Developer Settings
Query request data and subscribe to real-time events using ClearFeed APIs
These settings empower you to securely verify the authenticity of incoming requests and receive real-time updates from ClearFeed on your preferred endpoint.
With the Signing Secret and Events API Subscription, you can seamlessly integrate ClearFeed into your applications and receive timely updates to stay in sync with the latest changes and activities.
Personal Access Token
ClearFeed's Personal Access Token (PAT) is a bearer token that provides authentication for users when making API calls. It offers a secure way to access and manage resources without exposing your primary credentials.
Key Facts
Not Present By Default: The PAT is not generated automatically for users. It must be manually created.
One Token Per User: At any given point in time, only one token is available per user.
Deletion and Regeneration: If there are concerns about security or if a token is misplaced, it can be deleted and a new one can be generated.
Create Token
Go to the Developer Settings page and click on Generate Token to create a new token.
Use Token
When making API calls to ClearFeed, include the token in the Authorization
header of your request:
Replace YOUR_PERSONAL_ACCESS_TOKEN
with the token you generated.
Delete & Re-generateToken
If you ever feel your token has been compromised, or you want to generate a new one:
Go to Developer Settings page.
Click on the delete icon against the existing token.
Generate a new one if required.
Never Share: Treat your personal access token like a password. Do not share it, expose it in client-side code, or store it in insecure locations. For added security, consider periodically deleting and regenerating your token.
Signing Secret
The Signing Secret is a security feature that enables you to verify the authenticity of incoming requests from ClearFeed. When you enable this setting, ClearFeed will sign each outgoing request with a unique signature using this secret. To ensure the integrity of the data received, you can verify the signature on your end.
How to use the Signing Secret:
Every request ClearFeed sends to your endpoint contains a signature. This signature has to be validated to ensure the request actually originated from ClearFeed.
Important Note: Keep your Signing Secret confidential and do not share it with unauthorized parties.
Validating Requests
To validate that a request originated from ClearFeed, follow these steps:
Grab your webook secret from the Developer Settings Page.
Extract the verb, URL, body and timestamp from the request. The timestamp to use here is the
X-CF-Timestamp
header. Concatenate all of these and hash them using the webhook secret obtained above.Compare the resulting signature with the signature in the request.
Here's how it can be done using JavaScript:
Event API Subscription
The Events API Subscription allows you to subscribe to various types of events from ClearFeed. Whenever an event of the selected type occurs, ClearFeed will send a POST request to the URL you specify in this setting.
Subscribing to Events
Go to the Developer Settings page and find the "Events API Subscription" section.
Enter the URL of your server or application endpoint where you want to receive the events.
Click the "Save" button to save your subscription preferences.
Endpoint Requirements
Before saving the Events API Subscription endpoint, please ensure the following:
The URL must start with
https
.The endpoint should respond with an HTTP status code of
200
to confirm successful receipt of a test ping. Returning anything other than200
will not allow you to save the endpoint.
Receiving Events
When an event occurs, ClearFeed will send a POST request to the specified URL with relevant event data. The payload of the POST request will contain information about the event, allowing you to take appropriate actions on your end.
Event Headers
The following headers are sent with every request:
The X-CF-Timestamp
header indicates the UNIX timestamp at which the event occurred in ClearFeed. The X-CF-Retry-Count
header indicates the number of times ClearFeed tried to deliver the event. The value ranges from 0 to 3.
Supported Events
ClearFeed API
Last updated