Skip to main content

CLOUD EVENT

Cloud Events

Overview

A Cloud Event is the data that customer's services receive in their callbackUrls from Webhooks, it follows the basic CloudEvents spec with a couple of enhancements. This document describes all the properties used in Cloud Events.

Format

Message is delivered in form of POST request to your specified callbackUrl.

Message Acknowledgment

It is REQUIRED that your webhooks will respond with one of the 200, 201, 202, 204 HTTP codes with in 5 SECONDS time limit.

If one of the requirements will not be fulfilled, message will be retried 5 times using exponential backoff strategy (min backoff - 1 minute, max backoff 10 minutes). If your message still fails, message will be saved to Event Journal with status Failed. You can replay it, using Event Journal in EXE UI (https://<tenant-alias>.hiiretail.com/external-events/event-journal).

Cloud Event headers

header nameexample valuemandatorydescription
User-AgentHii-Event-Gun/1.0yesValue is fixed, and can be used to identify requests from EXE
AuthorizationAuthorization docsyesDescription on each type of authorization can be found in authorization docs
X-Hii-SignatureHS256=65fd717df8dd1ae9c432cf0000cfda46e1143122fcfc8af944482f9771c2a9d7noProvided only if your webhook has a sharedKey. Signature verification.
Content-Typeapplication/jsonyesAlways application/json
Correlation-Idec580d96-4d6c-4a68-9724-c01ffa95bda1yesUnique identifier for tracing requests throughout all Hii Retail services.

Cloud Event body

Cloud event body is always in JSON format and passed as HTTP POST body in request.

field nametypeexample valuemandatorydescription
idString3454257574594417yesEvent identifier. It's taken from the original message, that was sent into the Event Source.
timeString2021-11-16T08:02:57.043ZyesEvent timestamp. It's taken from the original message, that was sent into the Event Source.
typeStringiam.role-changed.v1yesEvent source Id, describes the event type and the contents of the message
dataStringeyJleGFtcGxlIjogNDJ9yesOriginal message's data, encoded encoded using format in dataencoding field.
dataencodingStringbase64yesEncoding format for data field
datacontenttypeStringapplication/jsonyesContent type of the decoded data.
specversionString1.0yesA version of the spec this message complies to. Always set to 1.0.
sourceStringexe-dispatch.retailsvc.comyesFrom where the message was produced .Always set to exe-dispatch.retailsvc.com
metaObject{}yesAdditional info about message
meta.deprecationNoticeObject{"removedAfter": "2022-01-31"}noDepredation notice for this event source, that usually mens that event source will be disabled soon
meta.deprecationNotice.removedAfterString2022-01-31noIndicates date, when Event Source will be disabled/deleted
meta.deprecationNotice.messageStringIAM group Unassigned event source is deprecatednoAdditional message in free text format, might explain reason behind deprecation
meta.deprecationNotice.replacedWithStringiam.role-changed.v2noIf deprecated event source have replacement Event source, this field might indicate it.

Authorization

Every Cloud Event is sent with Authorization header, which can contain:

Signature verification

To verify a signature, you would need to create message signature yourself and compare signatures with original from headers.

Possible algorithms:

Algoformatexampledesctiption
HS256algo=signatureHS256=65fd717df8dd1ae9c432cf0000cfda46e1143122fcfc8af944482f9771c2a9d7Hmac with sha256 of data field from body

You can generate signature by following steps:

  • get value from data field in body (DO NOT DECODE IT)
  • sign it with your sharedKey using algo from signature prefix (Always HS256 for now).

Example code in node.js

import {createHmac} from 'crypto';

const sharedKey = '<secret>';
const signature = 'HS256=' + createHmac('sha256', sharedKey).update(data).digest('hex');