Webhooks
Requesting Access
If you believe your application requires webhooks, please contact ParqEx Labs at support@parqex.com.
Implementing Webhooks
Webhooks allows for better real-time awareness of events triggered within the ParqEx ecosystem. Currently, ParqEx Webhooks notify for:
Management Events: Ex: When user/vehicles are added/removed from the access list.
Access Events: Ex: User / Vehicle access events.
Enforcer: Ex: Unauthorized user/vehicle access event.
To implement webhooks, you need to supply ParqEx with a secure endpoint to which ParqEx can send an HTTP POST request. For example, if you have a service available at the address api.example.com, you could create a POST endpoint, accessible at https://api.example.com/webhooks or something similar.
Your endpoint must be accessible over HTTPS. This is because your API key is transmitted in the HTTP headers and needs to be encrypted. You cannot register a non-SSL URL for use with webhooks.
If, for example, an example.com user's garage door (who has authorized your app access to their ParqEx account) opens, ParqEx would POST to your endpoint the following JSON body:
This request represents a single event for a single authenticated user. This means that your endpoint will be contacted (in real-time) each time a user's account experience an event. The following is an explanation of the fields:
Attribute Name | Data Type | Description |
| UUID | A unique record ID for the webhook event. |
| Enum | The descriptor for the type of event. Valid values include "door_state_change", etc. |
| UUID | The unique ID of the user's |
| Enum | "OPEN" if the door is open and "CLOSED" if the door is closed. |
| String | Label of what service/controls triggered the event. |
| UUID | The unique ID of the user's |
| Timestamp | In seconds. The exact (UNIX) time of the event (number of seconds since the epoch UTC). |
| Timestamp | The exact time of the event in UTC. |
| UUID | The unique ID of the user who owns the |
| Object | The user who triggered the event. Contains only the first name, last name and email of the user. |
Authenticating Requests
When ParqEx configures your app for webhook access, an API key is generated. This is a 96-character hexadecimal string that is unique to your app. Treat this API key like a password. To authenticate a received request on your webhook endpoint, ParqEx passes the API key through the HTTP header X-ParqEx-API-Key. To verify a request:
Parse the HTTP headers, extracting the header named
X-ParqEx-API-Key.Verify that it matches the key you were assigned by ParqEx initially, returning an error (i.e. 401 or 403) if they are different.
Responding to a Webhook Event Message
To acknowledge successful receipt, your webhook endpoint must return HTTP 200. To prevent timeout errors on complex processing/logic, your endpoint should return an HTTP 200 before continuing to process the event message.
Data you return in the response headers or response body will be logged and ignored.
An HTTP response code other than 200, will tell ParqEx that you did not receive/refused the event message.
Information you return in the response body will be logged. Your webhook endpoint should return a JSON object indicating the reason for the failure. We suggest the following format:
When an event message is not successfully accepted for any reason, ParqEx will delete the event message. It will not retry the send.
Last updated