Search
K
Guides

Webhooks

Our webhooks deliver weather alerts for locations within your Perry Weather account to any destination you specify. Your platform can then distribute those events as you see fit.

Webhook Data Model

See the API reference for the complete request and event data models.

Webhook Validation

If your webhook exposes sensitive parts of your platform you might want to verify requests are coming from Perry Weather and not a malicious third party. Perry Weather cryptographically signs requests sent to you using HMAC-SHA256.

Here are the general steps we take to sign the request:

  1. Perry Weather appends the event_id, event_type, and version fields in the body of the request to the end of the webhook URL.
string url = "https://webhook.yourdomain.com";
string eventId = "6544e1ce-7eea-4353-b404-f2ca21a93a68";
string eventType = "DELAY";
string version = "1.0.0";
Dictionary<string, string> data = new Dictionary<string, string>
{
    { "event_id", eventId },
    { "event_type", eventType },
    { "version", version }
};
foreach (var item in data)
{
    url += $"{item.Key}={item.Value}";
}
//url = "https://webhook.yourdomain.comevent_id=6544e1ce-7eea-4353-b404-f2ca21a93a68event_type=DELAYversion=1.0.0"

2. Perry Weather takes the resulting string and signs it using HMAC-SHA256 with your API Key as the key. Contact support@perryweather.com for questions regarding your Perry Weather API Key.

string url = "https://webhook.yourdomain.comevent_id=6544e1ce-7eea-4353-b404-f2ca21a93a68event_type=DELAYversion=1.0.0";
string yourApiKey = "fakeApiKey";
HMACSHA1 hmac = new(Encoding.UTF8.GetBytes(yourApiKey));
byte[] hashValue = hmac.ComputeHash(Encoding.UTF8.GetBytes(url));
string signature = Convert.ToBase64String(hashValue);

3. The signature is then attached to the request as a header named x-pw-signature.

string json = JsonSerializer.Serialize(payload);
StringContent content = new StringContent(json, Encoding.UTF8, "application/json");
string signature = "fake-signature";
content.Headers.Add("x-pw-signature", signature);

Validating requests in your application

In order to verify a request was sent from Perry Weather your application will need to replicate the example steps above with your API Key to generate a signature.

Requests with a signature matching the signature generated in your application can be processed as authentic Perry Weather events while requests with a wrong or missing signature should be discarded.