please select
  • UIKit
  • SDK
  • Server APIs
Chat/
Server APIs/
Webhooks/
Server APIs
  • Generating UserSig
  • RESTful APIs
    • RESTful API Overview
    • RESTful API List
    • Message Related
      • Send Message
        • Sending One-to-One Messages to One User
        • Sending One-to-One Messages to Multiple Users
        • Sending Ordinary Messages in a Group
        • Sending System Messages in a Group
        • Broadcast Message of Audio-Video Group
        • Importing One-to-One Messages
        • Importing Group Messages
      • Historical Message
        • Modifying Historical One-to-one Messages
        • Modifying Historical Group Messages
        • Pulling Historical One-to-one Messages
        • Pulling Historical Group Messages
      • Delete Message
        • Deleting Messages Sent by a Specified User
      • Withdraw Message
        • Recalling One-to-One Messages
        • Recalling Group Messages
      • Read Receipt
        • Marking One-to-One Messages as Read
        • Pulling Group Message Read Receipt Details
        • Pulling Read Receipts for Group Messages
      • Message Extension
        • Pulling the Message Extension of a One-to-One Message
        • Configuring Message Extension for a One-to-One Message
        • Pulling Message Extension of a Group Message
        • Configuring Message Extension for a Group Message
      • Pushing to All Users
        • API for Pushing to All Users
        • Pushing to All Users
        • Setting Application Attribute Names
        • Getting Application Attribute Names
        • Getting User Attributes
        • Setting User Attributes
        • Deleting User Attributes
        • Getting User Tags
        • Adding User Tags
        • Deleting User Tags
        • Deleting All Tags of a User
    • Session Related
      • Conversation List
        • Pulling a conversation list
      • Session Unread Count
        • Setting the Unread Message Count of a Member
        • Querying Unread One-to-One Message Count
      • Delete Session
        • Deleting a conversation
      • Session Grouping Tag
        • Creating Conversation Group Data
        • Updating Conversation Group Data
        • Deleting Conversation Group Data
        • Creating or Updating Conversation Mark Data
        • Searching for Conversation Group Marks
        • Pulling Conversation Group Mark Data
    • Group Related
      • Group Management
        • Getting All Groups in an App
        • Creating a Group
        • Disbanding a Group
        • Getting the Groups a User Has Joined
      • Group Information
        • Getting Group Profiles
        • Modifying the Profile of a Group
        • Importing a Group Profile
      • Group Member Management
        • Adding Group Members
        • Deleting Group Members
        • Banning Group Members
        • Unbanning Group Members
        • Bulk Muting and Unmuting
        • Getting the List of Muted Group Members
        • Changing Group Owner
        • Querying the Roles of Users in a Group
        • Importing Group Members
      • Group Member Information
        • Getting Group Member Profiles
        • Modifying the Profile of a Group Member
      • Group Custom Attributes
        • Getting Group Custom Attributes
        • Modifying Group Custom Attributes
        • Clearing Group Custom Attributes
        • Resetting Group Custom Attributes
        • Deleting Group Custom Attributes
      • Live Group Management
        • Getting the Number of Online Users in an Audio-Video Group
        • Getting the List of Online Members in Audio-Video Group
        • Setting Audio-Video Group Member Marks
        • Getting the List of Banned Group Members.
      • Community Management
        • Creating Topic
        • Deleting Topic
        • Getting Topic Profile
        • Modifying Topic Profile
        • Importing Topic Profiles
      • Group Counter
        • Getting Group Counters
        • Updating Group Counters
        • Deleting Group Counters
    • User Management
      • Account Management
        • Importing a Single Account
        • Importing Multiple Accounts
        • Deleting Accounts
        • Querying Accounts
      • User Information
        • Setting Profiles
        • Pulling Profiles
      • User Status
        • Invalidating Account Login States
        • Querying Account Online Status
      • Friend Management
        • Adding Friends
        • Importing Friends
        • Updating Friends
        • Deleting Friends
        • Deleting All Friends
        • Verifying Friends
        • Pulling Friends
        • Pulling Specified Friends
      • Friend Lists
        • Adding Lists
        • Deleting Lists
        • Pulling Lists
      • Blocklist
        • Blocklisting Users
        • Unblocklisting Users
        • Pulling a Blacklist
        • Verifying Users on a Blocklist
    • Global Mute Management
      • Setting Global Mute
      • Querying Global Mute
    • Operations Management
      • Pulling Operations Data
      • Downloading Recent Messages
      • Getting Server IP Addresses
    • Chatbots
      • Pulling Chatbot Accounts
      • Creating Chatbot Accounts
      • Deleting Chatbot Accounts
  • Webhooks
    • Webhook Overview
    • Webhook Command List
    • Operations Management Callbacks
      • API Overclocking Alarm Callbacks
    • Online Status Webhooks
      • Status Change Webhooks
    • Relationship Chain Webhooks
      • After a Profile Is Updated
      • Before a Friend Is Added
      • Before a Friend Request Is Responded
      • After a Friend Is Added
      • After a Friend Is Deleted
      • After a User Is Added to Blocklist
      • After a User Is Removed from Blocklist
    • One-to-One Message Webhooks
      • Before a One-to-One Message Is Sent
      • After a One-to-One Message Is Sent
      • After a One-to-One message Is Marked as Read
      • After A One-to-One Message Is Recalled
    • Group Webhooks
      • Before a Group Is Created
      • After a Group Is Created
      • Before Applying to Join a Group
      • Before Inviting a User to a Group
      • After a User Joins a Group
      • After a User Leaves a Group
      • Before Group Message Is Sent
      • After a Group Message Is Sent
      • After a Group Is Full
      • After a Group Is Disbanded
      • After Group Profile Is Modified
      • Callback After Recalling Group Messages
      • Webhook for Online and Offline Status of Audio-Video Group Members
      • Webhook for Exceptions When Group Messages Are Sent
      • Before a Topic Is Created
      • After a Topic Is Created
      • After a Topic Is Deleted
      • Topic Profile Change Webhook
      • Callback After Group Member Profile Changed
      • Callback After Group Attribute Changed
      • Callback After Read Receipt
      • Callback After the Group Owner Changed
    • Webhook Mutual Authentication Configuration Guide
      • Apache Mutual Authentication Configuration
      • Nginx Mutual Authentication Configuration
    • Chatbot webhooks
      • Chatbot Passthrough Message Callback
Docs Overview/
Chat/
Server APIs/
Webhooks/
Webhook Overview/

