LinkedIn

Salesforce - GitHub integration using Webhook

-

Salesforce supports webhooks for communicating with many other applications. In this post let us see how we can use webhooks to communicate between Github and Salesforce to track details of push event.




1. What is Webhook

In Salesforce, we can define what action should happen when a specific event occurs. Triggers and flows can define before and after actions. Similarly, other applications provides event actions called webhooks, which is basically an HTTP POST to external URLs, which are registered under specific event actions.

There are multiple applications that currently support webhooks. Github, JIRA, ServiceNow, Twilio, Whatsapp are some examples. 

These applications can register multiple subscribers for the same event, thus passing the same message to multiple systems when some event is happening.


2. How to create a Webhook supported URL in Salesforce

In Salesforce creating a webhook supported URL involves the below steps:

1. Create Apex REST API

First, create a new Apex REST API Class as shown below, later we can add logic to that based on the subscribed webhook.



take a note of the url mapping - @RestResource(urlMapping='/api/Webhooks/incoming/pushDetails/*')

2. Create a public Site

In salesforce, we need to create a public site if we need to explore the above apex class to a webhook event. So let us create a new public site as shown below and keep the default setting:



3. Enable Apex class Access to the site

Once the site is saved, click on "Public Access Settings" button on site, which will take you to the profile associated with the site guest user.Edit the Enabled Apex Class Access and add our newly created class to the list.




3. GitHub Webhook Details

1. Create a new repository

To start with understanding more details about GitHub webhooks, let us create a new repository first.


2. How to access Webhooks

Under the newly created repository, go to settings and you can see WebHooks.


3. Create a new Webhook adding Salesforce as Subscriber

Click on Add Webhook button, and populate details:

1. payload URL - <Sitedomain>/services/apexrest/<rest urlmapping>

https://meerademosite-developer-edition.ap17.force.com/services/apexrest/api/Webhooks/pushDetails

2. Content type - Application/json

3. Secret - keep it empty for now, we can add this later

4. SSL verification - keep Default

5. Which events would you like to trigger this webhook? - Just the push Event

6. Active - true

And complete the action by clicking on Add Webhooks button.

In addition to Push activity, GitHub supports webhook for the below events also:


4. Request processing in Apex

Before processing this in Apex, you can find a sample payload for Push event in Github Documentation

When a push event is happening we would like to get the below details in Salesforce processing the payload:

1. Committer name

2. Commiter Email

3. Committer Comment

4. Committed Time

5. Committed url

6. Repository name

7. Added Components

8. Removed Components

9. Modified Components

To store these details, first, let us create a custom object - GitHub_Push_Details__c with the above fields. 

Now update logic inside Apex class to parse the response and retrieve required details. 

As an example let us see how to retrieve committer name and email from payload.

"pusher": {

    "name": "MeeraRNair",

    "email": "m*********@****.com"

  },

To get this we can define an inner class:


And now parse the request and retrieve details as shown below:


Similarly we can retrieve other required details also. Once this is retrieved, we can create a record of GitHub_Push_Details__c  and insert it.


You can also see setting response. The complete logic is uploaded here.

Now from VS code, connect to newly created repo by:

git remote add origin https://github.com/MeeraRNair/WebhookDemo.git

And push the class to repository:

In webhook details in GitHub, you can see that webhook got published successfully.

Request:


Response:


If our class processed request successfully, you can see a new record in GitHub_Push_Details__c :


Record Detail View:



So this approach will help us to see the push details in Salesforce itself without logging into GitHub.

5. How to make this more secure

The problem with public site is that any one with this URL will be able to post data to salesforce and that will get processed. How we can add additional security to this communication?

GitHub provides an option to add  Secret key to the Webhook set up. We can refer this link to get additional details on this.


How this secret will work?

When we add a secret,Github will hash the payload using the provided secret, using HMAC hex digest and hashed value will be added to the header as shown below:


Now we can modify our Apex class to validate this hashed header compoenent. Use methods provided by Crypto class to hash the body of payload using the same secret, and compare that value with the one we received at request header.

