Webhooks allow you to build and set up custom scripts that subscribe to certain events. When one of those events is triggered, we’ll send an HTTP POST payload to the webhooks configured URL. Webhooks can be used to be notified about events that happen in your KASKO account.
Each webhook can be installed on an account level, and each account can have multiple webhooks, with different sets of events configured. You can also choose between live and test events.
Configuring webhooks
To create a webhook please contact techsupport@kasko.io.
Receiving a webhook notification
Creating a webhook endpoint on your server is no different from creating any page on your website. With PHP, you might create a new .php file on your server; with a framework like Laravel, you would add a new route with the desired URL.
Webhook data is sent as JSON in the POST request body. The full event details are included and can be used directly, after parsing the JSON into an Event object.
Each webhook request made by KASKO will additionally include request headers outlined below.
Name
Example Value
Description
X-KASKO-Event
policy.created
The event type that was triggered.
X-KASKO-Delivery
baf59150f9a60c1c0e6a700e6f531676
A guid to identify the payload and event being sent.
X-KASKO-Signature
sha1=88dd4948bf8fc1e991a574179fc668c76d329db2
The value of this header is computed as the HMAC hex digest of the payload, using the webhook secret as the key.
Responding to a webhook
To acknowledge receipt of a webhook, your endpoint should return a 2xx HTTP status code. Any other information returned in the request headers or request body is ignored. All response codes outside this range, including 3xx codes, will indicate to KASKO that you did not receive the webhook. This does mean that a URL redirection or a “Not Modified” response will be treated as a failure.
Checking signatures
KASKO will sign the webhook events it sends to your endpoint, allowing you to validate that they were not sent by a third-party. You can verify signatures using simple hashing algorithm. To make use of signatures, you first need to retrieve your endpoint’s secret (email us for more details). This signature is included in the X-KASKO-Signature header, and sent along with the event. The value of this header is computed as the HMAC hex digest of the body, using the webhook secret as the key.
$endpoint_secret ="whsec_...";$payload =@file_get_contents("php://input");$sig_header = $_SERVER["HTTP_X_KASKO_SIGNATURE"];$hash ='sha1='.hash_hmac('sha1', $payload, $endpoint_secret);if ($hash !== $sig_header) {// Then the request did not came from KASKO and should be dropped.}// Do something with $eventhttp_response_code(200); // PHP 5.4 or greater
Events
Offer created
This event is triggered when offer has been successfully created.