chore: refactor the webhooks guide

DX-19

Author: aheckmann

docs/webhooks/overview.mdx

@@ -1,140 +1,217 @@
 ---
 title: Webhooks
 sidebar_label: Overview
-description: A webhook triggers a HTTP POST request on the specified url, whenever there is a change in an event. Like a new project is created, updated or deleted then a webhook can be triggered to receive the required payload.
+description: Use webhooks to receive real-time notifications about events in Plane.
 ---
 
 {frontMatter.description && <h3 class="description">{frontMatter.description}</h3>}
 
-## Creating a webhook
+## Introduction
 
-`url` You are required to provide a url in which you want the payloads to be triggered.
+Webhooks are a powerful way to receive real-time HTTP-based notifications about
+events in Plane. By setting up a webhook, you can automatically receive updates
+whenever specific events occur, such as the creation, update, or deletion of
+projects, work items, or other entities.
 
-Then select the events for which you want the webhook to be triggered.
+:::tip Events
+Plane supports the following webhook events:
 
-After you create the webhook, a secret key will be created automatically and will be downloaded in csv format.
+- **Project**: created, updated, deleted
+- **Cycle**: created, updated, deleted
+- **Module**: created, updated, deleted
+- **Work Item**: created, updated, deleted, added to cycle, added to module
+- **Work Item Comment**: created, updated, deleted
+:::
 
-```json
-"Content-Type": "application/json",
-"User-Agent": "Autopilot",
-"X-Plane-Delivery": "f819eff4-cd50-4987-bc97-e5be1e04c94f",
-"X-Plane-Event": "project",
-"X-Plane-Signature": "7896ae9addb1f73931132b4f3e052bf12c410b837b24898e75dcd660c7"
 
-```
+## Creating a webhook
 
-| Header            | Description                                                          |
-| ----------------- | -------------------------------------------------------------------- |
-| X-Plane-Delivery  | It is a randomly generated UUID for uniquely identifying the payload |
-| X-Plane-Event     | It describes the event for which the webhook triggered               |
-| X-Plane-Signature | A signature is generated based on the secret and the payload         |
+To create a webhook, navigate to your Plane workspace settings, **Developer**
+section, and click **Webhooks**. Then click the **Add webhook** button.
 
-### Webhook Payload Example for the project `update`
+import ImgCreate from '@site/static/images/webhooks/create.png';
 
-```json
-"event": "project",
-"action": "update",
-"webhook_id": "3c2c32ac-82df-48b3-be2a-a3e21dbe8692",
-"workspace_id": "d2d97c94-a6ad-4012-b526-5577c0d7c769",
-"data": {
-	"id":"22b6fc9c-1849-45da-b103-52a3e3a6b4c1",
-    "workspace_detail": {
-        "name":"Testing Project",
-        "slug":"testing-project",
-        "id":"bob1b192-f988-4bf9-b569-825de8cb0678"
-    },
-	"created_at":"2023-10-25T04:38:59.566962Z",
-	"updated_at":"2023-10-25T06:44:48.543685Z",
-	"name":"vfecddcwerj",
-	"description":"",
-	"description_text":null,
-	"description_html":null,
-	"network":2,
-	"identifier":"TRACE",
-	"emoji":null,
-	"icon_prop":null,
-	"module_view":true,
-	"cycle_view":true,
-	"issue_views_view":true,
-	"page_view":true,
-	"inbox_view":true,
-	"cover_image":null,
-	"archive_in":0,
-	"close_in":0,
-	"created_by":"6bb20d1c-4960-41ca-af4f-cee01de160c4",
-	"updated_by":"6bb20d1c-4960-41ca-af4f-cee01de160c4",
-	"workspace":"bob1b192-f988-4bf9-b569-825de8cb0678",
-	"default_assignee":null,
-	"project_lead":null,
-	"estimate":null,
-	"default_state":null
-},
+<img src={ImgCreate} className='center' style={{width: '700px'}} alt="Create webhook" />
 
-```
+Next, enter your URL, optionally choose the events which will trigger
+your webhook and click **Create**.
 
-User can choose the things for which they want the webhook to be triggered.
+import ImgDetails from '@site/static/images/webhooks/details.png';
 
-Currently Plane supports the following events for which webhook can be trigged:
+<img src={ImgDetails} className='center' style={{width: '700px'}} alt="Define webhook details" />
 
-    -  Project
-    -  Issue
-    -  Cycle
-    -  Module
-    -  Issue Comment
+Afterwards, you will be prompted to save your webhook secret key. You can use
+this key to verify the authenticity of webhook payloads you receive from Plane.
+We'll cover this [later in the guide](#verifying-payloads).
 
