
| name stringvalue string | Set the HTTP response header
specified by 예시 |