The Editor API provides endpoints for registering webhooks as well as validating the WHCC-Signature on all webhook requests for security purposes.
You can learn more about the WHCC Signature and types of webhooks in the Order Submit API documentation.
Register a callbackUri, which will accept WHCC webhooks, using the following endpoint.
/webhooks/createContent-type: application/json
1
2
3
4
5
curl https://prospector.dragdrop.design/api/v1/webhooks/create \
-H "Authorization: Bearer TOKEN_GOES_HERE" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-d '{ "callbackUri": YOUR_CALLBACK_URI }'
Immediately after POSTing the above call, a unique verification code will be sent to the specified callbackUri. That code needs to be sent back to the Editor API in the following call to verify that you own the callbackUri.
/webhooks/verifyContent-type: application/json
1
2
3
4
5
curl https://prospector.dragdrop.design/api/v1/webhooks/verify \
-H "Authorization: Bearer TOKEN_GOES_HERE" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-d '{ "verifier": CODE_POSTED_TO_CALLBACK_URI }'
Every webhook request from WHCC contains a WHCC-Signature header to ensure the webhook is from WHCC and intended for your consumption. Validate the signature using this endpoint.
The security considerations for the WHCC Signature can be explored in greater detail in the Order Submit API documentation .
/webhooks/validateContent-type: application/json
1
2
3
4
5
curl https://prospector.dragdrop.design/api/v1/webhooks/validate \
-H "Authorization: Bearer TOKEN_GOES_HERE" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-d '{ "body": WEBHOOK_PAYLOAD, "signature": WHCC-SIGNATURE_HEADER_CONTENT }'