Webhooks
Webhook memungkinkan aplikasi Anda menerima notifikasi HTTP real-time ketika event terjadi di PUGUH.
Cara Kerja Webhook
- Anda mendaftarkan endpoint URL di PUGUH
- Anda berlangganan event type tertentu
- Ketika event terjadi, PUGUH mengirim HTTP POST ke endpoint Anda
- Server Anda memproses payload dan merespons dengan
200 OK
Tipe Event
PUGUH memancarkan event dari semua modul infrastruktur:
Event Identity
| Event | Deskripsi |
|---|---|
user.created | Pengguna baru terdaftar |
user.updated | Profil pengguna diubah |
user.deleted | Akun pengguna dihapus |
auth.login | Pengguna berhasil login |
auth.logout | Pengguna logout |
auth.password_changed | Password diubah |
auth.mfa_enabled | MFA diaktifkan |
Event Organization
| Event | Deskripsi |
|---|---|
organization.created | Organisasi baru dibuat |
organization.updated | Pengaturan organisasi diubah |
member.invited | Anggota diundang |
member.joined | Anggota menerima undangan |
member.removed | Anggota dihapus |
member.role_changed | Role anggota diperbarui |
Event Billing
| Event | Deskripsi |
|---|---|
billing.subscription.created | Subscription baru dimulai |
billing.subscription.updated | Paket diubah |
billing.subscription.cancelled | Subscription dibatalkan |
billing.invoice.paid | Pembayaran invoice diterima |
billing.invoice.overdue | Pembayaran melewati tenggat |
Membuat Endpoint
Via API
bash
curl -X POST https://api-puguh.arsaka.io/webhooks/endpoints \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "X-Organization-ID: YOUR_ORG_ID" \
-H "Content-Type: application/json" \
-d '{
"url": "https://your-app.com/webhooks/puguh",
"events": ["user.created", "member.invited", "billing.invoice.paid"],
"description": "Production webhook"
}'Respons:
json
{
"id": "wh_abc123",
"url": "https://your-app.com/webhooks/puguh",
"events": ["user.created", "member.invited", "billing.invoice.paid"],
"secret": "whsec_xxxxxxxxxxxxxxxx",
"is_active": true,
"created_at": "2026-02-20T10:00:00Z"
}Important
secret hanya ditampilkan sekali saat pembuatan. Simpan dengan aman untuk verifikasi tanda tangan.
Payload Webhook
Setiap pengiriman mengirimkan request JSON POST:
json
{
"event": "member.invited",
"timestamp": "2026-02-20T10:30:00Z",
"data": {
"organization_id": "org_abc",
"email": "new-member@example.com",
"role": "member",
"invited_by": "admin@example.com"
},
"webhook_id": "wh_abc123",
"delivery_id": "del_xyz789"
}Header
| Header | Deskripsi |
|---|---|
Content-Type | application/json |
X-Puguh-Signature | Tanda tangan HMAC-SHA256 |
X-Puguh-Delivery-ID | Identifier pengiriman unik |
X-Puguh-Event | Tipe event (mis. user.created) |
Memverifikasi Tanda Tangan
Selalu verifikasi header X-Puguh-Signature untuk memastikan request berasal dari PUGUH.
Python
python
import hmac
import hashlib
def verify_webhook(payload: bytes, signature: str, secret: str) -> bool:
expected = hmac.new(
secret.encode(), payload, hashlib.sha256
).hexdigest()
return hmac.compare_digest(f"sha256={expected}", signature)TypeScript
typescript
import { createHmac, timingSafeEqual } from 'crypto';
function verifyWebhook(payload: string, signature: string, secret: string): boolean {
const expected = `sha256=${createHmac('sha256', secret).update(payload).digest('hex')}`;
return timingSafeEqual(Buffer.from(signature), Buffer.from(expected));
}Kebijakan Retry
Jika endpoint Anda mengembalikan status non-2xx, PUGUH mencoba ulang dengan exponential backoff:
| Percobaan | Jeda |
|---|---|
| Retry ke-1 | 1 menit |
| Retry ke-2 | 5 menit |
| Retry ke-3 | 30 menit |
| Retry ke-4 | 2 jam |
| Retry ke-5 | 12 jam |
Setelah 5 percobaan gagal, pengiriman dipindahkan ke dead letter queue. Anda dapat melakukan retry secara manual dari dashboard atau API.
Mengelola Endpoint
Daftar Endpoint
bash
curl https://api-puguh.arsaka.io/webhooks/endpoints \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "X-Organization-ID: YOUR_ORG_ID"Perbarui Endpoint
bash
curl -X PUT https://api-puguh.arsaka.io/webhooks/endpoints/wh_abc123 \
-H "Authorization: Bearer YOUR_TOKEN" \
-d '{"events": ["user.created", "billing.invoice.paid"], "is_active": true}'Hapus Endpoint
bash
curl -X DELETE https://api-puguh.arsaka.io/webhooks/endpoints/wh_abc123 \
-H "Authorization: Bearer YOUR_TOKEN"Lihat Pengiriman
bash
curl https://api-puguh.arsaka.io/webhooks/endpoints/wh_abc123/deliveries \
-H "Authorization: Bearer YOUR_TOKEN"Batas per Paket
| Paket | Maks Endpoint | Retry |
|---|---|---|
| Free | 3 | 3 percobaan |
| Pro | 10 | 5 percobaan |
| Business | 25 | 5 percobaan + guaranteed delivery |
| Enterprise | Unlimited | 5 percobaan + guaranteed delivery |
Praktik Terbaik
- Selalu verifikasi tanda tangan untuk mencegah request palsu
- Respons dengan cepat menggunakan
200 OKdan proses event secara asinkron - Tangani duplikat menggunakan
delivery_iduntuk idempotency - Gunakan HTTPS untuk URL endpoint Anda
- Pantau kegagalan pengiriman di dashboard
- Rotasi secret secara berkala untuk keamanan