Nudge Webhook

Send the nudge payload (similar to rewards) to your servers in case of not configuring direct nudges from CustomerGlu to End User Device using Firebase/APNS
A webhook url can be provided to CustomerGlu to receive the nudges to be shown to users in real-time
The app can be configured to open the url present in "clickAction" property in a webview.
A POST request will be made to the specified Webhook URL . Example request body is as follows:
{
"client":"xyzc-b2e0-4927-8653-cba2babc2",
"campaignId":"acxscx26-5437-4b37-855f-a3f6edqccqc4",
"userId":"glutest-1",
"notificationType":"push",
"pageType":"full-default",
"content":{
"button":{
"text":"Go to Reward",
"action":"https://xyz.customerglu.net"
},
"title":"Scratch card unlocked! 😍",
"body":"Check to see how much you've won 🙌",
"clickAction":"https://xyz.customerglu.net",
"image":""
},
"timeRemaning":"",
"expiry":""
}
Optionally, to verify the authenticity of request, a secret token can be provided to CustomerGlu.
When you set a token, you'll receive the X-CG-SIGNATURE header in the webhook POST request. value of this header will be a hmac hexdigest of the request body with the provided token. See on how to validate the requests

Validating Nudge Webhook

JavaScript
Python
Java
const verifySignature = (reqBodyDigest, cgHeader) => {
return crypto.timingSafeEqual(Buffer.from(cgHeader), Buffer.from(`${reqBodyDigest}`));
}
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: true }));
app.post('/hook', (req, res) => {
const jsonString = JSON.stringify(req.body);
const reqBodyDigest = crypto.createHmac('sha1', token)
.update(jsonString)
.digest('hex');
const cgHeader = req.headers['x-cg-signature'];
const verify = verifySignature(reqBodyDigest, cgHeader)
}
import hmac,hashlib,json
sampleObj = {"campaignId":"6bab1116-ae8e-4644-9cee-7a3d8ee9aff3","type":"direct","userId":"test-8-june-9","rewardId":"acdc71c6-08ad-4cd9-8c1e-3c812487b854","rewardName":"$15","rewardAmount":15,"details":{"currency":"USD","value":15,"reward_reason":"got_referred","userAName":"Test Solve 7","userAId":"test-8-june-7"}}
gluHeader="f2719895b483fbf3f98e1936bc88271cbe74f138"
def generateSignature(incomingBody):
key="PbTJp694bmgrfJpJPQmrjGfjgq".encode('utf-8')
incomingBodyString = json.dumps(incomingBody, ensure_ascii=False, separators=(',', ':')).encode('utf-8')
return hmac.new(key, incomingBodyString, hashlib.sha1).hexdigest()
def verifySignature(cgHeader,incomingBody):
return hmac.compare_digest(cgHeader,generateSignature(incomingBody))
Note: CustomerGlu requires the raw body of the request to perform signature verification. If you are using a framework/library, make sure it doesn't manipulate the raw body. Any manipulation to the raw body of the request will cause the verification to fail.
private static String toHexString(byte[] bytes) {
Formatter formatter = new Formatter();
for (byte b : bytes) {
formatter.format("%02x", b);
}
return formatter.toString();
}
public static String calculateSHA1HMAC(String payload, String key)
throws SignatureException, NoSuchAlgorithmException, InvalidKeyException {
//
String HMAC_SHA1_ALGORITHM = "HmacSHA1";
SecretKeySpec signingKey = new SecretKeySpec(key.getBytes(), HMAC_SHA1_ALGORITHM);
Mac mac = Mac.getInstance(HMAC_SHA1_ALGORITHM);
mac.init(signingKey);
return toHexString(mac.doFinal(payload.getBytes()));
}