Webhooks

You can use webhook subscriptions to receive notifications for particular events in Gameball. After you have subscribed to a webhook, your app can execute a specific code immediately after specific events occur in Gameball. Common webhook use cases include sending notifications to IM clients and pagers.

After you configure a webhook subscription, the events that you specified will trigger a webhook notification each time they occur. This notification contains a JSON payload, and HTTP headers that provide context. Webhook includes the following header with example value:

X-GB-Signature: ff7b2ea889c68c80844ee89eab625e8fc53fdc3c

Supported Webhook Events

You can retrieve data in JSON format. At the moment, webhooks are available for notification event, while we are working on supporting more events.

Creating an Endpoint for Webhooks

Your endpoint must be an HTTP webhook address that can correctly process event notifications as described. You must also implement verification to make sure webhook requests originate from Gameball.

Configuring Webhooks

You can configure a webhook using Gameball admin dashboard by following the below steps:

1. From your Gameball admin, go to Admin Settings > Account Integration.

2. In the Webhooks section, click Edit.

3. Enter the URL on which you want to receive notifications.

Receiving a Webhook

After you register a webhook URL, Gameball issues an HTTP POST request to the URL specified every time that event occurs. The request's POST parameters contain JSON data relevant to the event that triggered the request.

Verifying Webhooks

To ensure the webhook request is from Gameball, verify the X-GB-Signature header. This signature is a SHA1 hash of the payload and your SecretKey. By comparing the computed hash with the signature header, you can confirm the request's authenticity.

Example Verification Code

Here’s how to verify a webhook signature using Node.js:

Example Verification:

const crypto = require("crypto");

function verifySignature(req) {
    const SECRET_KEY = process.env.SECRET_KEY;
    // Get the signature from the header
    const signature = req.headers["x-gb-signature"];
    if (!signature) return false;

    // Compute the signature using the payload and secret key
    const payload = JSON.stringify(req.body);
    const computedSignature = crypto
        .createHash("sha1")
        .update(payload + ":" + SECRET_KEY)
        .digest("hex");

    // Compare the signatures
    return computedSignature === signature;
}

Webhooks Retry Policy

The webhook retry policy governs the behavior of failed webhook deliveries and provides guidelines for handling such scenarios. When a webhook delivery fails, it is essential to have a well-defined retry policy to ensure successful delivery of the payload. In our case, Gameball handles webhooks behavior in case of sending failure as described below.

Failed Attempt

The webhook attempt is considered a failed attempt whenever Gameball receives a response with status code that is not 2XX, which means that for example, a status code of 403 is considered as a failed attempt, hence the retry policy applies.

Retry Attempts

The retry policy defines the number of attempts that will be made to deliver the webhook payload. Gameball provides three retry attempts. The retry policy also specifies the delay between each retry attempt. The delays durations are specified as follows, 1st attempt is after 5 minutes, the 2nd attempt is after 20 minutes and the final attempt is after 60 minutes. Lastly, if the webhook failed to send after all these attempts, this specific webhook request will be discarded.