Webhook Overview

Overview

To give you refined control over app features, Chat provides you with powerful webhooks free of charge. The webhooks use persistent connection mode by default. A webhook means that the Chat backend sends a request to the app backend server before or after an event occurs. This allows the app backend to synchronize data if necessary or intervene in the subsequent event processing. For more information about the webhooks currently supported by Chat, see the Webhook Command List.
A webhook is sent to the app backend server using an HTTP/HTTPS request, and the app backend server must process the Chat webhook request and provide a response as soon as possible. Take the Before Group Message Is Sent webhook event as an example. Before the message is sent, the Chat backend sends a webhook request to the app backend server and determines whether the message should be sent based on the webhook result. Based on the webhook, the app can synchronize the message. The following figure shows the webhook process.


Webhook Classification

Webhooks can be classified into four types according to their functions:
Online status webhooks
Relationship chain webhooks
One-to-one message webhooks
Group webhooks
Webhooks can be classified into two types by process:
Webhook before an action occurs: the purpose of this type of webhook is to allow the app backend to intervene in the processing logic of the event. Chat will determine the subsequent processing flow based on the return code of the webhook. For example, the webhook before a group message is sent is this type of webhook.
Webhook after an action occurs: the purpose of this type of webhook is to allow the app backend to implement essential data synchronization. Chat ignores the return codes of such webhooks. For example, the webhook after a member quits a group is this type of webhook.

Webhook Protocol

Webhooks are based on HTTP/HTTPS protocols. The app backend must provide a webhook URL to Chat, and Chat uses a POST request to initiate a webhook request to the app backend. When initiating a webhook request, Chat adds the following parameters at the end of the URL provided by the app backend:
Parameter
Description
SdkAppid
App ID assigned by Chat
CallbackCommand
Webhook command word
contenttype
Optional. The value is generally a JSON string.
ClientIP
IP address of the client
OptPlatform
Client platform. Depending on the platform type, the following values are available:
RESTAPI (requests are sent using RESTful APIs) and Web (requests are sent using Web SDKs),
Android, iOS, Windows, macOS, iPad, and Unknown (requests are sent using an unknown device).
Note:
"IOS" (all in uppercase) is used in the State.StateChange webhook, while "iOS" (the first letter is in lowercase) is used in other webhooks. Please perform compatibility processing during use.
The specific webhook content is included in the HTTP request packet. For details, see the following webhook examples.

