Examples

How to implement Webhooks for your GrowSurf campaign.

Example 1: Webhooks

Below is a Node.js + Express example of what the code for your webhook endpoint could look like:

//Your webhooks payload endpoint
app.post("/your/webhook/payload-url", function(req, res) {
const body = req.body;
try {
if (body.event === 'PARTICIPANT_REACHED_A_GOAL') {
// Write code here to do something when a participant wins a reward
console.log(`${body.data.participant.email} just won this reward: ${body.data.reward.description}`);
} else if (body.event === 'NEW_PARTICIPANT_ADDED') {
// Write code here to do something when a new participant is added
console.log(`${body.data.email} just joined via source: ${body.data.referralSource}.`);
} else if (body.event === 'CAMPAIGN_ENDED') {
// Write code here to do something when a campaign ends
console.log(`${body.data.name} just ended with ${body.data.referralCount} total referrals!`);
}
} catch (err) {
res.status(400).end();
}
res.json({received: true});
});

To see the different sample data from webhook request payloads, see Events

Example 2: Webhooks (with secret)

Below is a Node.js + Express example (using the crypto-js library) of what the code for your webhook endpoint could look like:

//Your webhooks payload endpoint
app.post("/your/webhook/payload-url", function(req, res) {
const body = req.body;
const signature = req.get("GrowSurf-Signature");
try {
// Validate the signature
validateSignature(body, signature);
// Do work!.....
// Write your code in here...
} catch (err) {
res.status(400).end();
}
res.json({received: true});
});
/**
* Compares the GrowSurf header provided signature against the expected
* signature.
*
* @param {Object} body the request body provided by GrowSurf
* @param {String} signature the signature hash value provided within the header of the request
* @returns {Boolean} valid true if the expected matches the given
* @throws {Exception} thrown if the expected signature value does not match the given
*/
const validateSignature = function(body, signature) {
// Extract
let parts = signature.split(",");
// t value
let timestamp = parts[0].split("=")[1];
// v value
let hash = parts[1].split("=")[1];
// Generate hash
let message = (timestamp + "." + JSON.stringify(body));
let expected = CryptoJS.HmacSHA256(message, "YOUR-SECRET-TOKEN").toString();
// Validate/Compare
if(expected === hash) {
return true;
} else {
throw new Error("Invalid Signature");
}
}