Code:


if the authentication fails, we can set corresponsing status code and message in the response:


Also in webhook sender, we can see the error:

You can watch a short Demo here:





References:

https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#push

https://docs.github.com/en/developers/webhooks-and-events/webhooks/securing-your-webhooks 

Comments

  1. RK17 June 2021 at 13:47

    This is great. Thank you!

    Do you know if we can do other way? From Salesforce to git. Add / update the file in Git after a change in Salesforce?

    ReplyDelete
  2. Meera R Nair21 June 2021 at 20:22

    I am not sure, if we can directly do it from Salesforce in a real time manner. But you can write some script file to perform something similar and schedule it. That is get metadata components created/updated in a specific timeframe and push it. I have used powershell script in the past.

    ReplyDelete
  3. Amitash27 June 2021 at 02:36

    It is really very helpful

    ReplyDelete
  4. Kits Online Trainings24 August 2021 at 03:20

    Nice Post. Also Check salesforce online course salesforce online courses

    ReplyDelete
  5. Membroz28 September 2021 at 02:11

    This is useful information for all of us building any software or website in Jira integration, but also check out this workshop management software free trial.

    ReplyDelete
  6. khouloud20 January 2022 at 07:07

    Hello ,

    thank you for this tutorial.it is very helpful.But in my case i'd like to push data from Salesforce to an external application using webhooks (i have only the web service for this application).How can i establish this ?
    Thank you

    ReplyDelete
  7. Upraise16 August 2023 at 07:21

    Thankyou for such an informative blog. Read about OKR in this guide .

    ReplyDelete

Post a Comment

Popular posts from this blog

Subscribing to Salesforce Platform Events using External Java Client - CometD

-
Image
Platform Events follow event based Architecture, where multiple subscribers can subscribe to a published event in real time manner.  Below diagram shows the basic Architecture of the event-based communication Model: Event - This is a change in state for a business process Event Message - Data about the event Producer - Publisher of the event Event Bus - A communication and storage service for published events Event Consumer - A subscriber to the channel Platform events can be subscribed internally and also externally Platfrom events  - Internal Subscription Below are some scenarios in which you can consume platform events internally: 1. When we need to execute functionalities asynchronously to save govornor limits 2. To build a proper exception logging framework - You can find more details here  How to subscribe Internally? we can see more details about this in a different blogpost. Platfrom events  - External Consumption Many Organizations are moving to event-based integration appr
Read more

Salesforce Security - Restriction Rules and Scoping Rules

-
Image
1. Overview Salesforce provides a very effective security model where we always start with the most restrictive access and then open up access using additional mechanisms like sharing rules, and manual sharing based on the requirements.   But there might be scenarios where we need to restrict access based on specific criteria. Salesforce recently introduced 2 approaches to support this requirement. Those are restriction rules and scoping rules. Let us see this in detail. 2. Restriction Rules - Overview Using restriction rules we can apply an additional level of filter on top of records to which a specific user is having access. 3. Scoping Rules - Overview Scoping rules help to filter the default records visible for a user based on specific criteria. But it is not preventing access to other records. 4. Compare Restriction Rules and Scoping Rules 5. Restriction Rule - Example Company ABC is having Job Applications getting created through their company portal and synched to Salesforce. T
Read more

How to develop reusable Invocable Apex methods for Flows

-
Image
 Salesforce is adding many new features and capabilities to Flows. But there are still some scenarios where you need to call apex methods from Flows to execute complex operations - when Flow is not capable of doing that or the performance will be low when you implement that using flows. Let us see how we can build reusable apex methods for Flows. For this let us consider 2 sample scenarios: Scenario 1 - Quick Create Account/Contact I want to build a screen, where the user can select the object needs to be created, and then create a record of that object by entering the required details. Also if the record creation is getting failed, I want to create an exception record with details. Solution Let us see how we can utilize Apex action for this. For this first let us create an Apex Invocable method, which can accept a list of wrapper class as shown below: You can see, this invocable method is accepting a List of wrapper class variables and also returning a list of wrapper class variables.
Read more