Nudge Webhook

Send the nudge payload (similar to rewards) to your servers in case of not configuring direct nudges from CustomerGlu to End User Device using Firebase/APNS
A webhook url can be provided to CustomerGlu to receive the nudges to be shown to users in real-time
The app can be configured to open the url present in "clickAction" property in a webview.
A POST request will be made to the specified Webhook URL . Example request body is as follows:
"text":"Go to Reward",
"title":"Scratch card unlocked! 😍",
"body":"Check to see how much you've won 🙌",
Optionally, to verify the authenticity of request, a secret token can be provided to CustomerGlu.
When you set a token, you'll receive the X-CG-SIGNATURE header in the webhook POST request. value of this header will be a hmac hexdigest of the request body with the provided token. See on how to validate the requests

Validating Nudge Webhook

const verifySignature = (reqBodyDigest, cgHeader) => {
return crypto.timingSafeEqual(Buffer.from(cgHeader), Buffer.from(`${reqBodyDigest}`));
app.use(bodyParser.urlencoded({ extended: true }));'/hook', (req, res) => {
const jsonString = JSON.stringify(req.body);
const reqBodyDigest = crypto.createHmac('sha1', token)
const cgHeader = req.headers['x-cg-signature'];
const verify = verifySignature(reqBodyDigest, cgHeader)
import hmac,hashlib,json
sampleObj = {"campaignId":"6bab1116-ae8e-4644-9cee-7a3d8ee9aff3","type":"direct","userId":"test-8-june-9","rewardId":"acdc71c6-08ad-4cd9-8c1e-3c812487b854","rewardName":"$15","rewardAmount":15,"details":{"currency":"USD","value":15,"reward_reason":"got_referred","userAName":"Test Solve 7","userAId":"test-8-june-7"}}
def generateSignature(incomingBody):
incomingBodyString = json.dumps(incomingBody, ensure_ascii=False, separators=(',', ':')).encode('utf-8')
return, incomingBodyString, hashlib.sha1).hexdigest()
def verifySignature(cgHeader,incomingBody):
return hmac.compare_digest(cgHeader,generateSignature(incomingBody))
Note: CustomerGlu requires the raw body of the request to perform signature verification. If you are using a framework/library, make sure it doesn't manipulate the raw body. Any manipulation to the raw body of the request will cause the verification to fail.
private static String toHexString(byte[] bytes) {
Formatter formatter = new Formatter();
for (byte b : bytes) {
formatter.format("%02x", b);
return formatter.toString();
public static String calculateSHA1HMAC(String payload, String key)
throws SignatureException, NoSuchAlgorithmException, InvalidKeyException {
SecretKeySpec signingKey = new SecretKeySpec(key.getBytes(), HMAC_SHA1_ALGORITHM);
Mac mac = Mac.getInstance(HMAC_SHA1_ALGORITHM);
return toHexString(mac.doFinal(payload.getBytes()));