Receive notifications about channel events

A webhook is a user-defined callback over HTTP. You use webhooks to notify your app or back-end system when certain Interactive Live Streaming events occur. Agora Notifications enables you to subscribe to events and receive notifications about them across multiple product lines.

Understand the tech

Using Agora Console you subscribe to specific events for your project and tell Notifications the URL of the webhooks you have configured to receive these events. Notifications sends notifications of your events to your webhooks every time they occur. Your server authenticates the notification and returns 200 Ok to confirm reception. You use the information in the JSON payload of each notification to give the best user experience to your users.

The following figure illustrates the workflow when Notifications is enabled for the specific Interactive Live Streaming events you subscribe to:

A user commits an action that creates an event. For example, creates a channel.
Notifications sends an HTTPS POST request to your webhook.
Your server validates the request signature, then sends a response to Notifications within 10 seconds. The response body must be in JSON.

If Notifications receives 200 OK within 10 seconds of sending the initial notification, the callback is considered successful. If these conditions are not met, Notifications immediately resends the notification. The interval between notification attempts gradually increases. Notifications stops sending notifications after three retries.

Prerequisites

To set up and use Notifications, you must have:

A valid Agora account.
An active Agora project.
A computer with Internet access.

If your network access is restricted by a firewall, call the IP address query API to retrieve the Notifications IP addresses , then configure the firewall to allow these IP addresses.

Handle notifications for specific events

In order to handle notifications for the events you subscribe to, you need to:

Create your webhook
Enable Notifications
Verify Notifications signatures

Create your webhook

Once Notifications is enabled, Agora SD-RTN™ sends notification callbacks as HTTPS POST requests to your webhook when events that you are subscribed to occur. The data format of the requests is JSON, the character encoding is UTF-8, and the signature algorithm is HMAC/SHA1 or HMAC/SHA256.

For Notifications, a webhook is an endpoint on an HTTP server that handles these requests. In a production environment you write this in your web infrastructure, for development purposes best practice is to create a simple local server and use a service such as ngrok to supply a public URL that you register with Agora SD-RTN™ when you enable Notifications.

To do this, take the following steps:

Set up a Java project for your server

Your server receives and handles notifications. The RootHandler handles requests sent to the root address of your server and the NcsHandler handles the notifications sent to <your server address>/ncsNotify. To set up your server, create a new Java project and add the following code to a file named Main.java:

_34import java.io.IOException; _34import java.net.InetSocketAddress; _34import com.sun.net.httpserver.HttpServer; _34 _34public class Main { _34 public static int port = 80; _34 _34 public static void main(String[] args) { _34 // Start http server _34 SimpleHttpServer httpServer = new SimpleHttpServer(); _34 httpServer.Start(port); _34 } _34 _34 static class SimpleHttpServer { _34 private HttpServer server; _34 _34 public void Start(int port) { _34 try { _34 server = HttpServer.create(new InetSocketAddress(port), 0); _34 System.out.println("Notifications webhook server started on port " + port); _34 server.createContext("/", new Handlers.RootHandler()); _34 server.createContext("/ncsNotify", new Handlers.NcsHandler()); _34 server.setExecutor(null); _34 server.start(); _34 } catch (IOException e) { _34 e.printStackTrace(); _34 } _34 } _34 _34 public void Stop() { _34 server.stop(0); _34 } _34 } _34}
Add a JSON library to your project

The body of an HTTP request that your server receives contains event parameters in JSON format. To read these parameters download the json-simple-1.1.1.jar library and add it to your JAVA project.
Handle Notifications callbacks

To define the RootHandler and the NcsHandler, create a new file named Handlers.java in your Java project folder. Add the following code to this file:
Create a public URL for your server

In this example you use ngrok to create a public URL for your server.
1. Download and install ngrok. If you have Chocolatey, use the following command:
  
  _1choco install ngrok
2. Add an authtoken to ngrok:
  
  _1ngrok config add-authtoken <authToken>
  
  To obtain an authToken, sign up with ngrok.
3. Start a tunnel to your local server using the following command:
  
  _1ngrok http <local server port>
  
  You see a Forwarding URL displayed such as https://1111-123-456-789-99.ap.ngrok.io. This is the public URL for your local server that you use to enable Notifications.

