room.client.joined- this is sent when a user joins the meeting room
room.client.left- this is send when a user leaves the meeting room (this could be via the leave button or by closing the browser tab
room.session.started: Sent when a room session starts, which is when there are at least 2 users in a room.
room.session.ended: Sent when a room session ends. Currently, a session will end when the number of participants has been less than 2 for some time. This heuristic could change in the future to better determine that a session has ended.
endDateof a room. Also consider that a particular event can be sent more than once, and that you could receive events in non-chronological order.
datathat are common to all events:
roleNamewill have one of the following values:
host: A user joined using the
visitor: A user joined using the regular
granted_visitor: Same as a
visitorbut can join without knocking if the room is locked.
member: A user with an account in your Embedded organization.
owner: A user with an admin account in your Embedded organization.
Whereby-Signatureheader. This string is generated with a unique secret that only you can view when creating or editing a webhook in the Embedded dashboard. Only Whereby and you have access to this secret, and no third party can send forged events to your endpoint. On top of that the header also includes a timestamp to help you prevent replay attacks. The header is composed of a timestamp and the signature itself, for example:
,then removing both
v1=from the resulting strings.
signedPayloadstring by concatenating the timestamp (as a string), the character
.and the JSON event object (the request body).
signedPayload, using the endpoint’s signing secret (the one you get when creating the webhook) as the key.
5xxresponse to the webhook delivery request will trigger a retry, for a total of 2 retries. A short exponential backoff will be used. We also have a 5 seconds timeout on webhook requests, if the response takes longer than that the same retry mechanism will be used.