{"_id":"573b93ae74d9f20e00c14ed2","category":{"_id":"573b93514e029d19000b8669","project":"5564f26a1fd04c0d00dc9aaa","version":"5564f26a1fd04c0d00dc9aad","__v":0,"sync":{"url":"","isSync":false},"reference":false,"createdAt":"2016-05-17T21:55:29.422Z","from_sync":false,"order":4,"slug":"forwarding","title":"Message Forwarders"},"version":{"_id":"5564f26a1fd04c0d00dc9aad","project":"5564f26a1fd04c0d00dc9aaa","__v":15,"createdAt":"2015-05-26T22:23:38.671Z","releaseDate":"2015-05-26T22:23:38.671Z","categories":["5564f26b1fd04c0d00dc9aae","556741d17acd550d0075eaca","556741d87acd550d0075eacb","556742f87acd550d0075ead1","556781cd6976ef0d0099c545","5568d666d33aad0d00ec8d2e","557f6b2d38249b0d00d0d12b","55b67be9c2e909190073ed38","564e56c601e80e0d00396684","56731b714b2a680d00524daf","573612ac652bd80e00a90027","57365e2cf8ebd31700769f50","57366131f8ebd31700769f58","573b93514e029d19000b8669","573bbfdb7ac6f6170033bd35"],"is_deprecated":false,"is_hidden":false,"is_beta":false,"is_stable":true,"codename":"","version_clean":"1.0.0","version":"1.0"},"project":"5564f26a1fd04c0d00dc9aaa","user":"5564f227f0f70f0d00a9ab20","parentDoc":null,"__v":9,"updates":[],"next":{"pages":[],"description":""},"createdAt":"2016-05-17T21:57:02.970Z","link_external":false,"link_url":"","githubsync":"","sync_unique":"","hidden":false,"api":{"results":{"codes":[]},"settings":"","auth":"required","params":[],"url":""},"isReference":false,"order":4,"body":"[block:callout]\n{\n  \"type\": \"warning\",\n  \"title\": \"Security Configuration\",\n  \"body\": \"The device must have the appropriate whitelists configured in order to allow message forwarding.\"\n}\n[/block]\n\nMeshblu will automatically call a webhook for every message sent to a device with webhook forwarders enabled. Meshblu supports [request](https://npmjs.com/package/request) style options. The body of the HTTP request will contain the message.\n\n## Webhook Forwarders Types:\n * `broadcast.received`: forward broadcast messages received from other devices\n * `broadcast.sent`: forward broadcast messages sent from the current device\n * `configure.received`: forward `config` messages received from other devices\n * `configure.sent`: forward configure messages sent from the current device\n * `message.received`: forward messages received from other devices \n * `message.sent`: forward messages sent by the current device\n * `unregister.received`: forward the final device state from the current device before deleting \n * `unregister.sent`: forward the final device state from other devices before deleting \n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"{\\n  \\\"meshblu\\\": {\\n    \\\"forwarders\\\": {\\n      \\\"version\\\": \\\"2.0.0\\\",\\n      \\\"message\\\": {\\n\\t\\t\\t\\t\\\"sent\\\": [\\n        \\t{\\n      \\t\\t\\t\\\"type\\\": \\\"webhook\\\",\\n          \\t\\\"url\\\": \\\"http://requestb.in/18gkt511\\\",\\n          \\t\\\"method\\\": \\\"POST\\\"\\n        \\t}\\n    \\t\\t]\\n      }\\n    }\\n  }\\n}\",\n      \"language\": \"json\"\n    }\n  ]\n}\n[/block]\n\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"Signed Requests\"\n}\n[/block]\nTo ensure that you are receiving an authorized webhook, you may use the [HTTP Signature Scheme](https://github.com/joyent/node-http-signature/blob/master/http_signing.md). You can verify the request without contacting Meshblu to verify it's authenticity.