Logo

Docs / MsgGO

Discover how to integrate and manage your notification system with our simple yet powerful messaging service.

Docs

URL

Introduction

URL delivery in MsgGO allows users to send events directly to a specified URL. This enables seamless integration with external systems, making it a powerful tool for forwarding notifications, logs, and data to webhooks or custom endpoints.

How to Use It

  • Navigate to the Events page in MsgGO.
  • Create a new event or select an existing one.
  • Click Add Delivery and choose URL as the delivery method.
  • Provide the target URL where the event should be sent.
  • Select the HTTP method (GET, POST, DELETE, PUT) that should be used for the request.
  • Save the delivery settings to start sending events via URL delivery.

Example Use Cases

  • Logging and Monitoring: Send event data to a logging system or monitoring service.
  • Webhooks: Forward data to external services for further processing.
  • Automation Triggers: Trigger workflows in automation tools like Zapier or n8n.
  • Custom API Integrations: Integrate MsgGO with your internal APIs.

Limitations & Restrictions

  • Supports only GET, POST, DELETE, and PUT methods.
  • The request timeout is 2000 ms.
  • MsgGO automatically includes an X-signature header for request verification.
  • Rate limits apply per delivery target. Learn more in the Delivery Limits Guide.

Security: Verifying MsgGO Requests

Every URL delivery request contains an automatically generated secret signature header (X-signature) that allows recipients to verify the authenticity of the request.

Validating the Signature

To verify that a request is coming from MsgGO, compute the SHA-256 HMAC of the request body using the secret provided during event creation. Compare the computed signature with the X-signature header value.

Example Implementations

Python

import hashlib
import hmac
import json

secret = 'your_secret_key'
request_body = '{"example":"data"}'
received_signature = 'sha256=expected_signature_value'

computed_signature = hmac.new(
    secret.encode(), request_body.encode(), hashlib.sha256
).hexdigest()

is_valid = hmac.compare_digest(f"sha256={computed_signature}", received_signature)
print("Valid signature:", is_valid)
const crypto = require('crypto');

const secret = 'your_secret_key';
const requestBody = JSON.stringify({ example: "data" });
const receivedSignature = 'sha256=expected_signature_value';

const computedSignature = crypto.createHmac('sha256', secret)
    .update(requestBody)
    .digest('hex');

console.log("Valid signature:", `sha256=${computedSignature}` === receivedSignature);
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;

String secret = "your_secret_key";
String requestBody = "{\"example\":\"data\"}";
String receivedSignature = "sha256=expected_signature_value";

Mac sha256_HMAC = Mac.getInstance("HmacSHA256");
SecretKeySpec secret_key = new SecretKeySpec(secret.getBytes(), "HmacSHA256");
sha256_HMAC.init(secret_key);
String computedSignature = bytesToHex(sha256_HMAC.doFinal(requestBody.getBytes()));

boolean isValid = ("sha256=" + computedSignature).equals(receivedSignature);
System.out.println("Valid signature: " + isValid);
$secret = 'your_secret_key';
$request_body = json_encode(["example" => "data"]);
$received_signature = 'sha256=expected_signature_value';

$computed_signature = hash_hmac('sha256', $request_body, $secret);
$is_valid = hash_equals('sha256=' . $computed_signature, $received_signature);

echo "Valid signature: " . ($is_valid ? "true" : "false");

URL deliveries consume MsgGO credits based on the number of recipients and message volume. Refer to the Pricing Page for detailed cost breakdowns.

Troubleshooting & FAQs

What happens if my URL is unreachable?

MsgGO does not retry the request. If the URL is unreachable, the event is marked as undelivered immediately.

How do I change my delivery URL?

To change the delivery URL, remove the existing delivery and create a new one with the updated URL.

Can I use query parameters in my URL?

Yes, query parameters can be appended to the provided URL.

Can I disable verification for incoming requests?

No, you cannot disable the verification mechanism. However, users are not required to validate the request and can process all received data as they see fit. That said, we strongly recommend verifying the X-signature header to ensure the request's authenticity and protect against potential attacks.

Need Help?