Webhooks

Unlock can send real time updates to endpoints.

Locksmith implements Websub which allows anyone to receive real time updates from the Unlock subgraphs. It is a webhook system which many developers will be familiar with with built-in intent verification.

Currently, locksmith support sending updates on new locks and keys. To subscribe, an application will need to send a post request to the hubs located at /api/hooks/[topic]. The body needs to match the schema specified in the Websub w3c spec.

Topics

Our implementation uses the same addresses for topics and their hub.

New locks created

POST https://locksmith.unlock-protocol.com/api/hooks/:network/locks/

Subscribe to new locks created on the specified network

Path Parameters

NameTypeDescription

network*

number

Network id for which you want to receive notifications

Request Body

NameTypeDescription

hub.topic*

url

Same as the hub URL - https://locksmith-host/api/hooks/:network/locks

hub.callback*

url

The callback URL where you will receive the new locks data.

hub.mode*

string

subscribe or unsubscribe

hub.secret

string

This is used for adding signature in the header with response for verification.

Locksmith by default uses sha256 but you can get algorithm by parsing the value from header x-hub-signature

{
    // Response
}

New key purchases

POST https://locksmith.unlock-protocol.com/api/hooks/:lockAddress/keys

Subscribe to new keys created on the specific lock address.

Path Parameters

NameTypeDescription

network*

number

Network id for which you want to receive notifications

lockAddress*

string

Address of the lock for which you want to receive notifications

Request Body

NameTypeDescription

hub.topic*

url

hub.callback*

url

The callback URL where you will receive the new locks data.

hub.mode

string

subscribe or unsubscribe

hub.secret

string

This is used for adding signature in the header with response for verification.

Locksmith by default uses sha256 but you can get algorithm by parsing the value from header x-hub-signature

{
    // Response
}

POST https://locksmith.unlock-protocol.com/api/hooks/:network/keys

New keys purchased on the entire network

Path Parameters

NameTypeDescription

:network*

number

Network id for which you want to receive notifications

Request Body

NameTypeDescription

hub.topic*

string

hub.callback*

url

The callback URL where you will receive the new locks data.

hub.mode

string

subscribe or unsubscribe

hub.secret

string

This is used for adding signature in the header with response for verification.

Locksmith by default uses sha256 but you can get algorithm by parsing the value from header x-hub-signature

{
    // Response
}

Example

Let's send a subscribe request to receive updates on new locks.

  1. We need to send a subscribe request to the hub located at /api/hooks/:network/locks where network param should be the ID. For example, to receive updates on new locks created on rinkeby network, the endpoint would be /api/hooks/4/locks

  2. Make a subscribe request. Here's an example of it in javascript.

// Subscribe request to receive updates on new Locks
async function subscribe() {
  const endpoint = "https://locksmith.unlock-protocol.com/api/hooks/4/locks"
  
  const formData = new FormData()
  
  formData.set("hub.topic",   "https://locksmith-host/api/hooks/4/locks")
  formData.set("hub.callback", "https://your-webhook-url/")
  formData.set("hub.mode", "subscribe")
  formData.set("hub.secret", "unlock-is-best")
  
  const result = await fetch(endpoint, {
    method: "POST",
    body: formData,
    headers: {
      "Content-Type": "application/x-www-form-urlencoded"
    }
  })
  
  if(!result.ok) {
    // Handle the error
  }
  const text = await result.text()
  return text 
}

Once you make a request here with callback URL specified in the Websub W3C specification schema. You will receive an intent verification request on the callback URL. This is an async request which means even if you received a successful response for the subscription request, you are not fully subscribed until your endpoint has confirmed the intent. You won't receive updates if intent confirmation fails for any reason.

To confirm, your endpoint MUST return an HTTP 200 status code, with the hub.challenge value in the body. This value will be sent as a query string to your endpoint by the hub. This is done to prevent spam.

Check out this example written in typescript for reference on how to handle callback intent verification and receive updates https://github.com/unlock-protocol/websub-discord/blob/main/src/middleware.ts

Last updated