\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"{\\n  \\\"meshblu\\\": {\\n    \\\"forwarders\\\": {\\n      \\\"version\\\": \\\"2.0.0\\\",\\n      \\\"message\\\": {\\n        \\\"sent\\\":     [\\n          {\\n            \\\"type\\\": \\\"webhook\\\",\\n            \\\"url\\\": \\\"http://requestb.in/18gkt511\\\",\\n            \\\"method\\\": \\\"POST\\\",\\n            \\\"signRequest\\\": true\\n          }\\n        ]\\n      }\\n    }\\n  }\\n}\",\n      \"language\": \"json\"\n    }\n  ]\n}\n[/block]\nThe web service will receive an HTTP request with the following headers:\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"Date: Tue, 17 May 2016 23:44:37 GMT\\nX-Meshblu-Uuid: 92b50770-203f-4e4a-8b00-1c33ef2be792\\nX-Meshblu-Message-Type: message.sent\\nAuthorization: Signature keyId=\\\"meshblu-webhook-key\\\",algorithm=\\\"rsa-sha256\\\",headers=\\\"date X-MESHBLU-UUID\\\",signature=\\\"g/1Hd1jfjnKEW1ZoHqtJIX2jnAxu350zhBPbPjKr0uOKRuRpeAtuwsxycI2H3/aSZUuBJURGvHQe3h67IGdynYzD1NqNHKeHZi6w8Z+CuDzAECw8k59ZSEsv4YlZzUtJN1WXT0DdITgVjohhj14Otj0k4txpfOqvPRtlI3OwEg4J8fU0RP/snBbypdrJHFcNuNP7143bND/Ga9VzAS4Ytv2a3WGdgvK95cqDri+tNrlzPxmlm0PWyxeOkxIgW7MxQ364jInlKHSYy/lVUkcEZ35GKdAQn6vAHkA+ei3lVSpxYGJfWMc9Tgz23yyiMdHrfnsnuf0qnkz4Tk3XNsPatw==\\\"\\nX-Request-Id: ac483b2d-f9fb-4d53-a87a-9d891bd003f8\",\n      \"language\": \"http\"\n    }\n  ]\n}\n[/block]\nThe `Authorization` header contains a signature that can be verified using the Meshblu [public key](https://meshblu-http.octoblu.com/publickey). The X-MESHBLU-UUID header is part of the signature, so you can trust that the UUID has not been modified.\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"Forward Meshblu Credentials\"\n}\n[/block]\n\nGenerate a a Meshblu token and send it to the webhook. Sent as an HTTP header `Authorization: Bearer <base64 encoded string>`. The token will only be valid until the recipient of the Webhook responds to the HTTP request.\n[block:callout]\n{\n  \"type\": \"danger\",\n  \"title\": \"Security Warning\",\n  \"body\": \"The `Bearer` token will allow the recipient to access and modify your meshblu device. When the request has finished, the token will be removed.\"\n}\n[/block]\n\n[block:callout]\n{\n  \"type\": \"warning\",\n  \"title\": \"unregister.sent and unregister.received\",\n  \"body\": \"Do not use this option for `unregister.sent` and `unregister.received`. The device will not exist when the credentials are used and will immediately fail.\"\n}\n[/block]\n\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"{\\n  \\\"meshblu\\\": {\\n    \\\"forwarders\\\": {\\n      \\\"version\\\": \\\"2.0.0\\\",\\n      \\\"message\\\": {\\n\\t\\t\\t\\t\\\"sent\\\": [\\n  \\t      {\\n    \\t  \\t\\t\\\"type\\\": \\\"webhook\\\",\\n      \\t    \\\"url\\\": \\\"http://requestb.in/18gkt511\\\",\\n            \\\"method\\\": \\\"POST\\\",\\n            \\\"generateAndForwardMeshbluCredentials\\\": true\\n       \\t  }\\n    \\t\\t]\\n      }\\n    }\\n  }\\n}\",\n      \"language\": \"json\"\n    }\n  ]\n}\n[/block]\nThe web service will receive an HTTP request with the following headers.\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"Date: Tue, 17 May 2016 23:44:37 GMT\\nX-Meshblu-Uuid: 92b50770-203f-4e4a-8b00-1c33ef2be792\\nX-Meshblu-Message-Type: message.sent\\nAuthorization: Bearer ZWViMmQ0ZjktMzYwYS00NDFjLTgwZjItZjY0OWNiZWI1ZmU3OmE2OGZjMTRjZGY4YzhmNGQzNWJkY2E1MDMwNDIyYjVkNTQyNzk0NTc=\\nX-Request-Id: ac483b2d-f9fb-4d53-a87a-9d891bd003f8\",\n      \"language\": \"http\"\n    }\n  ]\n}\n[/block]","excerpt":"Forward Messages","slug":"forwarding-webhook-2-0","type":"basic","title":"Forwarding 2.0: Webhook"}

