mahi/Goa-gel-fullstack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
435889ee798a32877f23854a9a2d6148d3c48cb8
Goa-gel-fullstack/Documentation/developers/webhooks.md
Mahi 435889ee79 docs: Rebuild documentation as enterprise-grade TLAS platform 
- Migrate from custom HTTP server to VitePress framework
- Rename project to Tokenized License Approval System (TLAS)
- Add comprehensive documentation for all stakeholders:
  - Business: Executive summary, value proposition, governance
  - Operations: Infrastructure, installation, monitoring, backup
  - Departments: User guide, workflows, verification, issuance
  - Developers: API reference, authentication, webhooks, SDKs
  - Compliance: OWASP, DPDP Act, IT Act, audit framework
- Add modern theme with dark mode and full-text search
- Update Dockerfile for VitePress build process

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-10 00:05:20 -04:00

1.6 KiB
Raw Blame History

Webhooks

Overview

TLAS sends webhook notifications for key events. Configure webhook endpoints to receive real-time updates.

Configuration

Register webhook endpoint:

POST /webhooks
Authorization: Bearer <token>

{
  "url": "https://your-system.com/webhook",
  "events": ["application.approved", "certificate.issued"],
  "secret": "your-webhook-secret"
}

Event Types

Event Trigger
application.submitted New application received
application.approved Application approved
application.rejected Application rejected
application.returned Returned for corrections
certificate.issued License NFT minted
certificate.revoked License revoked

Payload Format

{
  "event": "application.approved",
  "timestamp": "2026-02-09T10:00:00Z",
  "data": {
    "applicationId": "APP-2026-00001",
    "licenseType": "TRADE_LICENSE",
    "applicantId": "DL-12345678"
  }
}

Signature Verification

Verify webhook authenticity using HMAC-SHA256:

const crypto = require('crypto');

function verifySignature(payload, signature, secret) {
  const expected = crypto
    .createHmac('sha256', secret)
    .update(payload)
    .digest('hex');
  return crypto.timingSafeEqual(
    Buffer.from(signature),
    Buffer.from(expected)
  );
}

Header: X-Webhook-Signature: sha256=<signature>

Retry Policy

Failed deliveries (non-2xx response) are retried:

  • 1st retry: 1 minute
  • 2nd retry: 5 minutes
  • 3rd retry: 30 minutes
  • 4th retry: 2 hours
  • 5th retry: 24 hours

After 5 failures, webhook is disabled. Re-enable via API.

Reference in New Issue View Git Blame Copy Permalink