Zendesk webhooks are a powerful tool to keep your other systems updated with changes in your Zendesk account. Using webhooks to integrate with Amazon EventBridge creates the opportunity for more sophisticated workflows with real-time data processing. This article describes how to use webhooks to send Zendesk events to Amazon EventBridge.
Requirements for sending events to Amazon EventBridge with webhooks
- You must be an admin in your Zendesk account.
- You must have an AWS account with EventBridge set up.
Additionally, you should have a basic understanding of AWS services, including EventBridge.
Creating your EventBridge event bus
Before creating the webhook, you must create an EventBridge event bus.
arn:aws:events:{REGION}:{AWS_ID}:event-bus/{EVENT_BUS_ID}
Creating a Lambda function to receive the webhook payload
A Lambda function is required to receive the webhook, confirm the webhook's signature, and pass the webhook payload on to the EventBridge event bus you created.
- Use the AWS Lambda console to create a new Lambda function. Complete the fields as need. Under the Advanced settings, select Enable function URL and then select NONE for the authentication method.
Note the Function URL. This is the public URL you'll connect your webhook to.
- Add the following code to the Code source window, then click Deploy.
import json import hashlib import hmac import os import base64 import logging import boto3 LOGGER = logging.getLogger() LOGGER.setLevel('INFO') EVENTBRIDGE = boto3.client('events') # Set these values in your Lambda function environment variables. EVENT_BUS_ARN = os.environ['EVENT_BUS_ARN'] WEBHOOK_SECRET = os.environ['WEBHOOK_SECRET'].encode('utf-8') def verify_signature(payload, signature, timestamp): '''Verify the provided webhook signature was created by Zendesk's Webhook feature.''' combined = timestamp + payload combined_bytes = combined.encode('utf-8') computed_hmac = hmac.new(WEBHOOK_SECRET, combined_bytes, hashlib.sha256) computed_signature = base64.b64encode(computed_hmac.digest()).decode('utf-8') return hmac.compare_digest(computed_signature, signature) def webhook_to_eventbridge(event): '''Forward the webhook body to AWS EventBridge.''' payload = event['body'] signature = event['headers'].get('x-zendesk-webhook-signature', '') timestamp = event['headers'].get('x-zendesk-webhook-signature-timestamp', '') if not verify_signature(payload, signature, timestamp): LOGGER.warning('Received webhook with invalid signature') return { 'statusCode': 403, 'body': json.dumps({'message': 'Forbidden'}), } payload_dict = json.loads(payload) if isinstance(payload, str) else payload event_source = payload_dict.get('source', 'webhook.custom') detail_type = payload_dict.get('type', 'defaultDetailType') put_events_response = EVENTBRIDGE.put_events( Entries=[ { 'Source': event_source, 'DetailType': detail_type, 'Detail': json.dumps(payload_dict), 'EventBusName': EVENT_BUS_ARN, } ] ) response_entries = put_events_response.get('Entries', []) if len(response_entries) == 0 or 'ErrorCode' in response_entries[0]: LOGGER.error(f'Push to event bridge failed: {response_entries}') return { 'statusCode': 500, 'body': json.dumps( { 'message': 'Failed to send event to EventBridge', 'response': put_events_response, } ), } return { 'statusCode': 200, 'body': json.dumps( { 'message': 'Event successfully sent to EventBridge', 'response': put_events_response, } ), } def lambda_handler(event, context): try: return webhook_to_eventbridge(event) except Exception as e: LOGGER.exception('Error handling webhook') return { 'statusCode': 500, 'body': json.dumps({'message': 'Error handling webhook', 'error': str(e)}), }
- Add two environmental variables to the Lambda function:
-
EVENT_BUS_ARN
: Set this to the ARN value you got when creating the EventBridge event bus. This is the event bus location. -
WEBHOOK_SECRET
: After you create the webhook, you'll need to set this to the webhook secret.
-
- Use the AWS IAM console to create a role for the AWS Lambda service.
Note the role's name. You'll need this information to assign the role to your Lambda function.
- After creating the role, edit it to add the EventBridge event bus ARN.
- Open the role.
- Under Step 2: Add permissions click Edit and select Create inline policy.
- Search for EventBridge services and select the PutEvents method.
- Under Resources, click Add ARNs.
- Enter the EventBridge event bus ARN and click Next.
- Enter a Name for your policy and click Create policy.
- Use the AWS Lambda console to open the Lambda function you created and assign the IAM role to it. On the Configuration tab, select Permissions and click Edit. At the bottom of the page, select the role's name and click Save.
Creating a Zendesk webhook to connect to Amazon EventBridge
After creating the EventBridge event bus and configuring the Lambda function, you need to create the webhook itself.
- In Admin Center, click Apps and integrations in the sidebar, then select Webhooks > Webhooks.
-
Create the webhook, making sure to specify the following values:
- Set the Endpoint URL to the Function URL you got when you created the Lambda function.
- Set Authentication to None.
Note: Zendesk generates a secret key during the creation process for each webhook. To successfully connect your webhook to Amazon EventBridge, you must copy and paste this secret key into your Lambda function'sWEBHOOK_SECRET
environmental variable. See Creating a Lambda function to receive the webhook payload. - Click Create webhook.