Tolls Webhook URL

When setting up webhooks in our system for toll notifications, you will be asked to specify a URL where you would like to receive the webhook notifications.

Example Payload

{
  "type": "ticket",
  "ticketID": 1,
  "amount": "10",
  "fee": "0",
  "exit_plaza": "X EXIT PLAZA",
  "exit_plaza_cash_cost": "10",
  "posting_date": "1970-01-01 00:00:00.000000+00:00",
  "trans_date_time": "1970-01-01 00:00:00",
  "vehicle_plate_number": "123456",
  "vehicle_tracking_number": "",
  "vehicle_plate_state": "NY",
  "custom_fields" : {
    "field1": "value1",
    "field2": "value2"
  }
}

Custom Fields are only sent if you have configured them in the webhook settings.

Parking Webhook URL

When setting up webhooks in our system for parking notifications, you will be asked to specify a URL where you would like to receive the webhook notifications.

Example Payload

{
  "type": "ticket",
  "issuing_authority": "X Issuing Authority",
  "violation_number": "1234567890",
  "ticket_type": "Parking",
  "description": "Lorem ipsum dolor sit amet",
  "date": "1970-01-01",
  "time": "00:00:00",
  "vehicle": "123456",
  "vehicle_state": "NY",
  "fine_amount": "10",
  "transfer_of_liability": "False",
  "fleet_liable": "False",
  "pdf": "",
  "custom_fields" : {
    "field1": "value1",
    "field2": "value2"
  }
}

Response Handling

Your endpoint should handle the incoming POST requests and respond with a 200 OK status code to acknowledge the successful receipt of the webhook.

Example Response

{
  "status": "success",
  "message": "Webhook received successfully"
}

Security and Best Practices

  • Ensure your endpoint is secured using HTTPS.
  • Ensure you have duplicate logic handling for tickets identificaitons.
  • Set up error handling to manage different types of webhook events and potential issues with payload processing.

Headers Information

When receiving webhook notifications, the following headers will be sent along with the payload:

Custom Configured Headers

Any headers specified in the webhook configuration settings.

Fleet-Specific Headers

  • Ext-Client-Id: Provided if available from customer_info.
  • Ext-Billing-Id: Provided if available from customer_info.

Generic Headers

  • Fleet-Id: The fleet ID associated with the webhook.
  • X-Timestamp: A UNIX timestamp of when the webhook was sent.
  • X-Signature: An HMAC SHA-256 signature generated using a secret key, the payload, and the timestamp for security verification.

Signature in Webhooks

To ensure the security and authenticity of the webhook notifications, a signature is generated and included in the headers of each webhook request. This signature allows the receiving endpoint to verify the integrity of the payload.

How the Signature is Generated

The signature is created using an HMAC SHA-256 hashing process that involves the following components:

  • Secret Key: A shared key used to sign the payload.
  • Data: The payload of the webhook.
  • Timestamp: The UNIX timestamp representing when the webhook was sent.

The signature is generated using the following Python code:

import json
import hmac
import hashlib

def generate_signature(secret_key, data, timestamp):
    serialized_payload = json.dumps(data, separators=(',', ':'))
    signed_payload = f"{timestamp}.{serialized_payload}"
    signature = hmac.new(secret_key.encode(),
                         signed_payload.encode(), hashlib.sha256).hexdigest()
    return signature
HubspotFleetio