Webhooks

Webhooks

Webhooks are a feature whereby you can specify HTTP/HTTPS endpoints that Squish will notify upon any issue submission or update for a given project. Think of them as push notifications, except instead of notifying your phone, Squish notifies a web service you create.

webhooks.png

Technical details

When an issue is submitted or updated, Squish creates a JSON "payload" that will be POSTed to the webhooks configured HTTP/HTTPS endpoint. Both types of payloads (update and submit) are JSON objects that contain a bug object with all the field values in the issue, a project key containing the name of the project, and a url key containing the URL of the bug.

Update payloads will also contain a changes object if there were field updates, a comment object if a new comment was posted, and an updated_by key containing the name of the updated user.

Finally, the request will contain an X-Squish-Action header with a value of either submit or update.

Sample submit payload

{
  "project": "Weddings", 
  "url": "https://www.squishlist.com/imsadmin/weddings/13/", 
  "bug": {
    "Status": "Open", 
    "Assigned To": "Watson, Dan", 
    "Submitted By": "Watson, Dan", 
    "Date Modified": "2015-02-11 17:02:54", 
    "Description": "Save the Journey for last.", 
    "Confidential": false, 
    "Resolution": null, 
    "Resolved By": null, 
    "Date Submitted": "2015-02-11 17:02:54", 
    "Priority": "Normal", 
    "Date Resolved": null, 
    "Issue ID": 11, 
    "Wedding": "Jones-Smith", 
    "Task Type": "Music", 
    "Due Date": "2015-02-28", 
    "Type": "Action Item", 
    "Subject": "Create a playlist"
  }
}

Sample update payload

{
  "project": "Weddings", 
  "url": "https://www.squishlist.com/imsadmin/weddings/12/", 
  "comment": {
    "comment": "This is taken care of.", 
    "is_resolution": false, 
    "user": "Watson, Dan", 
    "confidential": false
  }, 
  "changes": {
    "Status": {
      "old": "In Progress", 
      "new": "Fixed/Completed"
    }
  }, 
  "bug": {
    "Status": "Fixed/Completed", 
    "Assigned To": "Watson, Dan", 
    "Submitted By": "Watson, Dan", 
    "Date Modified": "2015-02-11 16:59:55", 
    "Description": "at exxon", 
    "Confidential": false, 
    "Resolution": null, 
    "Resolved By": null, 
    "Date Submitted": "2013-04-02 14:13:30", 
    "Priority": "Normal", 
    "Date Resolved": null, 
    "Issue ID": 10, 
    "Wedding": "Jones-Smith", 
    "Task Type": "Transportation", 
    "Due Date": "2015-03-01", 
    "Type": "Purchase Order", 
    "Subject": "Buy gas for the limo"
  }, 
  "updated_by": "Watson, Dan"
}

Secrets and signatures

In order to verify that requests to your endpoint are coming from Squish, you can optionally provide a secret string when configuring webhooks. If provided, an HMAC is generated using your secret key and the entire POST payload (encoded as UTF-8), and put in a header named X-Squish-Signature.

For example, to verify a request in Django is a simple one-liner:

assert request.META['HTTP_X_SQUISH_SIGNATURE'] == hmac.new('secret', request.body.encode('utf-8')).hexdigest()