Enable Notifications

To enable Notifications:

Log in to Agora Console. On the Project Management tab, locate the project for which you want to enable Notifications and click Configure.
In the Features section, locate Notifications, and click Enable.
On the configuration page, click on the service for which you want to enable notifications. The item expands to show configuration options.
Fill in the following information:
- Event: Select all the events that you want to subscribe to.
  
  If the selected events generate a high number of queries per second (QPS), ensure that your server has sufficient processing capacity.
- Receiving Server Region: Select the region where your server that receives the notifications is located. Agora connects to the nearest Agora node server based on your selection.
- Receiving Server URL Endpoint: The HTTPS public address of your server that receives the notifications. For example, https://1111-123-456-789-99.ap.ngrok.io/ncsNotify.
  - To enhance security, Notifications no longer supports HTTP addresses.
  - To reduce the delay in notification delivery, best practice is to activate HTTP persistent connection (also called HTTP keep-alive) on your server with the following settings:
    - MaxKeepAliveRequests: 100 or more
    - KeepAliveTimeout: 10 seconds or more
- Whitelist: If your server is behind a firewall, check the box here, and ensure that you call the IP address query API to get the IP addresses of the Agora Notifications server and add them to the firewall's allowed IP list.
Copy the Secret displayed against the product name by clicking the copy icon. You use this secret to Add signature verification.
Press Save. Agora performs a health test for your configuration as follows:
1. The Notifications health test generates test events that correspond to your subscribed events, and then sends test event callbacks to your server.
2. After receiving each test event callback, your server must respond within 10 seconds with a status code of 200. The response body must be in JSON format.
3. When the Notifications health test succeeds, read the prompt and press Save Notifications Configuration. After your configuration is saved, the Status of Notifications shows Enabled.
  
  If the Notifications health test fails, follow the prompt on the Agora Console to troubleshoot the error. Common errors include the following:
  - Request timeout (590): Your server does not return the status code 200 within 10 seconds. Check whether your server responds to the request properly. If your server responds to the request properly, contact Agora Technical Support to check if the network connection between the Agora Notifications server and your server is working.
  - Domain name unreachable (591): The domain name is invalid and cannot be resolved to the target IP address. Check whether your server is properly deployed.
  - Certificate error (592): The Agora Notifications server fails to verify the SSL certificates returned by your server. Check if the SSL certificates of your server are valid. If your server is behind a firewall, check whether you have added all IP addresses of the Agora Notifications server to the firewall's allowed IP list.
  - Other response errors: Your server returns a response with a status code other than 200. See the prompt on the Agora Console for the specific status code and error messages.

Add signature verification

To communicate securely between Notifications and your webhook, Agora SD-RTN™ uses signatures for identity verification as follows:

When you configure Notifications in Agora Console, Agora SD-RTN™ generates the secret you use for verification.
When sending a notification, Notifications generates two signature values from the secret using HMAC/SHA1 and HMAC/SHA256 algorithms. These signatures are added as Agora-Signature and Agora-Signature-V2 to the HTTPS request header.
When your server receives a callback, you can verify Agora-Signature or Agora-Signature-V2.
- To verify Agora-Signature, use the secret, the raw request body, and the HMAC/SHA1 algorithm.
- To verify Agora-Signature-V2, use the secret, the raw request body, and the HMAC/SHA2 algorithm.

To add signature verification to your server, take the following steps:

In your JAVA project folder, add a new file named Signature.java containing the following code:

