Mailcoach can send a request to your app whenever:
- a user subscribed
- a user unsubscribed
- a campaign was sent
You could use these webhooks keep your local database in sync in near-real-time with Mailcoach.
To get started had to the webhooks screen in settings.
Securing webhooks
On the details page of a webhook, you can enter a secret.
This secret will be used to calculate a signature that will be added in the Signature
header to all requests from Mailcoach to your app.
In order to verify that the payload has not been tempered with when you receive the webhook, you can use the payload of the request and your secret to calculate the signature and compare it with the one in the Signature
header of the request.
// Payload is the post request body.
// Secret is set in your webhook settings.
$payloadJson = json_encode($payload);
$signature = hash_hmac('sha256', $payloadJson, $secret);