Event Types
Currently supported webhook event types:
- iModelDeletedEvent
- NamedVersionCreatedEvent
- ChangeSetPushedEvent
- ChangesetGroupCompletedEvent
- ChangesReadyEvent
Security
On webhook creation, webhook secret is being generated. Before forwarding an event to client, secret is used together with whole event body to generate HMAC-SHA256
signature which is included in Signature
request header. Before doing anything with the received event client SHOULD use its own secret copy together with the event body and generate another signature on their end to validate the event source. If both signatures are the same, event SHOULD be accepted as valid one and ignored otherwise.
Expiration
When creating a webhook expiration date time CAN be specified after which the webhook will become deactivated. If expiration time is not specified, webhook expires automatically after 30 days.
Notes
Webhook deletion is not persisted after iModel deletion. When deleting an iModel make sure to delete related webhooks as well.
Authentication
Requires Authorization
header with valid Bearer token for scope webhooks:modify
.
For more documentation on authorization and how to get access token visit OAUTH2 Authorization page.