A webhook is a user-defined callback over HTTP. You use webhooks to notify your app or back-end system when certain Video Calling events occur. Agora Notifications enables you to subscribe to events and receive notifications about them across multiple product lines.
Using Agora Console you subscribe to specific events for your project and tell Notifications the URL of the webhooks you have configured to receive these events. Notifications sends notifications of your events to your webhooks every time they occur. Your server authenticates the notification and returns
200 Ok to confirm reception. You use the information in the JSON payload of each notification to give the best user experience to your users.
The following figure illustrates the workflow when Notifications is enabled for the specific Video Calling events you subscribe to:
- A user commits an action that creates an event. For example, creates a channel.
- Notifications sends an HTTPS POST request to your webhook.
- Your server validates the request signature, then sends a response to Notifications within 10 seconds. The response body must be in JSON.
If Notifications receives
200 OK within 10 seconds of sending the initial notification, the callback is considered successful. If these conditions are not met, Notifications immediately resends the notification. The interval between notification attempts gradually increases. Notifications stops sending notifications after three retries.
To set up and use Notifications, you must have:
A computer with Internet access.
If your network access is restricted by a firewall, call the IP address query API to retrieve the Notifications IP addresses , then configure the firewall to allow these IP addresses.
In order to handle notifications for the events you subscribe to, you need to:
Once Notifications is enabled, Agora SD-RTN™ sends notification callbacks as
HTTPS POST requests to your webhook when events that you are subscribed to occur. The data format of the requests is JSON, the character encoding is
UTF-8, and the signature algorithm is
For Notifications, a webhook is an endpoint on an
HTTP server that handles these requests. In a production environment you write this in your web infrastructure, for development purposes best practice is to create a simple local server and use a service such as ngrok to supply a public URL that you register with Agora SD-RTN™ when you enable Notifications.
To do this, take the following steps:
Set up a Java project for your server
Your server receives and handles notifications. The
RootHandlerhandles requests sent to the root address of your server and the
NcsHandlerhandles the notifications sent to
<your server address>/ncsNotify. To set up your server, create a new Java project and add the following code to a file named
Add a JSON library to your project
The body of an HTTP request that your server receives contains event parameters in JSON format. To read these parameters download the
json-simple-1.1.1.jarlibrary and add it to your JAVA project.
Handle Notifications callbacks
To define the
NcsHandler, create a new file named
Handlers.javain your Java project folder. Add the following code to this file:
Create a public URL for your server
In this example you use ngrok to create a public URL for your server.
Download and install ngrok. If you have
Chocolatey, use the following command:
To obtain an
authToken, sign up with ngrok.
Start a tunnel to your local server using the following command:
You see a Forwarding URL displayed such as
https://1111-123-456-789-99.ap.ngrok.io. This is the public URL for your local server that you use to enable Notifications.
To enable Notifications:
Log in to Agora Console. On the Project Management tab, locate the project for which you want to enable Notifications and click Configure.
In the Features section, locate Notifications, and click Enable.
On the configuration page, click on the service for which you want to enable notifications. The item expands to show configuration options.
Fill in the following information:
Event: Select all the events that you want to subscribe to.
If the selected events generate a high number of queries per second (QPS), ensure that your server has sufficient processing capacity.
Receiving Server Region: Select the region where your server that receives the notifications is located. Agora connects to the nearest Agora node server based on your selection.
Receiving Server URL Endpoint: The
HTTPSpublic address of your server that receives the notifications. For example,
To enhance security, Notifications no longer supports
To reduce the delay in notification delivery, best practice is to activate
HTTPpersistent connection (also called
HTTPkeep-alive) on your server with the following settings:
MaxKeepAliveRequests: 100 or more
KeepAliveTimeout: 10 seconds or more
Whitelist: If your server is behind a firewall, check the box here, and ensure that you call the IP address query API to get the IP addresses of the Agora Notifications server and add them to the firewall's allowed IP list.
