Column.Webhooks (Column v1.0.0)

Copy Markdown View Source

Webhook endpoint registration and delivery management.

Register HTTPS endpoints to receive real-time event push notifications. Column retries failed deliveries with exponential backoff. All deliveries are logged and queryable.

Registering a webhook

{:ok, wh} = Column.Webhooks.create(%{
  url: "https://your-app.com/webhooks/column",
  description: "Production event sink",
  enabled_events: ["transfer.ach.settled", "transfer.wire.settled"]
})

# Verify ownership (Column sends a challenge to your endpoint)
{:ok, _} = Column.Webhooks.verify(wh["id"])

Verifying webhook signatures

Column signs every delivery with HMAC-SHA256. Use verify_signature/3 to validate incoming webhook payloads in your endpoint handler.

def handle_webhook(conn) do
  sig = List.first(get_req_header(conn, "column-signature"))
  raw_body = conn.assigns[:raw_body]
  secret = System.get_env("COLUMN_WEBHOOK_SECRET")

  case Column.Webhooks.verify_signature(raw_body, sig, secret) do
    :ok -> process(conn)
    :error -> send_resp(conn, 401, "Invalid signature")
  end
end

Summary

Types

id()
opts()
params()
result()

Functions

create(params, opts \\ [])

Create a webhook endpoint.

delete(id, opts \\ [])

Delete a webhook endpoint.

get(id, opts \\ [])

Get a webhook endpoint by ID.

list(opts \\ [])

List all webhook endpoints.

list_deliveries(id, opts \\ [])

List all deliveries for a webhook endpoint.

list_deliveries_by_event(id, opts \\ [])

List webhook deliveries grouped by event.

update(id, params, opts \\ [])

Update a webhook endpoint.

verify(id, opts \\ [])

Trigger endpoint verification (Column sends a challenge request to your URL).

verify_signature(body, signature, secret)

Verify a webhook signature from an incoming delivery.

Types

id()

@type id() :: String.t()

opts()

@type opts() :: keyword()

params()

@type params() :: map()

result()

@type result() :: {:ok, map()} | {:error, Column.Error.t()}

Functions

create(params, opts \\ [])

@spec create(params(), opts()) :: result()

Create a webhook endpoint.

delete(id, opts \\ [])

@spec delete(id(), opts()) :: result()

Delete a webhook endpoint.

get(id, opts \\ [])

@spec get(id(), opts()) :: result()

Get a webhook endpoint by ID.

list(opts \\ [])

@spec list(opts()) :: result()

List all webhook endpoints.

list_deliveries(id, opts \\ [])

@spec list_deliveries(id(), opts()) :: result()

List all deliveries for a webhook endpoint.

list_deliveries_by_event(id, opts \\ [])

@spec list_deliveries_by_event(id(), opts()) :: result()

List webhook deliveries grouped by event.

update(id, params, opts \\ [])

@spec update(id(), params(), opts()) :: result()

Update a webhook endpoint.

verify(id, opts \\ [])

@spec verify(id(), opts()) :: result()

Trigger endpoint verification (Column sends a challenge request to your URL).

verify_signature(body, signature, secret)

@spec verify_signature(binary(), String.t() | nil, String.t()) :: :ok | :error

Verify a webhook signature from an incoming delivery.

Column signs each delivery with HMAC-SHA256 using your webhook secret. Always validate signatures before processing webhook payloads.

Returns :ok if valid, :error if invalid or missing.