A Webhook is created for a presentation through the webhooks admin screen.

If you want a form to be sent through the webhook, set the event category to data-capture.

Adding security to your webhooks

In the webhook configuration options, Mobile Locker allows you to specify a secret key to send along with each request to verify that the request is coming from Mobile Locker. We also send along an HMAC with each request using your secret key so that you can verify that the request body hasn't changed en route to your webhook URL. The secret key is included as an HTTP header named X-MobileLocker-Signature

{
  "environment": "production",
  "sender": {
    "id": 3,
    "first_name": "Mark",
    "last_name": "Stralka",
    "name": "Mark Stralka",
    "name_reverse": "Stralka, Mark",
    "email": "[email protected]",
    "verified": 1,
    "status": "Active",
    "phone": "+1 215-821-6450",
    "country": {
      "id": "US",
      "name": "United States"
    },
    "timezone": "America\/New_York",
    "external_id": null,
    "photo_url": "https:\/\/www.gravatar.com\/avatar\/c90d44f533d302c9f64d8b83771f8c12.jpg?s=200&d=mm",
    "current_team_id": 1,
    "last_accessed_at": "2017-01-10T18:20:05+00:00",
    "created_at": "2016-11-25T22:14:52+00:00",
    "updated_at": "2017-01-10T18:12:28+00:00"
  },
  "presentation": {
    "id": 404,
    "team_id": 1,
    "name": "Kazaamax Starter",
    "code": "kazaamax_starter",
    "status": "Active",
    "presentation_type": "HTML",
    "icon": "fa-html5",
    "description": "A starter presentation used for demos",
    "main_path": "index.html",
    "main_filename": "index.html",
    "thumbnail": null,
    "settings": {
      "ga_profile_id": null,
      "rotation_mode": "both",
      "legacy": {
        "hide_status_bar": false,
        "supports_rotation": false,
        "supports_zoom": false,
        "rotation_mode": "landscape",
        "menu_bar_taps": 2,
        "bounce_enabled": true,
        "bounce_zoom_enabled": true,
        "clear_cache_on_open": false,
        "clear_cache_on_exit": false
      }
    },
    "ga_profile_id": null,
    "files_hash": "79b959f38f925f540228cd725d0896bf773446cb",
    "files": [],
    "labels": [],
    "last_accessed_at": "2017-01-10T18:17:40+00:00",
    "created_at": "2017-01-06T19:26:35+00:00",
    "updated_at": "2017-01-10T04:05:52+00:00"
  },
  "device": {
    "id": 667,
    "uuid": "*****************************",
    "icon": "fa-tablet",
    "status": "Active",
    "team_id": 1,
    "user_id": 3,
    "device_type": "iPad",
    "model": "iPad",
    "localized_model": "iPad",
    "name": "a1000.vorenusventures",
    "user_agent": "MobileLocker-iOS-10.2 v:3.00.33 App:ED3D1A0A-BFF5-49EB-8C21-81356149077A",
    "os_name": "iOS",
    "os_version": "10.2",
    "app_version": "3.00",
    "last_ip_address": "174.104.199.128",
    "last_connected_at": "2017-01-10 18:20:05",
    "last_connected_at_timestamp": 1484072405,
    "created_at": "2017-01-05 18:52:57",
    "updated_at": "2017-01-10 18:17:25"
  },
  "device_session": {
    "id": 45563,
    "uuid": "5A7044EE-A7FD-442A-AE9C-2AD1C5288DFA",
    "session_type": "normal",
    "device_id": 667,
    "user_id": 3,
    "team_id": 1,
    "presentation_id": 404,
    "ip_address": "151.181.232.44",
    "num_events": 4,
    "num_forms": 3,
    "num_screenshots": 0,
    "started_at": "2017-01-10T18:17:40+00:00",
    "ended_at": null,
    "duration": null,
    "created_at": "2017-01-10T18:18:50+00:00",
    "updated_at": "2017-01-10T18:20:05+00:00"
  },
  "device_event": {
    "id": 337538,
    "uuid": "02B3BEE0-34F8-443A-8AB6-1DE7E59A8851",
    "event_at": "2017-01-10T18:20:05+00:00",
    "category": "data-capture",
    "action": "signup-form",
    "path": "signup-form",
    "event_type": "normal",
    "data": {
      "data_type": "parsed",
      "data": {
        "signature": null,
        "name": "Mark",
        "email": "Stralka",
        "company": "[email protected]",
        "signatureJSON": null,
        "country": "US"
      }
    },
    "device_id": 667,
    "ip_address": "151.181.232.44",
    "session_id": 45563,
    "user_id": 3,
    "team_id": 1,
    "presentation_id": 404,
    "created_at": "2017-01-10T18:20:05+00:00",
    "updated_at": "2017-01-10T18:20:05+00:00",
    "flattened_data": {
      "signature": null,
      "name": "Mark Stralka",
      "email": "[email protected]",
      "company": "Mobile Locker",
      "signatureJSON": 'base-64-encoded PNG, truncated for brevity',
      "country": "US"
    }
  }
}
sha256=909a04cfee970d5c0dda83abb3760c3ee02cde0b9583e72c8d4ff0dd5c2239c2

To validate the request with the signature header value, you will need to encrypt the body of the webhook request with HMAC using the SHA256 hashing function and your shared key.

<?php
$postdata = file_get_contents("php://input");
list ($method, $signature) = explode('=', $_SERVER['HTTP_X_FS_SIGNATURE'], 2);

if (hash_hmac($method, $postdata, 'secretkey') === $signature) {
  // Verified
}