Polaris

Webhooks

In this guide, we will look at how to register and consume webhooks to integrate your app with Polaris. With webhooks, your app can know when something happens in Polaris, such as a device is down or a service line has been added.

Registering webhooks

To register a new webhook, you need to have a URL in your app that Polaris can call. You can configure a new webhook from the Polaris dashboard under Account settings. Give your webhook a name, pick the events you want to listen for, and add your URL.

Now, whenever something of interest happens in your app, a webhook is fired off by Polaris. In the next section, we'll look at how to consume webhooks.

Consuming webhooks

When your app receives a webhook request from Polaris, check the type attribute to see what event caused it. The first part of the event type will tell you the payload type, e.g., a device, speedtest, etc.

Example webhook payload

{
  "id": "63a42653-8ca2-3c73-bda7-5428f6527d0e",
  "type": "device.down",
  "payload": {
    "site_id": "REV-001-12312",
    "account_id": "acct_akuONkZ8FR",
    "formatted_address": "HMRR+X52, San Lorenzo, Guimaras, Philippines",
    "location": {
      "type": "point",
      "coordinates": [122.690391, 10.592387]
    },
    "last_connected_at": "2024-06-07T23:36:17+00:00",
    "start_at": "2024-06-07T23:36:17+00:00"
  }
}

In the example above, a service line was reported down and the payload type is a device.down.

Event types

  • Name
    device.down
    Description

    A device has been reported down

  • Name
    speed_test.timeout
    Description

    Speed test queued has been reported timeout

  • Name
    speed_test.success
    Description

    Speed test queued returned success

Example payload

  {
    "id": "63a42653-8ca2-3c73-bda7-5428f6527d0e",
    "type": "device.down",
    "payload": {
        "site_id": "REV-001-12312",
        "account_id": "acct_akuONkZ8FR",
        "formatted_address": "HMRR+X52, San Lorenzo, Guimaras, Philippines",
        "location": {
          "type": "point",
          "coordinates": [122.690391, 10.592387]
        },
        "last_connected_at": "2024-06-07T23:36:17+00:00",
        "start_at": "2024-06-07T23:36:17+00:00"
    }
}

Security

To know for sure that a webhook was, in fact, sent by Polaris instead of a malicious actor, you can verify the request signature. Each webhook request contains a header named x-polaris-signature, and you can verify this signature by using your secret webhook key. The signature is an HMAC hash of the request payload hashed using your secret key. Here is an example of how to verify the signature in your app:

Verifying a request

const signature = req.headers['x-polaris-signature']
const hash = crypto.createHmac('sha256', secret).update(payload).digest('hex')

if (hash === signature) {
  // Request is verified
} else {
  // Request could not be verified
}

If your generated signature matches the x-polaris-signature header, you can be sure that the request was truly coming from Polaris. It's essential to keep your secret webhook key safe — otherwise, you can no longer be sure that a given webhook was sent by Polaris.

Was this page helpful?