The Entuitive Compliance service can be configured to push notifications to a configured endpoint like a webhook.

You can configure webhook endpoints from the Entuitive Complicance dashboard, which provides a user interface for configuring webhooks. This way, you enable Entuitive to automatically send events as part of POST requests to the configured webhook endpoint.

📘
Webhook Response
Your endpoint should respond with a 200 http response to let Entuitive know that the message has been accepted.

Creating Webhooks

To get started with the webhooks, you first need to configure the Webhook on Entuitive dashboard. Your Webhook can be created on Entuitive Dashboard under API Management > Webhooks > Create Webhook.

Webhook Signature Verification

When any webhook event is sent, we send the X-Entuitive-Signature in the request headers. The body of the request will be JSON encoded version passed to payload. Use this to verify if call is coming from Entuitive servers.

Below is the example of generating the HMAC hash using request payload and signature header.

// Retrieve the signature from the request header 
$signature = request()->header('X-Entuitive-Signature');

// Retrieve the raw payload content from the request
 $payload = request()->getContent();

// Create a HMAC hash using the payload and your webhook secret
 $createdSignature = hash_hmac('sha256', $payload, $webhookSecret);

// Verify if the created signature matches the signature from the request
 $isMatch = $createdSignature  === $signature // It will be true if signature matches
   
if ($isMatch) {
    // Signature matches, proceed with processing the request
} else {
    // Signature doesn't match, respond with an error or reject the request
}

const crypto = require('crypto');

// Retrieve the signature from the request header
const signature = req.headers['x-entuitive-signature'];

// Retrieve the raw payload content from the request
const payload = req.rawBody; // Assuming you've stored the raw body in `req.rawBody`

// Create a HMAC hash using the payload and your webhook secret
const createdSignature = crypto.createHmac('sha256', webhookSecret)
                               .update(payload)
                               .digest('hex');

// Verify if the created signature matches the signature from the request
const isMatch = createdSignature === signature;

if (isMatch) {
    // Signature matches, proceed with processing the request
} else {
    // Signature doesn't match, respond with an error or reject the request
}

Webhook Retries

Our system automatically retries failed webhooks to ensure that your application receives all necessary notifications.

Retry Logic:

The webhook will be retried a total of 4 times.
The first 3 retries occur at 10-second intervals.
The final retry takes place 100 seconds after the third attempt.

If the final retry fails, an email is sent to the user with the "Management company" role notifying them of the failure.