Documentation

Security

Messages

Subscriptions

Message Forwarders

Authentication

Examples

Demos

Config Events

Forwarding 2.0: Webhook

Forward Messages
[block:callout] { "type": "warning", "title": "Security Configuration", "body": "The device must have the appropriate whitelists configured in order to allow message forwarding." } [/block] Meshblu will automatically call a webhook for every message sent to a device with webhook forwarders enabled. Meshblu supports [request](https://npmjs.com/package/request) style options. The body of the HTTP request will contain the message. ## Webhook Forwarders Types: * `broadcast.received`: forward broadcast messages received from other devices * `broadcast.sent`: forward broadcast messages sent from the current device * `configure.received`: forward `config` messages received from other devices * `configure.sent`: forward configure messages sent from the current device * `message.received`: forward messages received from other devices * `message.sent`: forward messages sent by the current device * `unregister.received`: forward the final device state from the current device before deleting * `unregister.sent`: forward the final device state from other devices before deleting [block:code] { "codes": [ { "code": "{\n \"meshblu\": {\n \"forwarders\": {\n \"version\": \"2.0.0\",\n \"message\": {\n\t\t\t\t\"sent\": [\n \t{\n \t\t\t\"type\": \"webhook\",\n \t\"url\": \"http://requestb.in/18gkt511\",\n \t\"method\": \"POST\"\n \t}\n \t\t]\n }\n }\n }\n}", "language": "json" } ] } [/block] [block:api-header] { "type": "basic", "title": "Signed Requests" } [/block] To ensure that you are receiving an authorized webhook, you may use the [HTTP Signature Scheme](https://github.com/joyent/node-http-signature/blob/master/http_signing.md). You can verify the request without contacting Meshblu to verify it's authenticity. [block:code] { "codes": [ { "code": "{\n \"meshblu\": {\n \"forwarders\": {\n \"version\": \"2.0.0\",\n \"message\": {\n \"sent\": [\n {\n \"type\": \"webhook\",\n \"url\": \"http://requestb.in/18gkt511\",\n \"method\": \"POST\",\n \"signRequest\": true\n }\n ]\n }\n }\n }\n}", "language": "json" } ] } [/block] The web service will receive an HTTP request with the following headers: [block:code] { "codes": [ { "code": "Date: Tue, 17 May 2016 23:44:37 GMT\nX-Meshblu-Uuid: 92b50770-203f-4e4a-8b00-1c33ef2be792\nX-Meshblu-Message-Type: message.sent\nAuthorization: Signature keyId=\"meshblu-webhook-key\",algorithm=\"rsa-sha256\",headers=\"date X-MESHBLU-UUID\",signature=\"g/1Hd1jfjnKEW1ZoHqtJIX2jnAxu350zhBPbPjKr0uOKRuRpeAtuwsxycI2H3/aSZUuBJURGvHQe3h67IGdynYzD1NqNHKeHZi6w8Z+CuDzAECw8k59ZSEsv4YlZzUtJN1WXT0DdITgVjohhj14Otj0k4txpfOqvPRtlI3OwEg4J8fU0RP/snBbypdrJHFcNuNP7143bND/Ga9VzAS4Ytv2a3WGdgvK95cqDri+tNrlzPxmlm0PWyxeOkxIgW7MxQ364jInlKHSYy/lVUkcEZ35GKdAQn6vAHkA+ei3lVSpxYGJfWMc9Tgz23yyiMdHrfnsnuf0qnkz4Tk3XNsPatw==\"\nX-Request-Id: ac483b2d-f9fb-4d53-a87a-9d891bd003f8", "language": "http" } ] } [/block] The `Authorization` header contains a signature that can be verified using the Meshblu [public key](https://meshblu-http.octoblu.com/publickey). The X-MESHBLU-UUID header is part of the signature, so you can trust that the UUID has not been modified. [block:api-header] { "type": "basic", "title": "Forward Meshblu Credentials" } [/block] Generate a a Meshblu token and send it to the webhook. Sent as an HTTP header `Authorization: Bearer <base64 encoded string>`. The token will only be valid until the recipient of the Webhook responds to the HTTP request. [block:callout] { "type": "danger", "title": "Security Warning", "body": "The `Bearer` token will allow the recipient to access and modify your meshblu device. When the request has finished, the token will be removed." } [/block] [block:callout] { "type": "warning", "title": "unregister.sent and unregister.received", "body": "Do not use this option for `unregister.sent` and `unregister.received`. The device will not exist when the credentials are used and will immediately fail." } [/block] [block:code] { "codes": [ { "code": "{\n \"meshblu\": {\n \"forwarders\": {\n \"version\": \"2.0.0\",\n \"message\": {\n\t\t\t\t\"sent\": [\n \t {\n \t \t\t\"type\": \"webhook\",\n \t \"url\": \"http://requestb.in/18gkt511\",\n \"method\": \"POST\",\n \"generateAndForwardMeshbluCredentials\": true\n \t }\n \t\t]\n }\n }\n }\n}", "language": "json" } ] } [/block] The web service will receive an HTTP request with the following headers. [block:code] { "codes": [ { "code": "Date: Tue, 17 May 2016 23:44:37 GMT\nX-Meshblu-Uuid: 92b50770-203f-4e4a-8b00-1c33ef2be792\nX-Meshblu-Message-Type: message.sent\nAuthorization: Bearer ZWViMmQ0ZjktMzYwYS00NDFjLTgwZjItZjY0OWNiZWI1ZmU3OmE2OGZjMTRjZGY4YzhmNGQzNWJkY2E1MDMwNDIyYjVkNTQyNzk0NTc=\nX-Request-Id: ac483b2d-f9fb-4d53-a87a-9d891bd003f8", "language": "http" } ] } [/block]