-## Verifying Signature
+import ImgKey from '@site/static/images/webhooks/key.png';
 
-```python
-import hashlib
-import hmac
+<img src={ImgKey} className='center' style={{width: '700px'}} alt="Webhook key created" />
 
-secret_token = os.environ.get("WEBHOOK_SECRET")
+## Defining a webhook consumer
 
-received_signature = request.headers.get('X-Plane-Signature')
-received_payload = json.dumps(request.json).encode('utf-8')
+Your webhook consumer URL must be an HTTP endpoint which satisfies the following conditions:
 
-expected_signature = hmac.new(secret_token.encode('utf-8'), msg=received_payload, digestmod=hashlib.sha256).hexdigest()
+1. Responds to Plane requests with an `HTTP 200` ("OK") response
+2. Is publicly accessible
+3. Is not localhost
+    - Valid: `https://example.com/webhook`
+    - Invalid: `http://localhost:3000/webhook`
 
-if not hmac.compare_digest(expected_signature, received_signature):
-   raise HTTPException(status_code=403, detail="Invalid Signature provided")
+:::tip
+If your consumer does not respond with an `HTTP 200` response, Plane will retry the delivery
+up to three times with an exponential backoff delay.
+:::
 
-```
+## Webhook payloads
 
-## How webhooks work
+When a webhook is triggered, Plane sends a JSON payload to your specified URL via HTTP `POST`.
+The payload contains the following fields:
 
-Your webhook consumer is a simple HTTP endpoint. It must satisfy the following conditions:
+- `action`: One of `create`, `update`, or `delete`, indicating the type of event
+- `event`: One of `project`, `cycle`, `module`, or `issue`, indicating the type of event that triggered the webhook
+  - _Note: `issue` refers to Work Items in Plane. This will be updated in the future to reflect the correct terminology._
+- `webhook_id`: The unique identifier of the webhook
+- `workspace_id`: The ID of the workspace where the event occurred
+- `data`: An optional object containing the details of the event. The structure
+of this field varies based on the `event` and `action` (see below).
 
-- It's available in a publicly accessible non-localhost URL.
-- It will respond to the Plane Webhook push (HTTP POST request) with a `HTTP 200` ("OK") response.
+### Payload examples
 
-If a delivery fails (i.e. server unavailable or responded with a non-200 HTTP status code), the push will be retried a couple of times. Here an exponential backoff delay is used: the attempt will be retried after approximately 10 minutes, then 30 minutes, and so on.
+#### Delete action
 
-The webhooks are triggered for POST, PATCH, and DELETE requests.
+```json
+{
+  "event":"issue",
+  "action":"delete",
+  "webhook_id":"f1a2fe64-c8d4-4eed-b3ef-498690052c1d",
+  "workspace_id":"c467e125-59e3-44ec-b5ee-f9c1e138c611",
+  "data":{
+    "id":"9a28bd00-ed9c-4f5d-8be9-fc05cbb1fc57"
+  }
+}
+```
 
-- For DELETE requests, the response only includes the ID of the deleted entity.
+#### Update action
 
