Table of contents
Webhooks
Download API definition:
POST https://api.bentley.com/webhooks/imodels

Event Types

Currently supported webhook event types:

  • iModelDeletedEvent
  • NamedVersionCreatedEvent
  • ChangeSetPushedEvent
  • ChangesetGroupCompletedEvent
  • ChangesReadyEvent

Security

On webhook creation, webhook secret is being generated. Before forwarding an event to client, secret is used together with whole event body to generate HMAC-SHA256 signature which is included in Signature request header. Before doing anything with the received event client SHOULD use its own secret copy together with the event body and generate another signature on their end to validate the event source. If both signatures are the same, event SHOULD be accepted as valid one and ignored otherwise.

Expiration

When creating a webhook expiration date time CAN be specified after which the webhook will become deactivated. If expiration time is not specified, webhook expires automatically after 30 days.

Notes

Webhook deletion is not persisted after iModel deletion. When deleting an iModel make sure to delete related webhooks as well.

Authentication

Requires Authorization header with valid Bearer token for scope webhooks:modify.

For more documentation on authorization and how to get access token visit OAUTH2 Authorization page.

Request headers

Name
Required?
Description
Authorization
Yes

OAuth access token with scope webhooks:modify

Accept
Yes

Setting to application/vnd.bentley.itwin-platform.v1+json is recommended.

Request body

Create Webhook (iModel events)

Name
Type
Required?
Description
imodelId
String
Yes

Related iModel identifier.

eventTypes
String[]
Yes

List of requested event types.

callbackUrl
String
Yes

URL where webhook events will be sent.

expirationDateTime
String
No

Webhook expiration date and time. If not provided will default to 30 days after the request time.

secret
String
No

A secret string that is used for event signature validation. Will be auto-generated if not provided.

Example

json
{
    "imodelId": "00c76c84-7170-4962-9256-2fc6c2b28851",
    "callbackUrl": "https://some-event-callback.io/events",
    "expirationDateTime": "2021-06-07T08:27:42Z",
    "secret": "custom-secret-value",
    "eventTypes": [
        "iModelDeletedEvent",
        "NamedVersionCreatedEvent",
        "ChangesetPushedEvent",
        "ChangesetGroupCompletedEvent",
        "ChangesReadyEvent"
    ]
}

Response 202 Accepted

The request has been accepted for processing.

json
{
    "webhook": {
        "id": "72a10fad-103d-4e23-9a43-a4ddf2ef61cc",
        "secret": "4eb25d308ef2a9722ffbd7a2b7e5026f9d1f2feaca5999611d4ef8692b1ad70d"
    }
}

Response headers

Name
Description
Location

The resource location

Response 401 Unauthorized

This response indicates that request lacks valid authentication credentials. Access token might not been provided, issued by the wrong issuer, does not have required scopes or request headers were malformed.

json
{
    "error": {
        "code": "HeaderNotFound",
        "message": "Header Authorization was not found in the request. Access denied."
    }
}

Response 404 Not Found

Specified iModel was not found.

json
{
    "error": {
        "code": "iModelNotFound",
        "message": "Requested iModel is not available."
    }
}

Response 422 Unprocessable Entity

The 422 (Unprocessable Entity) status code indicates that the request cannot be processed by the server due to a client error (e.g. malformed request syntax).

json
{
    "error": {
        "code": "InvalidCreateWebhookRequest",
        "message": "Cannot create a webhook. Make sure the request body is valid.",
        "details": [{
                "code": "MissingRequiredProperty",
                "message": "Required property is missing.",
                "target": "imodelId"
            },
            {
                "code": "MissingRequiredProperty",
                "message": "Required property is missing.",
                "target": "callbackUrl"
            },
            {
                "code": "MissingRequiredProperty",
                "message": "Required property is missing.",
                "target": "eventTypes"
            },
            {
                "code": "InvalidValue",
                "message": "Provided 'eventTypes' value is not valid. It must be an array and contain at least one event type.",
                "target": "eventTypes"
            },
            {
                "code": "InvalidValue",
                "message": "Provided 'eventTypes' value is not valid. It must contain at least one event type.",
                "target": "eventTypes"
            },
            {
                "code": "InvalidValue",
                "message": "'invalid-event-name' is not valid event type.",
                "target": "eventTypes"
            },
            {
                "code": "InvalidValue",
                "message": "Provided 'expirationDateTime' value is not valid. It must be a string in ISO-8601 format.",
                "target": "expirationDateTime"
            },
            {
                "code": "InvalidValue",
                "message": "Provided 'callbackUrl' value is not valid. It must start with 'https://'.",
                "target": "callbackUrl"
            },
            {
                "code": "InvalidRequestBody",
                "message": "Request body was not provided."
            }
        ]
    }
}

Response 429 Too many requests

This response indicates that the user has sent too many requests in a given amount of time.

json
{
    "error": {
        "code": "TooManyRequests",
        "message": "More requests were received than the subscription rate-limit allows."
    }
}

Response headers

Name
Description
retry-after

The number of requests exceeds the rate-limit for the client subscription.

Create Webhook Response

Webhook creation response.

Name
Type
Description
webhook.id
String

Globally unique identifier of the webhook.

webhook.secret
String

Random unique secret string that will be used to compute an HMAC digest for authorized content distribution.

Create Webhook (iModel events)

Name
Type
Description
imodelId
String

Related iModel identifier.

eventTypes
String[]

List of requested event types.

callbackUrl
String

URL where webhook events will be sent.

expirationDateTime
String

Webhook expiration date and time. If not provided will default to 30 days after the request time.

secret
String

A secret string that is used for event signature validation. Will be auto-generated if not provided.

Error

Contains error information.

Name
Type
Description
code
String

One of a server-defined set of error codes.

message
String

A human-readable representation of the error.

target
String, null

The target of the error.

Error Response

Gives details for an error that occurred while handling the request. Note that clients MUST NOT assume that every failed request will produce an object of this schema, or that all of the properties in the response will be non-null, as the error may have prevented this response from being constructed.

Name
Type
Description
error

Error information.