设置 Webhook 配置(按授权码)
POST
/Webhook/Set
Webhook
- url: 回调地址,必填;
- secret: 签名密钥,可选;若配置则发送的消息体会包含 Signature 字段(HMAC-SHA256);
- enabled: 是否启用,默认 true;
- messageTypes: 事件类型过滤,默认 ["*"] 表示全部;
- includeSelfMessage: 是否包含自己发送的消息,默认 false;
- timeout: 超时秒数,默认 5;
- retryCount: 重试次数,默认 3;
示例(最简):{"url":"https://your-server.example.com/webhook"}
示例(常用,含签名):{"url":"https://your-server.example.com/webhook","secret":"your-signature-secret"}
示例(只订阅消息):{"url":"https://your-server.example.com/webhook","messageTypes":["message"]}
回调签名(若配置了 secret):
- 签名字段在 JSON 体内:Signature(十�六进制小写);
- 计算方式:HMAC-SHA256(secret, Wxid + ":" + MessageType + ":" + Timestamp);
- 同时会包含头 X-Webhook-Timestamp=Unix秒(也可直接使用消息体中的 Timestamp 字段);
验证示例(Node.js):
const crypto = require('crypto');\nconst ok = (body, secret) => {\n const bases =
${body.Wxid}:${body.MessageType}:${body.Timestamp};\n const expect = crypto.createHmac('sha256', secret).update(bases).digest('hex');\n return expect === body.Signature;\n}请求参数
Query 参数
Body 参数application/json必填
返回响应
请求示例请求示例
Shell
JavaScript
Java
Swift
curl --location --request POST '/Webhook/Set?authcode' \
--header 'Content-Type: application/json' \
--data-raw '{
"enabled": true,
"includeSelfMessage": true,
"messageTypes": [
"string"
],
"retryCount": 0,
"secret": "string",
"timeout": 0,
"url": "string"
}'响应示例响应示例
{
"Code": 0,
"Success": true,
"Message": "OK",
"Data": null,
"Data62": "",
"Debug": "",
"CodeValue": "",
"ID": 0
}
修改于 2025-10-02 12:46:17