Arlo

REST Auth API: Webhooks

This article documents how to use Arlo's Webhook implementation.

Skip to:

What are webhooks

Webhooks allow you to subscribe to certain events that happen in Arlo. A list of the supported resources and events on those resources is given below. When one of these events is triggered we'll send a HTTP POST payload to the URL configured.

Multiple webhook endpoints can be configured for an Arlo platform, each servicing a different need (e.g. Arlo for Moodle, Arlo for Wordpress).

Supported events

Resource Event Description
Contact Created A contact has been created in Arlo
Contact Updated A contact has been updated in Arlo
Registration Created A registration has been created in Arlo
Registration Updated A registration has been updated in Arlo
Order Created An order has been created in Arlo
Order Updated An order has been updated in Arlo
Event Created An event has been created in Arlo
Event Updated An event has been updated in Arlo
OnlineActivity Created An online activity (elearning) has been created in Arlo
OnlineActivity Updated An online activity (elearning) has been updated in Arlo
EventTemplate Created An event template has been created in Arlo
EventTemplate Updated An event template has been created in Arlo

Webhook deliveries

Delivery format

<WebhookDelivery>
    <Link href="https://api.arlo.co/api/2012-02-01/auth/resources/platformevents/" rel="http://schemas.arlo.co/api/2012/02/auth/related/PlatformEvents" title="PlatformEvents" type="application/xml">
        <PlatformEvents>
            <Link href="https://api.arlo.co/api/2012-02-01/auth/resources/platformevents/1547/" rel="http://schemas.arlo.co/api/2012/02/auth/related/PlatformEvent" title="PlatformEvent" type="application/xml">
                <PlatformEvent>
                    <ID>1547</ID>
                    <Type>Updated</Type>
                    <ResourceType>Contact</ResourceType>
                    <ResourceID>10987</ResourceID>
                    <Link href="https://api.arlo.co/api/2012-02-01/auth/resources/platformevents/1547/" rel="self" type="application/xml"/>
                    <Link href="https://api.arlo.co/api/2012-02-01/auth/resources/contacts/10987/" rel="http://schemas.arlo.co/api/2012/02/auth/related/Link" title="Link" type="application/xml"/>
                    <Link href="https://api.arlo.co/api/2012-02-01/auth/resources/contacts/10987/" rel="http://schemas.arlo.co/api/2012/02/auth/related/Contact" title="Contact" type="application/xml"/>
                </PlatformEvent>
            </Link>
            <Link href="https://api.arlo.co/api/2012-02-01/auth/resources/platformevents/" rel="self" type="application/xml"/>
        </PlatformEvents>
    </Link>
</WebhookDelivery>

Delivery resource properties

Property Description
PlatformEvents A list of PlatformEvents that form this delivery.

Returning HTTP response codes to deliveries

It is important that your endpoint return success codes. Arlo will stop sending deliveries to an endpoint that repeatedly fails to return a successful HTTP status code. After Arlo receives four failed deliveries in a row, the endpoint will be placed into the erroed state and an email will be sent to the technical contact configured against the endpoint (if any). Once the problems are resolved, the endpoint can be made active again using Arlo's management UI.

Sample code

The https://github.com/ArloSoftware/webhookclients repository has some example code for consuming webhooks.

Checking signatures

Arlo signs the webhook deliveries it sends to your endpoints. We do so by including a signature in each devlieries x-arlo-signature header. This allows you to verify that the events were sent by Arlo and a third party.

Before you can verify signatures, you need to retrieve your endpoint's secret. If the webhook endpoint was created programaically it will be returned in the response to the POST request that created the endpoint. It can also be retrieved at any time in Arlo's management platform by clicking on the show key link in the manage endpoint UI.

Each secret is unique to the endpoint to which it corresponds. If you use multiple endpoints, you must obtain a secret for each one.