Webhooks (Web Callback, HTTP Push API or Reverse API) are one way that a web application can send information to another application in real-time when a specific event happens.
You can configure your webhook from Webhook Setting Page
Pingback URL
Pingback is also known as callback, It alert you when desired task is completed.
Pingback URL will alert you when your scheduled search have been complete, For e.g if you have sent 100 keywords batch request and now once SERPHouse server completes those keyword processing they will start hitting pingback_url if you have provided URL.
Once you receive pingback request from our server that means your keyword search has been completed and now it’s ready to retrive data from our server using GET SERP Result API.
Our Pingback Feature will served via HTTP GET Request.
Postback URL
Postback is commonly known as a Webhook. While using our Batch API (Delayed SERP API) postback url helps you to reduce your backend work.
While sending Batch Processing request you are allowed to send upto 100 keywords in single request with postback_url to each keywords you sent.
Once your request come to SERPHouse server, Our Backend makes a Queue of your keywords and executes on concurrent thread. As soon as our backend completes keyword processing, You will get an HTTP POST Request on your provided postback_url.
As soon as you receive our request, You have to safely validate and store data on your storage and free up our request within a specified timeout.
Our Postback Feature will served via HTTP POST Request with JSON Body.
Webhook SSL verification?
Webhook SSL verification refers to the process of verifying the authenticity and validity of an SSL certificate used by a webhook endpoint. When a webhook is established between two systems, it is crucial to ensure secure communication and prevent potential security risks. SSL (Secure Sockets Layer) certificates are used to encrypt data transmitted between the systems, providing a secure connection.
SSL verification involves checking the SSL certificate presented by the webhook endpoint to ensure it is issued by a trusted certificate authority (CA) and that it has not expired or been revoked. The verification process confirms the webhook endpoint's identity and ensures that the communication is protected against potential man-in-the-middle attacks or unauthorized access.
To perform SSL verification, the system initiating the webhook request typically checks the SSL certificate chain, including the root CA and intermediate certificates, to ensure they are valid. It verifies that the common name or subject alternative name (SAN) in the certificate matches the endpoint's domain name. Additionally, the system checks if the certificate is within its validity period and hasn't been tampered with or revoked.
If the SSL verification fails, it indicates a potential security risk, and the webhook request may be rejected or considered untrustworthy. Implementing SSL verification for webhooks helps ensure the integrity and security of data exchanged between systems, protecting against unauthorized access and data breaches.
You can enable or disable SSL Verification for your webhook from here
Validate Webhooks call from SERPHouse
Validate the webhook before you start using them.
When your webhook secret key is set, SERPHouse uses it to create a hash signature with each payload. This hash signature is passed with each request under the x-serphouse-signature header that you need to validate at your end.
Handy Tips
If you have changed your webhook secret, remember to use the old secret for webhook signature validation while retrying older requests. Using the new secret will lead to a signature mismatch.
Header
Description
x-serphouse-signature
The hash signature is calculated using HMAC with SHA256 algorithm; with your webhook secret set as the key and the webhook request body as the message.
You can also validate the webhook signature yourself using a HMAC as shown below:
var http =require("http");constcrypto=require('crypto');constexpress=require('express')constapp=express()var bodyParser =require('body-parser')constsigHeaderName='x-serphouse-signature';constsigHashAlg='sha256';constsigPrefix=''; //set this to your signature prefix if anyconstsecret="yoursecretkey"; //your webhook secret key from your webhook settings https://app.serphouse.com/wehook-settingapp.use(bodyParser.json( {verify: (req, res, buf, encoding) => {if (buf &&buf.length) {req.rawBody =buf.toString(encoding ||'utf8'); } }, }));functionvalidatePayload(req, res, next) {if(req.get(sigHeaderName)){//Extract Signature headerconstsig=Buffer.from(req.get(sigHeaderName) ||'','utf8')//Calculate HMACconsthmac=crypto.createHmac(sigHashAlg, secret)constdigest=Buffer.from(sigPrefix +hmac.update(req.rawBody).digest('hex'),'utf8');//Compare HMACsif (sig.length!==digest.length||!crypto.timingSafeEqual(digest, sig)) {console.log("Unable to verify signature");returnres.status(401).send({ message:`Request body digest (${digest}) did not match ${sigHeaderName} (${sig})` }); }else {console.log("Signature successfully verified "); } }returnnext()}app.use(validatePayload);app.post('/webhook',function(req, res) {res.send("All is well, I am here after the successful verification")})http.createServer(app).listen(8081)console.log('Server running at http://127.0.0.1:8081/');