Rewards Webhook
Send the reward outputs like points, merchandise, cashbacks, coupons to your servers
A webhook url can be provided to CustomerGlu to receive the rewards won by users in real-time
A POST request will be made to the specified Webhook URL . Example request body is as follows
1
{
2
"campaignId": "xyz41c29-bb0d-4fe6-8260-1403d1c0e964",
3
"type": "scratchcard",
4
//"direct","spinthewheel","slotmachine","memorygame","quiz",giftbox,...//
5
"userId": "testuser1",
6
"rewardId": "xyzbb3ca-093f-43f2-84ba-8d5ed0d6c1b4",
7
//rewardId will be unique and can be used as a de-duplication filter
8
"rewardName": "200 Coins",
9
"rewardAmount": 400 //optional
10
"code": "CODE123"//optional
11
"details": {//optional
12
"userBName": "testuser2", //in case of a reward for a referral
13
"userBId": "testuser2"//in case of a reward for a referral
14
"userAName": "testuser0", //in case of a reward for a referral
15
"userAId": "testuser0"//in case of a reward for a referral
16
"rewardCategory": "RM",//custom attribute
17
"currency":"USD"//custom attribute
18
}
19
//details object can also contain any logic/business specific custom attributes which can be given as a campaign input//
20
}
Copied!
Optionally, to verify the authenticity of request, a secret token can be provided to CustomerGlu.
When you set a token, you'll receive the X-CG-SIGNATURE header in the webhook POST request. value of this header will be a hmac hexdigest of the request body with the provided token. See on how to validate the requests

Validating Reward Webhook

JavaScript
Python
Java
1
const verifySignature = (reqBodyDigest, cgHeader) => {
2
return crypto.timingSafeEqual(Buffer.from(cgHeader), Buffer.from(`${reqBodyDigest}`));
3
}
4
5
6
app.use(bodyParser.json());
7
app.use(bodyParser.urlencoded({ extended: true }));
8
app.post('/hook', (req, res) => {
9
const jsonString = JSON.stringify(req.body);
10
const reqBodyDigest = crypto.createHmac('sha1', token)
11
.update(jsonString)
12
.digest('hex');
13
const cgHeader = req.headers['x-cg-signature'];
14
const verify = verifySignature(reqBodyDigest, cgHeader)
15
}
Copied!
1
import hmac,hashlib,json
2
3
sampleObj = {"campaignId":"6bab1116-ae8e-4644-9cee-7a3d8ee9aff3","type":"direct","userId":"test-8-june-9","rewardId":"acdc71c6-08ad-4cd9-8c1e-3c812487b854","rewardName":"$15","rewardAmount":15,"details":{"currency":"USD","value":15,"reward_reason":"got_referred","userAName":"Test Solve 7","userAId":"test-8-june-7"}}
4
gluHeader="f2719895b483fbf3f98e1936bc88271cbe74f138"
5
6
7
def generateSignature(incomingBody):
8
key="PbTJp694bmgrfJpJPQmrjGfjgq".encode('utf-8')
9
incomingBodyString = json.dumps(incomingBody, separators=(',', ':')).encode('utf-8')
10
return hmac.new(key, incomingBodyString, hashlib.sha1).hexdigest()
11
12
def verifySignature(cgHeader,incomingBody):
13
return hmac.compare_digest(cgHeader,generateSignature(incomingBody))
14
15
Copied!
1
private String generateKey(String key, JSONObject incomingData) {
2
final Charset asciiCs = StandardCharsets.US_ASCII;
3
Mac sha256_HMAC = null;
4
try {
5
sha256_HMAC = Mac.getInstance("HmacSHA1");
6
} catch (NoSuchAlgorithmException e) {
7
e.printStackTrace();
8
}
9
final SecretKeySpec secret_key = new javax.crypto.spec.SecretKeySpec(asciiCs.encode(key).array(), "HmacSHA1");
10
try {
11
assert sha256_HMAC != null;
12
sha256_HMAC.init(secret_key);
13
} catch (InvalidKeyException e) {
14
e.printStackTrace();
15
}
16
final byte[] mac_data = sha256_HMAC.doFinal(asciiCs.encode(String.valueOf(incomingData)).array());
17
System.out.println("mac data");
18
System.out.println(mac_data);
19
String result = "";
20
for (final byte element : mac_data)
21
{
22
result += Integer.toString((element & 0xff) + 0x100, 16).substring(1);
23
}
24
System.out.println("Result:[" + result + "]");
25
return result;
26
}
27
28
private boolean verifySignature(String gluheader,JSONObject incomingData)
29
{
30
String key = generateKey("secret_key",incomingData);
31
32
if(gluheader.equalsIgnoreCase(key))
33
{
34
return true;
35
}
36
return false;
37
38
}
Copied!
Copy link
Contents