vote
0

Webhook API Key

With Sprint 80 and the latest efforts on the Zapier app, a Webhook API key is now visible from the admin > webhooks page. Is this key limited to use with Zapier? Or can it be used with other services to extract webhook data? I'm interested in using this feature to pull (or push) data into a Google sheet, but would prefer to avoid using a 3rd party service like Zapier as middleware.

Vote if you found this question useful.
Ask a Different Question
  • Hi Matt, the key is not limited to Zapier. It can be used with other tools. - Perry Gilbert
  • Thanks, Perry. Is there any documentation on using the key with other services? Does Zapier use it to poll a URL and retrieve the data? Or is it still pushed to Zapier in the same way as the "managed locally" webhook option? - Matt Kamen
  • Unforunately, we do not have any documentation on using the key with other services. The Key is used for Zapier to authenticate to Learner Community to create a webhook in Learner Community. Zapier does not use the key to get the data. The webhook URL that you enter while creating the webhook determines where the data is posted; the key is not required. - Perry Gilbert
Log In to add your comment

1 Response

vote
1

When an external system (like Zapier) makes an inbound request to Knowledge Connection for a particular organization, that incoming request's header is checked to confirm that it includes that organization's API Key (to validate that the request is coming from a trusted source, because only someone in the organization knows the inbound API Key).

The inbound API requests exist primarily for third party services to leverage. For example, Zapier tells Knowledge Connection that it wants to "subscribe" to a particular event, which creates/updates a Webhook that will send the requested event data to a URL that Zapier specifies. Note that Zapier doesn't do this on its own--it performs this action only on your behalf when you set up a new "Zap." (You could set up the same Webhook entirely by hand in KC, but Zapier saves you time by leveraging our "subscribe" and "unsubscribe" requests to create/update or remove a Webhook.) Zapier also makes inbound requests to request sample responses, which they use for preview purposes.

After a Webhook is set up in Knowledge Connection, it is Knowledge Connection that makes outbound posts to the specified "endpoint" URL whenever an applicable event occurs. The "inbound" API Key is not sent in those outbound posts. For outbound posts you can include a "shared secret key" which is unique for that third party. That key can be included in the endpoint URL itself, either as part of the request path, or as a querystring parameter (wherever the receiving end can check it). Note that this is a best practice even if you're posting to your own system--your receiving code should check each inbound request to confirm that its URL contains the expected "secret key" to ensure the post is really coming from Knowledge Connection.

Vote if you found this response useful.
Responded: 12/4/2018 12:36:13 PM
Log In to add your comment
Log In to add your response