Webhooks

Webhooks Overview

Webhooks are a powerful way for Discovery to notify your system in real-time when specific events occur. They allow you to receive automatic updates when certain actions or changes happen in your Discovery account, such as a new incident being created, an OCR being extracted, or a vendor invoice being updated. Instead of constantly polling for updates, your system can listen for webhooks that Discovery sends directly to your endpoint.


Verifying Webhooks for Security

In order to ensure the integrity and authenticity of the data being sent to your system, Discovery signs all webhooks with a secret. This ensures that the webhook data received came from Discovery and has not been tampered with in transit.

You can find the secret for your tenant by navigating to SettingsWebhooks in the Discovery platform and clicking the Show Secret toggle.

It is highly recommended that you verify webhooks on your side. Discovery includes a Signature header in each webhook request, which is an HMAC hash of the payload using the SHA-256 hashing algorithm. To verify that the webhook data has not been tampered with, you should compute your own HMAC hash using the payload data and your webhook secret, and compare it to the Signature value received in the header.


Here’s an example of how you can verify the webhook signature in PHP:

PHP



$signature = $_SERVER['HTTP_SIGNATURE']  ; // Signature from the webhook header
$content = file_get_contents('php://input');   // Raw body content of the webhook

// Compute HMAC hash with your secret
$computedSignature = hash_hmac('sha256', $content, YOUR_SECRET_HERE);  

// Compare signatures to ensure authenticity
if ($signature !== $computedSignature) { 
      throw new \Exception('Signature does not match.');  

}

What Can Webhooks Do?

You can create webhooks to subscribe to specific events that occur in Discovery. Discovery supports webhooks for the following events.

  • Gathered Vendor Invoice File Was Created
  • Gathered Vendor Invoice File Was Updated
  • Incident Was Closed
  • Incident Was Created
  • Incident Was Escalated
  • Incident Was Updated
  • OCR Vendor Invoice Was Created
  • OCR Vendor Invoice Was Extracted
  • OCR Vendor Invoice Was Updated
  • Vendor Invoice Was Created
  • Vendor Invoice Was Updated

How Do I Create a Webhook?

You can create a webhook by following these steps.

  1. Navigate to Settings → Webhooks and click on New.
  2. Select your desired event type from the dropdown menu under Type.
  3. Under URL, type the URL where you would like to receive payloads.
  4. Click Save.

If you have additional questions or need more in depth information, please feel free to send us a message using the help beacon in the lower right-hand corner.