Overview
Webhook is a reverse API mechanism, similar to a trigger mechanism, that sends a request to a specific URL at a specific moment. Specific moments include user login, user registration, user mobile number change, user personal information change, etc. IDaaS defines these specific moments as events. When an event is triggered, IDaaS sends a notification to the specified URL. The application system performs specific operations after receiving the information.
Terminology
Third-party application: The application system integrated with BambooCloud IDaaS.
Callback address: The address used by BambooCloud IDaaS to push data.
Security token: A unique and never-expiring authorization token agreed upon by both parties. The security token must be at least 32 characters.
Encryption key: Used to encrypt data in the request, mainly to prevent data leakage or tampering during transmission. The encryption key is 32 characters.
Signature key: Used to generate a data signature for the message content, mainly to prevent data tampering during transmission. The signature key must be at least 32 characters.
Encryption/decryption algorithm: The encryption algorithm used for data encryption. The encryption/decryption algorithm used in WebHook is AES/ECB/PKCS5Padding.
WebHook Flow

Step1: When a BambooCloud IDaaS event occurs, BambooCloud IDaaS pushes the user ID to the third-party application system;
Step2: The third-party application system performs security token verification and data signature verification. After successful verification, it decrypts to obtain the user ID. If the returned interface response code is 200, the event push is successful;
Step3: The third-party application system processes its own business data asynchronously according to different events. If detailed user information is needed, it can call the BambooCloud IDaaS API. Refer to Get User Details by User ID