Khách hàng
1. Event: customer.created
event=customer.created&
secret_key={{WEBHOOK_SECRET}}&
data[account_id]={{ACCOUNT_ID}}&
domain={{COMPANY_DOMAIN}}&
uid={{REQUEST_UID}}
2. Event: customer.updated
event=customer.updated&
secret_key={{WEBHOOK_SECRET}}&
data[account_id]={{ACCOUNT_ID}}&
data[data_change][updated_by][id]={{USER_ID}}&
data[data_change][updated_by][display_name]={{USER_NAME}}&
data[data_change][update_source]={{UPDATE_SOURCE}}&
data[data_change][data][FIELD_KEY][field_desc]={{FIELD_LABEL}}&
data[data_change][data][FIELD_KEY][old_value]={{OLD_VALUE}}&
data[data_change][data][FIELD_KEY][new_value]={{NEW_VALUE}}&
domain={{COMPANY_DOMAIN}}&
uid={{REQUEST_UID}}&
created_at={{TIMESTAMP}}
📝 FIELD_KEY có thể là:
a.account_name, a.phone_office, custom_fields[...], v.v.
3. Event: customer.deleted
event=customer.deleted&
secret_key={{WEBHOOK_SECRET}}&
data[account_id]={{ACCOUNT_ID}}&
domain={{COMPANY_DOMAIN}}&
uid={{REQUEST_UID}}&
created_at={{TIMESTAMP}}
📌 Xóa mềm — có thể khôi phục
4. Event: customer.hard_deleted
event=customer.hard_deleted&
secret_key={{WEBHOOK_SECRET}}&
data[account_id]={{ACCOUNT_ID}}&
domain={{COMPANY_DOMAIN}}&
uid={{REQUEST_UID}}&
created_at={{TIMESTAMP}}
📌 Xóa vĩnh viễn — không thể recover
🔐 Security Best Practices
| Khuyến nghị | Mức độ |
|---|---|
Xác thực secret_key inbound | ✔ BẮT BUỘC |
Lưu uid để tránh xử lý trùng request | ✔ |
| Chỉ log data cần thiết — tránh log PII | ⚠ |
| Nên triển khai IP whitelist nếu có thể | 🔥 |
⚙ Code receive Webhook (PHP Example)
public function webhook(Request $request) {
$event = $request->input('event');
$data = $request->input('data');
// Verify key
if ($request->secret_key !== env('WEBHOOK_SECRET')) {
return response("Unauthorized", 401);
}
Log::info("[Webhook] {$event}", $data);
return response("OK", 200);
}