> ## Documentation Index
> Fetch the complete documentation index at: https://docs.fleetit.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Webhook

## Tolls Webhook URL

When setting up webhooks in our system for toll notifications, you will be asked to specify a URL where you would like to receive the webhook notifications.

#### Example Payload

```json theme={null}
{
  "type": "ticket",
  "ticketID": 1,
  "amount": "10",
  "fee": "0",
  "exit_plaza": "X EXIT PLAZA",
  "exit_plaza_cash_cost": "10",
  "posting_date": "1970-01-01 00:00:00.000000+00:00",
  "trans_date_time": "1970-01-01 00:00:00",
  "vehicle_plate_number": "123456",
  "vehicle_tracking_number": "",
  "vehicle_plate_state": "NY",
  "custom_fields" : {
    "field1": "value1",
    "field2": "value2"
  }
}
```

<Tip>
  Custom Fields are only sent if you have configured them in the webhook settings.
</Tip>

## Parking Webhook URL

When setting up webhooks in our system for parking notifications, you will be asked to specify a URL where you would like to receive the webhook notifications.

#### Example Payload

```json theme={null}
{
  "type": "ticket",
  "issuing_authority": "X Issuing Authority",
  "violation_number": "1234567890",
  "ticket_type": "Parking",
  "description": "Lorem ipsum dolor sit amet",
  "date": "1970-01-01",
  "time": "00:00:00",
  "vehicle": "123456",
  "vehicle_state": "NY",
  "fine_amount": "10",
  "transfer_of_liability": "False",
  "fleet_liable": "False",
  "pdf": "",
  "custom_fields" : {
    "field1": "value1",
    "field2": "value2"
  }
}
```

## Response Handling

Your endpoint should handle the incoming POST requests and respond with a 200 OK status code to acknowledge the successful receipt of the webhook.

#### Example Response

```json theme={null}
{
  "status": "success",
  "message": "Webhook received successfully"
}
```

## Security and Best Practices

* Ensure your endpoint is secured using HTTPS.
* Ensure you have duplicate logic handling for tickets identificaitons.
* Set up error handling to manage different types of webhook events and potential issues with payload processing.

## Headers Information

When receiving webhook notifications, the following headers will be sent along with the payload:

### Custom Configured Headers

Any headers specified in the webhook configuration settings.

### Fleet-Specific Headers

* **Ext-Client-Id**: Provided if available from `customer_info`.
* **Ext-Billing-Id**: Provided if available from `customer_info`.

### Generic Headers

* **Fleet-Id**: The fleet ID associated with the webhook.
* **X-Timestamp**: A UNIX timestamp of when the webhook was sent.
* **X-Signature**: An HMAC SHA-256 signature generated using a secret key, the payload, and the timestamp for security verification.

## Signature in Webhooks

To ensure the security and authenticity of the webhook notifications, a signature is generated and included in the headers of each webhook request. This signature allows the receiving endpoint to verify the integrity of the payload.

### How the Signature is Generated

The signature is created using an HMAC SHA-256 hashing process that involves the following components:

* **Secret Key**: The `webhook_signature_secret_token` from your active webhook integration.
* **Data**: The payload of the webhook.
* **Timestamp**: The UNIX timestamp representing when the webhook was sent.

The signature is generated using the following Python code:

```python theme={null}
import json
import hmac
import hashlib

def generate_signature(secret_key, data, timestamp):
    serialized_payload = json.dumps(data, separators=(',', ':'))
    signed_payload = f"{timestamp}.{serialized_payload}"
    signature = hmac.new(secret_key.encode(),
                         signed_payload.encode(), hashlib.sha256).hexdigest()
    return signature
```

### Obtaining the Secret Key

The secret key required for signature verification can be obtained from the [Fleet Active Integrations API](/api-reference/integrations/fleet-active-integrations/list). After creating a webhook integration, the integration details will include the `webhook_signature_secret_token` field.

#### Example Response from Fleet Active Integrations:

```json theme={null}
{
  "count": 1,
  "next": null,
  "previous": null,
  "results": [
    {
      "id": 121,
      "integration": 4,
      "enabled": true,
      "data": {
        "auth": {
          "url": "https://webhook.site/1b064192-833f-41ff-99e0-a2e32044035f"
        },
        "urls": {},
        "config": {},
        "documentation": "https://docs.api.example.com/#9ca0ff12-d3d8-4339-b2a0-48b5477f3b62"
      },
      "documentation": "https://docs.api.example.com/#9ca0ff12-d3d8-4339-b2a0-48b5477f3b62",
      "webhook_signature_secret_token": "dummy_token"
    }
  ]
}
```

The `webhook_signature_secret_token` field contains the secret key that should be used for signature verification.
