Webhooks

Requesting Access

If you believe your application requires webhooks, please contact ParqEx Labs at support@parqex.com.

Implementing Webhooks

Webhooks allows for better real-time awareness of events triggered within the ParqEx ecosystem. Currently, ParqEx Webhooks notify for:

  • Management Events: Ex: When user/vehicles are added/removed from the access list.

  • Access Events: Ex: User / Vehicle access events.

  • Enforcer: Ex: Unauthorized user/vehicle access event.

To implement webhooks, you need to supply ParqEx with a secure endpoint to which ParqEx can send an HTTP POST request. For example, if you have a service available at the address api.example.com, you could create a POST endpoint, accessible at https://api.example.com/webhooks or something similar.

Your endpoint must be accessible over HTTPS. This is because your API key is transmitted in the HTTP headers and needs to be encrypted. You cannot register a non-SSL URL for use with webhooks.

If, for example, an example.com user's garage door (who has authorized your app access to their ParqEx account) opens, ParqEx would POST to your endpoint the following JSON body:

{
   "id":"FE09DCDD7E75BD5202B662446690F40F",
   "eventType":"door1_open",
   "toggleID":"B69048DB753BA907005E9B40DC5D7E36",
   "doorID":"8c76e7bb1250f55bebcc9928b04d1a60",
   "doorState":"OPEN",
   "channel":"ParqEx Web",
   "deviceID":"d8cf720bb6c5cbc126b249a09ca086b9",
   "eventOccurred":1480651271,
   "eventOccurredUTC":"2021-12-02T04:01:11Z",
   "doorOwnerUserID":"01ba9fbf306adfe565ffc816f135a79d",
   "userThatToggled":{
      "firstName":"ParqEx",
      "lastName":"Test",
      "emailAddress":"test@parqex.com"
   }
}

This request represents a single event for a single authenticated user. This means that your endpoint will be contacted (in real-time) each time a user's account experience an event. The following is an explanation of the fields:

Authenticating Requests

When ParqEx configures your app for webhook access, an API key is generated. This is a 96-character hexadecimal string that is unique to your app. Treat this API key like a password. To authenticate a received request on your webhook endpoint, ParqEx passes the API key through the HTTP header X-ParqEx-API-Key. To verify a request:

  1. Parse the HTTP headers, extracting the header named X-ParqEx-API-Key.

  2. Verify that it matches the key you were assigned by ParqEx initially, returning an error (i.e. 401 or 403) if they are different.

Responding to a Webhook Event Message

To acknowledge successful receipt, your webhook endpoint must return HTTP 200. To prevent timeout errors on complex processing/logic, your endpoint should return an HTTP 200 before continuing to process the event message.

Data you return in the response headers or response body will be logged and ignored.

An HTTP response code other than 200, will tell ParqEx that you did not receive/refused the event message.

Information you return in the response body will be logged. Your webhook endpoint should return a JSON object indicating the reason for the failure. We suggest the following format:

{
  "message":"Invalid API Key."
}

When an event message is not successfully accepted for any reason, ParqEx will delete the event message. It will not retry the send.

Last updated