Webhook Examples

Webhook request example:
POST /?SdkAppid=888888&CallbackCommand=Group.CallbackAfterNewMemberJoin&contenttype=json&ClientIP=$ClientIP&OptPlatform=$OptPlatform HTTP/1.1
Host: www.example.com
Content-Length: 337
{
    "CallbackCommand": "Group.CallbackAfterNewMemberJoin", 
    "GroupId": "@TGS#2J4SZEAEL", 
    "Type": "Public", 
    "JoinType": "Apply", 
    "Operator_Account": "leckie", 
    "NewMemberList": [
        {
            "Member_Account": "jared"
        }, 
        {
            "Member_Account": "tommy"
        }
    ]
}
Webhook response example:
HTTP/1.1 200 OK
Server: nginx/1.7.10
Date: Fri, 09 Oct 2015 02:59:55 GMT
Content-Length: 75
{
    "ActionStatus": "OK", 
    "ErrorInfo": "", 
    "ErrorCode":0
}

Webhook Timeout Period and Retry

The timeout period for Chat webhooks to the app backend is two seconds.
Before event occurrence, webhooks are not retried. After event occurrence, webhooks are not retried by default, and you can configure whether to retry the webhooks when they time out.
To ensure a high webhook success rate, third-party apps need to process webhooks quickly. For example, the app can send a webhook response and then process the specific business logic.

Handling Policy for Webhook Timeouts Before Event Occurrence

If a webhook times out before event occurrence, the default policy is to deliver the message.
You can also configure the handling policy for webhook timeouts before event occurrence in the console. For example, when a webhook timeout occurs before a group message is sent, you can specify whether to deliver the message.

Security Considerations

Chat supports both HTTP and HTTPS webhooks. For HTTPS webhooks, you need to configure a certificate issued by a CA or a certificate issued by Chat free of charge in the WebServer of the app backend.
Note:
To get a certificate issued by Chat free of charge, you need to log in to the console and configure webhook URL and download the certificate. For more information, see Webhook Configuration.
Related security issues are as follows:
1. HTTP transmits data in plain text, and data confidentiality cannot be guaranteed. Therefore, HTTPS is recommended.
2. It's impossible to determine whether a webhook request really comes from Chat.
For request source security, we provide two solutions:
1. Webhook authentication (recommended)
Configuration guide
1. Configure the webhook URL and enable webhook in the console.
2. During webhook URL configuration, enable authentication and configure the authentication token. Then, the signature (Sign) and signing timestamp (RequestTime) will be added to the webhook request URL. The signature algorithm is Sign=sha256(TokenRequestTime).
3. The app backend authenticates the webhook request. It uses SHA256 to calculate and verify the signature based on the local authentication token and the signing timestamp (RequestTime) in the webhook URL.
Signature algorithm sample:

Token=xxxxyyyy
RequestTime=1669872112
Sign=sha256(xxxxyyyy1669872112)=17773bc39a671d7b9aa835458704d2a6db81360a5940292b587d6d760d484061

Webhook URL=URL&Sign=17773bc39a671d7b9aa835458704d2a6db81360a5940292b587d6d760d484061&RequestTime=1669872112
2. HTTPS mutual authentication
Configuration guide
1. On the Chat console, configure the webhook URL (which must be an HTTPS domain name) and enable webhook.
2. Click Download HTTPS Mutual Authentication Certificate on the right to get the certificate. Configure HTTPS mutual authentication according to the following:
2.1 Configuring HTTPS Mutual Authentication on an Apache Server
2.2 Configuring HTTPS Mutual Authentication on an Nginx Server

Common Reasons for Webhook Failures

If a webhook failure occurs, check whether the configured webhook service has a problem according to the following checklist:
Webhook Failure Symptom
Possible Reason
Access to the webhook URL times out
1. Chat cannot complete DNS resolution. In this case, check whether the domain name is valid on the public network. For example, if the webhook host is http://notexist.com, Chat cannot complete DNS resolution because this domain name does not exist.
2. Chat cannot access the IP address configured in the webhook URL. In this case, check whether this IP address is accessible from the public network. For example, if the webhook host is http://10.0.0.1, Chat cannot access this IP address because the domain name is a private IP address of the app.
3. The failure occurs due to the firewall policy of the app webhook service. In this case, check the firewall configuration. For example, a webhook failure occurs if the app webhook server denies all requests arriving at port 80.
Access denied by the webhook service
Chat can access the host, but a connection is not established. In this case, check whether the WebServer has started properly. For example, a webhook failure will occur when the WebServer of the app webhook server has not started or when the port configuration is incorrect.
HTTPS certificate configuration error of the webhook service
This can occur when the webhook type is HTTPS (or HTTPS mutual authentication). Chat can access the app webhook server, but determines that the certificate configured on the app WebServer is invalid. In this case, check that the HTTPS certificate is properly configured.
HTTPS mutual authentication configuration error of the webhook service
This can occur when the webhook type is HTTPS mutual authentication. Chat verifies that the certificate configured on the app webhook server is valid, but the app webhook server fails to verify the Chat certificate.
The HTTP return code of the webhook service is not 200
The webhook request is successful, but the HTTP return code in the response packet is not 200.
The webhook response packet could not be parsed
The webhook response packet is not in JSON format.