Copy the Secret displayed against the product name by clicking the copy icon. You use this secret to Add signature verification.
Press Save. Agora performs a health test for your configuration as follows:
The Notifications health test generates test events that correspond to your subscribed events, and then sends test event callbacks to your server.
After receiving each test event callback, your server must respond within 10 seconds with a status code of
200. The response body must be in JSON format.
When the Notifications health test succeeds, read the prompt and press Save Notifications Configuration. After your configuration is saved, the Status of Notifications shows Enabled.
If the Notifications health test fails, follow the prompt on the Agora Console to troubleshoot the error. Common errors include the following:
Request timeout (590): Your server does not return the status code
200within 10 seconds. Check whether your server responds to the request properly. If your server responds to the request properly, contact Agora Technical Support to check if the network connection between the Agora Notifications server and your server is working.
Domain name unreachable (591): The domain name is invalid and cannot be resolved to the target IP address. Check whether your server is properly deployed.
Certificate error (592): The Agora Notifications server fails to verify the SSL certificates returned by your server. Check if the SSL certificates of your server are valid. If your server is behind a firewall, check whether you have added all IP addresses of the Agora Notifications server to the firewall's allowed IP list.
Other response errors: Your server returns a response with a status code other than
200. See the prompt on the Agora Console for the specific status code and error messages.
To communicate securely between Notifications and your webhook, Agora SD-RTN™ uses signatures for identity verification as follows:
When you configure Notifications in Agora Console, Agora SD-RTN™ generates the secret you use for verification.
When sending a notification, Notifications generates two signature values from the secret using
HMAC/SHA256algorithms. These signatures are added as
When your server receives a callback, you can verify
- To verify
Agora-Signature, use the secret, the raw request body, and the
- To verify
Agora-Signature-V2, use the secret, the raw request body, and the
- To verify
To add signature verification to your server, take the following steps:
In your JAVA project folder, add a new file named
Signature.javacontaining the following code:
Make sure you update your Notifications secret in the code. To verify authenticity using
HmacSHA256in the sample code.
To verify data in the Notifications callback, add the following code to
This section contains in depth information about Notifications.
The header of notification callbacks contains the following fields:
|The signature generated by Agora using the Secret and the HMAC/SHA1 algorithm. You need to use the Secret and HMAC/SHA1 algorithm to verify the signature value. For details, see Signature verification.|
|The signature generated by Agora using the Secret and the HMAC/SHA256 algorithm. You need to use the Secret and the HMAC/SHA256 algorithm to verify the signature value. For details, see Signature verification.|
The request body of notification callbacks contains the following fields:
|String||The notification ID, identifying the notification callback when the event occurs.|
|Number||The product ID: |
|Number||The type of event being notified. For details, see event types.|
|Number||The Unix timestamp (ms) when Notifications sends a callback to your server. This value is updated when Notifications resends the notification callback.|
|JSON Object||The content of the event being notified. The payload varies with event type.|
If your server that receives notification callbacks is behind a firewall, you need to call the IP address query API to retrieve the IP addresses of Notifications and configure your firewall to trust all these IP addresses.
Agora occasionally adjusts the Notifications IP addresses. Best practice is to call this endpoint at least every 24 hours and automatically update the firewall configuration.
Authorization: You must generate a Base64-encoded credential with the Customer ID and Customer Secret provided by Agora, and then pass the credential to the Authorization field in the HTTP request header.
This API has no body parameters.
When the request succeeds, the response body looks like the following:
Each primary IP field shows an IP address of Notifications server. When you receive a response, you need to note the primary IP fields and add all these IP addresses to your firewall's allowed IP list.
- Notifications does not guarantee that notification callbacks arrive at your server in the same order as events occur.
- Your server needs to be able to handle messages arriving out of order.
- To improve the reliability of Notifications, there can be more than one notification callback for each event, and your server needs to be able to handle repeated messages.