HomeURL
Introduction
URL delivery in MsgGO allows users to send events directly to a specified URL. This enables seamless integration with external systems, making it a powerful tool for forwarding notifications, logs, and data to webhooks or custom endpoints.
How to Use It
- Navigate to the Events page in MsgGO.
- Create a new event or select an existing one.
- Click Add Delivery and choose URL as the delivery method.
- Provide the target URL where the event should be sent.
- Select the HTTP method (GET, POST, DELETE, PUT) that should be used for the request.
- Save the delivery settings to start sending events via URL delivery.
Example Use Cases
- Logging and Monitoring: Send event data to a logging system or monitoring service.
- Webhooks: Forward data to external services for further processing.
- Automation Triggers: Trigger workflows in automation tools like Zapier or n8n.
- Custom API Integrations: Integrate MsgGO with your internal APIs.
Limitations & Restrictions
- Supports only GET, POST, DELETE, and PUT methods.
- Rate limit: 500 events per minute.
- The request timeout is 2000 ms.
- MsgGO automatically includes an X-signature header for request verification.
Security: Verifying MsgGO Requests
Every URL delivery request contains an automatically generated secret signature header (X-signature) that allows recipients to verify the authenticity of the request.
Validating the Signature
To verify that a request is coming from MsgGO, compute the SHA-256 HMAC of the request body using the secret provided during event creation. Compare the computed signature with the X-signature header value.
Example Implementations
Python
import hashlib
import hmac
import json
secret = 'your_secret_key'
request_body = '{"example":"data"}'
received_signature = 'sha256=expected_signature_value'
computed_signature = hmac.new(
secret.encode(), request_body.encode(), hashlib.sha256
).hexdigest()
is_valid = hmac.compare_digest(f"sha256={computed_signature}", received_signature)
print("Valid signature:", is_valid)Node.js
const crypto = require('crypto');
const secret = 'your_secret_key';
const requestBody = JSON.stringify({ example: "data" });
const receivedSignature = 'sha256=expected_signature_value';
const computedSignature = crypto.createHmac('sha256', secret)
.update(requestBody)
.digest('hex');
console.log("Valid signature:", `sha256=${computedSignature}` === receivedSignature);Java
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
String secret = "your_secret_key";
String requestBody = "{\"example\":\"data\"}";
String receivedSignature = "sha256=expected_signature_value";
Mac sha256_HMAC = Mac.getInstance("HmacSHA256");
SecretKeySpec secret_key = new SecretKeySpec(secret.getBytes(), "HmacSHA256");
sha256_HMAC.init(secret_key);
String computedSignature = bytesToHex(sha256_HMAC.doFinal(requestBody.getBytes()));
boolean isValid = ("sha256=" + computedSignature).equals(receivedSignature);
System.out.println("Valid signature: " + isValid);PHP
$secret = 'your_secret_key';
$request_body = json_encode(["example" => "data"]);
$received_signature = 'sha256=expected_signature_value';
$computed_signature = hash_hmac('sha256', $request_body, $secret);
$is_valid = hash_equals('sha256=' . $computed_signature, $received_signature);
echo "Valid signature: " . ($is_valid ? "true" : "false");Cost & Billing
URL deliveries consume MsgGO credits based on the number of recipients and message volume. Refer to the Pricing Page for detailed cost breakdowns.
Troubleshooting & FAQs
What happens if my URL is unreachable?
MsgGO does not retry the request. If the URL is unreachable, the event is marked as undelivered immediately.
How do I change my delivery URL?
To change the delivery URL, remove the existing delivery and create a new one with the updated URL.
Can I use query parameters in my URL?
Yes, query parameters can be appended to the provided URL.
Can I disable verification for incoming requests?
No, you cannot disable the verification mechanism. However, users are not required to validate the request and can process all received data as they see fit. That said, we strongly recommend verifying the X-signature header to ensure the request's authenticity and protect against potential attacks.
Need Help?
- Check our FAQ
- Contact Support
- Visit our Documentation