Overview

Webhook is a reverse API mechanism, similar to a trigger mechanism, that sends a request to a specific URL at a specific moment. Specific moments include events such as user login, user registration, user phone number modification, user profile modification, etc. IDaaS defines these specific moments as events. When an event is triggered, IDaaS sends a notification to the specified URL. The application system receives the information and performs specific operations.

Terminology Explanation

• Third-party Application: The application system integrated with Zhuyun IDaaS.

• Callback Address: The address called by Zhuyun IDaaS for data push.

• Security Token: A unique and non-expiring authorization token agreed upon by both parties, with a length of no less than 32 characters.

• Encryption Key: Used to encrypt data in requests, primarily to prevent data leakage or tampering during transmission. The encryption key is 32 characters long.

• Signature Key: Used to generate a data signature for the message content, mainly to prevent data tampering during transmission. The signature key is no less than 32 characters long.

• Encryption/Decryption Algorithm: The encryption algorithm used for data encryption. The encryption/decryption algorithm used in WebHook is AES/ECB/PKCS5Padding.

WebHook Process Explanation

• Step1: When an event occurs in Zhuyun IDaaS, Zhuyun IDaaS pushes the user ID to the third-party application system;

• Step2: The third-party application system successfully verifies the security token and data signature, decrypts to obtain the user ID. If the returned interface response code is 200, it indicates the event push was successful;

• Step3: The third-party application system processes its own business data asynchronously based on different events. If user detailed information is needed, it can be obtained by calling the Zhuyun IDaaS interface. Refer to Get User Details by User ID