+```json
+{
+  "event":"project",
+  "action":"update",
+  "webhook_id":"3c2c32ac-82df-48b3-be2a-a3e21dbe8692",
+  "workspace_id":"d2d97c94-a6ad-4012-b526-5577c0d7c769",
+  "data": {
+    "id":"22b6fc9c-1849-45da-b103-52a3e3a6b4c1",
+    "workspace_detail": {
+      "name":"Testing Project",
+      "slug":"testing-project",
+      "id":"bob1b192-f988-4bf9-b569-825de8cb0678"
+    },
+    "created_at":"2023-10-25T04:38:59.566962Z",
+    "updated_at":"2023-10-25T06:44:48.543685Z",
+    "name":"vfecddcwerj",
+    "description":"",
+    "description_text":null,
+    "description_html":null,
+    "network":2,
+    "identifier":"TRACE",
+    "emoji":null,
+    "icon_prop":null,
+    "module_view":true,
+    "cycle_view":true,
+    "issue_views_view":true,
+    "page_view":true,
+    "inbox_view":true,
+    "cover_image":null,
+    "archive_in":0,
+    "close_in":0,
+    "created_by":"6bb20d1c-4960-41ca-af4f-cee01de160c4",
+    "updated_by":"6bb20d1c-4960-41ca-af4f-cee01de160c4",
+    "workspace":"bob1b192-f988-4bf9-b569-825de8cb0678",
+    "default_assignee":null,
+    "project_lead":null,
+    "estimate":null,
+    "default_state":null
+  }
+}
 ```
-"action":"delete",
-"data":{
-	"id":"9a28bd00-ed9c-4f5d-8be9-fc05cbb1fc57"
-},
-"event":"issue",
-"webhook_id":"f1a2fe64-c8d4-4eed-b3ef-498690052c1d",
-"workspace_id":"c467e125-59e3-44ec-b5ee-f9c1e138c611"
 
-```
+## Webhook headers
 
-- However, for both POST and PATCH requests, the complete payload is sent in the response.
+When Plane sends a webhook payload, it includes several HTTP headers to help you
+identify and verify the request. The most important headers are:
 
+```json
+"Content-Type": "application/json",
+"X-Plane-Delivery": "f819eff4-cd50-4987-bc97-e5be1e04c94f",
+"X-Plane-Event": "project",
+"X-Plane-Signature": "7896ae9addb1f73931132b4f3e052bf12c410b837b24898e75dcd660c7"
 ```
-"event":"issue",
-"action":"update",
-"webhook_id":"f1a2fe64-c8d4-4eed-b3ef-498690052c1d",
-"workspace_id":"c467e125-59e3-44ec-b5ee-f9c1e138c611",
-"data":{ ... }
 
-```
+| Header            | Description                                                          |
+| ----------------- | -------------------------------------------------------------------- |
+| X-Plane-Delivery  | A randomly generated UUID for uniquely identifying the payload |
+| X-Plane-Event     | The event for which the webhook was triggered               |
+| X-Plane-Signature | A signature generated based on the secret and the payload         |
+
+
+## Verifying payloads
+
+To verify the authenticity of the webhook payloads, you can use the `X-Plane-Signature` header.
+This header contains an HMAC SHA-256 signature of the payload, generated using the secret key
+you received when creating the webhook. If the signature matches the expected signature, you can be confident that the payload
+was sent by Plane and has not been tampered with.
+
+Here's how to verify the payload signature in Python:
+
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+
+<Tabs>
+  <TabItem value="NodeJS" label="NodeJS" default>
+  ```javascript
+  // Fastify example
+  import { createHmac } from 'node:crypto';
+  const secret = process.env.WEBHOOK_SECRET;
+
+  // Fastify setup excluded for brevity
+
+  fastify.post('/webhook', options, async (request, reply) => {
+    const receivedSignature = request.headers['x-plane-signature'];
+    const payload = JSON.stringify(request.body);
+
+    const computedSignature = createHmac('sha256', secret)
+      .update(payload)
+      .digest('hex');
+
+    if (receivedSignature !== computedSignature) {
+      return reply.status(403).send('Invalid signature');
+    }
+
+    // Process the webhook payload
+    return reply.status(200).send('Webhook received');
+  })
+  ```
+  </TabItem>
+  <TabItem value="python" label="Python">
+  ```python
+  import hashlib
+  import hmac
+
+  secret_token = os.environ.get("WEBHOOK_SECRET")
+
+  received_signature = request.headers.get('X-Plane-Signature')
+  received_payload = json.dumps(request.json).encode('utf-8')
+
+  expected_signature = hmac.new(secret_token.encode('utf-8'), msg=received_payload, digestmod=hashlib.sha256).hexdigest()
+
+  if not hmac.compare_digest(expected_signature, received_signature):
+    raise HTTPException(status_code=403, detail="Invalid Signature provided")
+  ```
+  </TabItem>
+</Tabs>
 
-:::note
-Whenever an issue is added to the module, the corresponding issue webhook will be triggered. Similarly, any updates made to the cycle issue will also activate the issue webhook.
+:::tip Questions?
+If you have any questions or need help with webhooks, please reach out to us at
+[email protected]
 :::

src/css/custom.css

@@ -758,7 +758,7 @@ table thead tr {
   margin: 10px;
 }
 
-img[src*='#center'] {
+img[src*='#center'], img.center {
   display: block;
   border-radius: 0.75rem;
   float: none;
@@ -771,7 +771,9 @@ img[src*='#center'] {
   background-color: rgb(226 226 226);
 }
 
-[data-theme='dark'] img[src*='#center'] {
+[data-theme='dark'] img[src*='#center'],
+[data-theme='dark'] img.center
+ {
   display: block;
   border-radius: 0.75rem;
   float: none;