Hi,
I did hack it like here:
But why do webhooks not simply trigger events?
Yes, there is the chance of DOS, but this can be mitigated by adding known webhooks to a whitelist.
Also the name of the event triggered could be derived by the webhook itself e.g., the beginning of the webhook up to.a delimiter character. Or also with some mapping in the whitelist table.
This would enhance and ease usage of webhooks a lot.
How I do it now:
in configuration.yaml:
rest_command:
trigger_rest_event:
url: https://your_site/api/events/{{ event_type }}
method: post
headers:
authorization: !secret ha_secret_bearer
payload: "{{ event_data |to_json }}"
content_type: "application/json"
verify_ssl: true
Ant then there is one automation:
alias: "REST Event from WebHook"
description: ""
trigger:
- platform: webhook
webhook_id: changeing_part1-fixed_part
- platform: webhook
webhook_id: changeing_part2-fixed_part
- platform: webhook
webhook_id: changeing_part3-fixed_part
- platform: webhook
webhook_id: changeing_part4-fixed_part
- platform: webhook
webhook_id: changeing_part5-fixed_part
- platform: webhook
webhook_id: changeing_part6-fixed_part
condition: []
action:
- service: rest_command.trigger_rest_event
data:
event_type: webhook.{{ trigger.webhook_id.split('-')[0] }}
event_data: "{{ trigger.json }}"
mode: single
Events will be triggered with full payload of the webhook and are named webhook.changeing_partX.
It would be great to have this per default and just setup a webhook fixed-part in one place.
That way DOS is not possible but the end user only needs to setup one value to get generic webhook => event.
Hi,
but sorry, don’t understand what should be included in the authorization:
authorization: !secret ha_secret_bearer
You need to create a private access token in your HA account.