_40import javax.crypto.Mac; _40import javax.crypto.spec.SecretKeySpec; _40 _40public class Signature { _40 static String secret = "<your NCS secret>"; _40 _40 public static String bytesToHex(byte[] bytes) { _40 // Convert an encrypted byte array into a hex string _40 StringBuffer sb = new StringBuffer(); _40 for (int i = 0; i < bytes.length; i++) { _40 String hex = Integer.toHexString(bytes[i] & 0xFF); _40 if (hex.length() < 2) { _40 sb.append(0); _40 } _40 sb.append(hex); _40 } _40 return sb.toString(); _40 } _40 _40 // Use the HMAC/SHA1 algorithm and get the encrypted hex string _40 // To use the HMAC/SHA256 algorithm, replace "HmacSHA1" with "HmacSHA256" _40 public static String hmacSha1(String message) { _40 try { _40 SecretKeySpec signingKey = new SecretKeySpec(secret.getBytes( _40 "utf-8"), "HmacSHA1"); _40 Mac mac = Mac.getInstance("HmacSHA1"); _40 mac.init(signingKey); _40 byte[] rawHmac = mac.doFinal(message.getBytes("utf-8")); _40 return bytesToHex(rawHmac); _40 } catch (Exception e) { _40 throw new RuntimeException(e); _40 } _40 } _40 _40 public static boolean verify(String request_body, String signature) { _40 // Check the signature against the encrypted request body _40 // Returns true if the signature matches the encrypted hex string _40 return (hmacSha1(request_body).equals(signature)); _40 } _40}

Make sure you update your Notifications secret in the code. To verify authenticity using Agora-Signature-V2, replace HmacSHA1 with HmacSHA256 in the sample code.
To verify data in the Notifications callback, add the following code to NcsHandler:

_3// Pass the request body and the signature from the request header _3boolean isVerified = Signature.verify(body, agoraSignature); _3System.out.println("Signature verified: " + isVerified);

Reference

This section contains in depth information about Notifications.

Request Header

The header of notification callbacks contains the following fields:

Field name	Value
`Content-Type`	`application/json`
`Agora-Signature`	The signature generated by Agora using the Secret and the HMAC/SHA1 algorithm. You need to use the Secret and HMAC/SHA1 algorithm to verify the signature value. For details, see Signature verification.
`Agora-Signature-V2`	The signature generated by Agora using the Secret and the HMAC/SHA256 algorithm. You need to use the Secret and the HMAC/SHA256 algorithm to verify the signature value. For details, see Signature verification.

Request Body

The request body of notification callbacks contains the following fields:

Field name	Type	Description
`noticeId`	String	The notification ID, identifying the notification callback when the event occurs.
`productId`	Number	The product ID: `1`: Realtime Communication (RTC) service `3`: Cloud Recording `4`: Media Pull `5`: Media Push
`eventType`	Number	The type of event being notified. For details, see event types.
`notifyMs`	Number	The Unix timestamp (ms) when Notifications sends a callback to your server. This value is updated when Notifications resends the notification callback.
`payload`	JSON Object	The content of the event being notified. The payload varies with event type.

Example

{
   "noticeId":"2000001428:4330:107",
   "productId":1,
   "eventType":101,
   "notifyMs":1611566412672,
   "payload":{
      ...
   }
}

Event types

IP address query API

If your server that receives notification callbacks is behind a firewall, you need to call the IP address query API to retrieve the IP addresses of Notifications and configure your firewall to trust all these IP addresses.

Agora occasionally adjusts the Notifications IP addresses. Best practice is to call this endpoint at least every 24 hours and automatically update the firewall configuration.

Prototype

Method: GET
Endpoint: https://api.agora.io/v2/ncs/ip

Request header

Authorization: You must generate a Base64-encoded credential with the Customer ID and Customer Secret provided by Agora, and then pass the credential to the Authorization field in the HTTP request header.

Request body

This API has no body parameters.

Response body

When the request succeeds, the response body looks like the following:

{
    "data": {
        "service": {
            "hosts": [
                {
                    "primaryIP": "xxx.xxx.xxx.xxx"
                },
                {
                    "primaryIP": "xxx.xxx.xxx.xxx"
                }
            ]
        }
    }
}

Each primary IP field shows an IP address of Notifications server. When you receive a response, you need to note the primary IP fields and add all these IP addresses to your firewall's allowed IP list.

Considerations

Notifications does not guarantee that notification callbacks arrive at your server in the same order as events occur.
Your server needs to be able to handle messages arriving out of order.
To improve the reliability of Notifications, there can be more than one notification callback for each event, and your server needs to be able to handle repeated messages.