Event triggers

Hasura can trigger webhooks on events (insert, update, delete) happening in the database.

The event in the database does not have to come via the GraphQL API.

As an example, let's imagine you are building a e-commerce system and you want to send an email when for every new order. To achieve that, create an event trigger on insert for the orders table. Now for every new order Hasura will send a webhook with the order-information for all new orders.

In the webhook, you get all order information and can send an email to the customer.

#API

You can use any other hosting service to host your API that will receive webhooks from Hasura's event triggers. We recommend Netlify or Vercel because they are easy to get started with.

#Security

To make sure that the request your API receives comes from your Hasura instance, and not a hacker, you can use the NHOST_WEBHOOK_SECRET environment variable that is already added to both Hasura and the Custom API.

Set a header x-webhook-secret and use the NHOST_WEBHOOK_SECRET environment variable.

Hasura secret header

In your API, when you receive the webhook, you can control that the header (x-webhook-secret) to make sure the request is legit.

if (req.headers["x-webhook-secret"] !== process.env.NHOST_WEBHOOK_SECRET) {
  return send(res, 401, "incorrect webhook secret");
}
// continue with your webhook