Event triggers

Hasura can trigger webhooks on events (insert, update, delete) happening in the database.

The event in the database does not have to come via the GraphQL API.

As an example, let's imagine you are building a e-commerce system and you want to send an email when for every new order. To acheive that, create an event trigger on insert for the orders table. Now for every new order Hasura will send a webhook with the order-information for all new orders.

In the webhook, you get all order information and can send an email to the customer.

#API

You can use any other hosting service to host your API that will receive webhooks from Hasuras event triggers. We recommend Netlify or Vercel because they are easy to get started with.

#Security

To make sure that the request your API receives comes from your Hasura instance, and not a hacker, you can send a header (x-webhook-secret) with the webhook.

Set a environment variable called WEBHOOK_SECRET with a random string.

Nhost secret header

Set a header x-webhook-secret and use the WEBHOOK_SECRET environment variable.

Hasura secret header

In your API, when you receive the webhook, you can control that the header (x-webhook-secret) to make sure the request is legit.

if (req.headers["x-webhook-secret"] !== process.env.WEBHOOK_SECRET) {
  return send(res, 401, "incorrect webhook secret");
}
// continue with your webhook