# Wolfeo Webhooks
Wolfeo Webhooks allow you to receive a response from Wolfeo to a dedicated endpoint on your platform when an event happens.
# Getting Started
To get started using Wolfeo webhooks, visit wolfeo.me/settings/developers (opens new window) and click on the button to create a new webhook. Enter an endpoint for your app to consume, and Wolfeo will send POST requests with a payload containing the event information to that route.
# Receiving Webhooks
To receive webhooks on your platform, create a POST route for example
"https://mysite.com/wolfeo-webhooks"
and save this route in the Developer Settings on Wolfeo. The route must have HTTPS.
# Signing Requests
When a new webhook is created on Wolfeo, we will automatically generate a client-secret key used to sign your requests. This is visible in your Developer Webhook Settings and is used to confirm the validity of our request. You do not need to add additional authorisation headers to manage signing. It is provided out-of-the-box.
# Verifying Requests
To test the received request and confirm it came from Wolfeo, you can use the sent payload and the signature to verify it. A PHP example is given below using the hash_hmac
function.
$requestPayload = '{}'; // Some JSON data sent by our webhook
$secretKey = 'your-secret-key'; // Secret key found in Wolfeo developer settings
$signature = hash_hmac('sha256', $requestPayload, $secretKey); // Hash generated here should match hash sent by Wolfeo webhook