Webhookን መቆጣጠር (Webhook Handling)

ከውጪ አገልግሎቶች የሚመጡ ክስተቶችን (events) ለመቀበል እና መረጃን ከUltimate Multisite ጋር ለማመሳሰል የራሳቸውን custom webhook endpoints መፍጠር ይችላሉ።

የራሱ Webhook Endpoint (Custom Webhook Endpoint)

// Webhook endpointን መመዝገብ (Register webhook endpoint)
add_action('rest_api_init', function() {
    register_rest_route('my-addon/v1', '/webhook', [
        'methods' => 'POST',
        'callback' => 'handle_my_webhook',
        'permission_callback' => 'verify_webhook_signature'
    ]);
});

function handle_my_webhook($request) {
    $payload = $request->get_json_params();

    switch ($payload['event_type']) {
        case 'customer.updated':
            $customer = wu_get_customer($payload['customer_id']);
            if ($customer) {
                $customer->set_vip($payload['data']['is_vip']);
                $customer->save();
            }
            break;

        case 'subscription.cancelled':
            $membership = wu_get_membership_by_hash($payload['subscription_id']);
            if ($membership) {
                $membership->cancel();
            }
            break;
    }

    return ['status' => 'processed'];
}

function verify_webhook_signature($request) {
    $signature = $request->get_header('X-Webhook-Signature');
    $payload = $request->get_body();
    $secret = get_option('my_webhook_secret');

    return hash_hmac('sha256', $payload, $secret) === $signature;
}

የደህንነት ጥንቃቄዎች (Security Considerations)

• ሁልጊዜ የwebhook signatureን በHMAC ወይም በጋራ ሚስጥር (shared secret) መፈተሽ አለብዎት።
• በREST routeዎ ላይ permission_callback ይጠቀሙ — በproduction ጊዜ ፈጽሞ __return_true አያደርጉ።
• በሚሰበሰበው payload መረጃ ሁሉንም ነገር ማረጋገጥ (validate) እና ማጽዳት (sanitize) ያስፈልጋል።
• ተገቢ የHTTP status codes መመለስ አለብዎት (ስኬት ከሆነ 200፣ ጥያቄው ስህተት ከሆነ 400)።