Rewards Webhook

Send the reward outputs like points, merchandise, cashbacks, coupons to your servers

A webhook url can be provided to CustomerGlu to receive the rewards won by users in real-time

A POST request will be made to the specified Webhook URL . Example request body is as follows

{
        "campaignId": "xyz41c29-bb0d-4fe6-8260-1403d1c0e964",
        "type": "scratchcard",
//"direct","spinthewheel","slotmachine","memorygame","quiz",giftbox,...//
        "userId": "testuser1",
        "rewardId": "xyzbb3ca-093f-43f2-84ba-8d5ed0d6c1b4",
//rewardId will be unique and can be used as a de-duplication filter
        "rewardName": "200 Coins",
        "rewardAmount": 400 //optional
        "code": "CODE123"//optional
        "details": {//optional
            "userBName": "testuser2", //in case of a reward for a referral
            "userBId": "testuser2"//in case of a reward for a referral
            "userAName": "testuser0", //in case of a reward for a referral
            "userAId": "testuser0"//in case of a reward for a referral
            "rewardCategory": "RM",//custom attribute
            "currency":"USD"//custom attribute
        }
//details object can also contain any logic/business specific custom attributes which can be given as a campaign input//
}

Optionally, to verify the authenticity of request, a secret token can be provided to CustomerGlu.

When you set a token, you'll receive the X-CG-SIGNATURE header in the webhook POST request. value of this header will be a hmac hexdigest of the request body with the provided token. See on how to validate the requests

Validating Reward Webhook

const verifySignature = (reqBodyDigest, cgHeader) => {
  return crypto.timingSafeEqual(Buffer.from(cgHeader), Buffer.from(`${reqBodyDigest}`));
}


app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: true }));
app.post('/hook', (req, res) => {
  const jsonString = JSON.stringify(req.body);
  const reqBodyDigest = crypto.createHmac('sha1', token)
    .update(jsonString)
    .digest('hex');
  const cgHeader = req.headers['x-cg-signature'];
  const verify = verifySignature(reqBodyDigest, cgHeader)
}

import hmac,hashlib,json

sampleObj = {"campaignId":"6bab1116-ae8e-4644-9cee-7a3d8ee9aff3","type":"direct","userId":"test-8-june-9","rewardId":"acdc71c6-08ad-4cd9-8c1e-3c812487b854","rewardName":"$15","rewardAmount":15,"details":{"currency":"USD","value":15,"reward_reason":"got_referred","userAName":"Test Solve 7","userAId":"test-8-june-7"}}
gluHeader="f2719895b483fbf3f98e1936bc88271cbe74f138"


def generateSignature(incomingBody):
  key="PbTJp694bmgrfJpJPQmrjGfjgq".encode('utf-8')
  incomingBodyString = json.dumps(incomingBody, ensure_ascii=False, separators=(',', ':')).encode('utf-8')
  return hmac.new(key, incomingBodyString, hashlib.sha1).hexdigest()

def verifySignature(cgHeader,incomingBody):
    return hmac.compare_digest(cgHeader,generateSignature(incomingBody))

Note:

CustomerGlu requires the raw body of the request to perform signature verification. If you are using a framework/library, make sure it doesn't manipulate the raw body. Any manipulation to the raw body of the request will cause the verification to fail.

private static String toHexString(byte[] bytes) {
        Formatter formatter = new Formatter();
        for (byte b : bytes) {
            formatter.format("%02x", b);
        }
        return formatter.toString();
    }
    public static String calculateSHA1HMAC(String payload, String key)
            throws SignatureException, NoSuchAlgorithmException, InvalidKeyException {
        //
        String HMAC_SHA1_ALGORITHM = "HmacSHA1";
        SecretKeySpec signingKey = new SecretKeySpec(key.getBytes(), HMAC_SHA1_ALGORITHM);
        Mac mac = Mac.getInstance(HMAC_SHA1_ALGORITHM);
        mac.init(signingKey);
        return toHexString(mac.doFinal(payload.getBytes()));
    }

function verifySignature($apiSecret)
{
    $body = json_encode(file_get_contents('php://input')); // get json encoded body
    $hmac = hash_hmac('sha1', $body, $apiSecret); // Generate HMAC from body and shared secret
    $signature = $_SERVER['x-cg-signature'];  // Get signature from request header
    return $hmac == $signature; // compare request signature with generated signature. 
}

Whitelisting CustomerGlu Webhook IPs

The following IP address(es) should be whitelisted by your Server, to receive Webhook requests from CustomerGlu:

20.207.108.216

PreviousConfiguring Webhooks NextNudge Webhook

Last updated 1 month ago