Webhooks
Notify a URL when an appointment is scheduled, canceled, or rescheduled. Under Import/Export/Syncing set the Webhook integration with the URL to be notified on changes to appointments.
Webhook requests will be POST requests with these variables:
- action either
scheduledrescheduledorcanceleddepending on the action that initiated the webhook call - id the ID for the appointment, get the appointment details for through the get appointment API call
- calendarID the ID of the calendar for the appointment
- appointmentTypeID the ID of the type of the appointment
Verifying Webhook Requests
Webhook notifications are signed by Acuity using your API key, so you can verify that a notification is from Acuity. First compute the base64 HMAC-SHA256 signature of the notification using the request's body as the message and your API key as the shared secret. Then compare this signature to the request header X-Acuity-Signature . If they match, the notification is authentic.
<?php
// Get hash of message using shared secret:
$body = file_get_contents('php://input');
$hash = base64_encode(hash_hmac('sha256', $body, $secret, true));
// Compare the two:
if ($hash !== $request->getHeaderLine('X-Acuity-Signature')) {
throw new Exception('This message was forged!');
}
// Get hash of message using shared secret:
var hasher = crypto.createHmac('sha256', secret);
hasher.update(buf.toString());
var hash = hasher.digest('base64');
// Compare hash to Acuity signature:
if (hash !== req.header('X-Acuity-Signature')) {
throw new Error('This message was forged!');
}
Updated less than a minute ago