Open
Description
Which part? Which one?
Organization Settings > Integrations > Feature Flags > Generic > API Documentation
Description
The API Documentation for generic feature flag providers is pretty unclear right now. A simple "send a request with this payload to that endpoint, generate a hash from the payload like this, append it as a header" example would go a long way.
With the given documentation, I'm struggling to get it right: To the best of my knowledge, this PHP implementation should work:
// Generate an idempotency token. Does this really HAVE to be a 64-bit integer..?
// Good luck to my juniors trying to understand what needs to happen here.
[1 => $token] = unpack("J", substr(hash("sha256", sprintf(
"%s:%s",
$name,
app()->environment(),
)), 0, 8));
// JSON-encode the request payload. Does "payload" mean the contents of `data`,
// or does it refer to the whole object? Assuming the latter.
$payload = json_encode([
'data' => [
[
'action' => $action,
'change_id' => $token,
'created_at' => now()->toIso8601String(),
'created_by' => [
'id' => auth()->user()?->getAuthIdentifier(),
'type' => 'email',
],
'flag' => $name,
],
],
'meta' => [
'version' => 1,
],
]);
$signature = hash_hmac('sha256', $payload, $secret, binary: false);
// Does the request need any credentials other than the signature? No way to know
$request = Http::asJson()
->withHeader('X-Sentry-Signature', $signature)
->withBody($payload);
$request->post($webhookUri);Yet, I receive a 401 Not authorized, and have no more cues to go by to fix this. The documentation leaves a lot to be desired here in terms of clarity.
Suggested Solution
- Provide some code samples for the full interaction, at least in Python, possibly in JS/TS or using curl
- Add proper authorization information, not just a sample HMAC implementation without context