Front Platform

Welcome to the Front Platform. You'll find comprehensive guides and documentation to help you start working with Front as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started    

A webhook allows you to be automatically notified when something happens in Front without having to constantly poll the API.
For each event happening in Front, your webhook will receive a POST HTTP request with the event preview JSON representation in the request body.

To see an example of what the webhook request body will look like, see the Event Preview.

Setup

For more information about how to enable and setup a webhook, please refer to our help center.

To quickly get started testing webhooks, you can use something like RequestBin or ultrahook to receive and explore webhook payloads.

Validating Data Integrity

For security reasons and since the webhook URL is open to the public, you should not trust any incoming requests that it receives. Each request we send to your webhook URLs will contain an X-Front-Signature header generated using the request body and your API Secret.

To validate that the data came from Front, you need to calculate the base64 encoded HMAC hash of the request body using the SHA1 algorithm and your API secret as the key. If the value matches the header's signature, you can be sure the request was sent from Front.

const crypto = require('crypto');
const apiSecret = 'YOUR_API_SECRET';

function validateFrontSignature(data, signature) {
    var hash = crypto.createHmac('sha1', apiSecret)
                     .update(JSON.stringify(data))
                     .digest('base64');

   return crypto.timingSafeEqual(Buffer.from(hash), Buffer.from(signature));
}
require 'openssl'
require 'Base64'

API_SECRET = 'YOUR_API_SECRET'

def validateFrontSignature(data, signature)
  Base64.encode64(OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha1'), API_SECRET, data)).strip() == signature ? true : false
end

You can get your API secret by going to Company Settings > Plugins & API > API.

Updated 3 months ago


Webhooks


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.