@extends('business::layouts.app') @section('title', 'Webhooks — BizWap') @push('styles') @endpush @section('content')

Webhooks

@if(session('success'))

@endif {{-- ── Settings Form ── --}}

Webhook Settings

@csrf

Webhook URL @error('webhook_url')

@enderror

BizWap will POST events to this URL. Leave blank to disable forwarding.

Subscribe to Events

webhook_events ?? []) ? 'checked' : '' }} > message.status — delivery updates (sent, delivered, read, failed)

webhook_events ?? []) ? 'checked' : '' }} > message.inbound — incoming messages from users

{{-- ── Webhook Secret ── --}} @if($business->webhook_secret)

Webhook Secret

Verify incoming requests are from BizWap by checking the X-BizWap-Signature header. It contains sha256=HMAC-SHA256(payload, secret).

Regenerating will immediately invalidate the current secret.

@endif {{-- ── How to Verify ── --}} @if($business->webhook_url)

Verifying Requests

Each request from BizWap includes an X-BizWap-Signature header. Verify it like this:

$secret    = 'your-webhook-secret';
$payload   = file_get_contents('php://input');
$signature = 'sha256=' . hash_hmac('sha256', $payload, $secret);

if (!hash_equals($signature, $_SERVER['HTTP_X_BIZWAP_SIGNATURE'] ?? '')) {
    http_response_code(401);
    exit;
}

$event = json_decode($payload, true);
// handle $event['event'], $event['data'], etc.

@endif {{-- ── Delivery Log ── --}}

Delivery Log

@if($deliveries->isEmpty())

No delivery attempts yet.

@else

@foreach($deliveries as $delivery) @endforeach

Event	Status	Attempts	Response	Last Tried	Created
`{{ $delivery->event_type }}`	{{ ucfirst($delivery->status) }}	{{ $delivery->attempts }}	@if($delivery->response_code) `{{ $delivery->response_code }}` @else — @endif	{{ $delivery->last_attempted_at?->diffForHumans() ?? '—' }}	{{ $delivery->created_at->format('d M Y, H:i') }}

@if($deliveries->hasPages())

@endif @endif

@endsection @push('scripts') @endpush