After Nike+ creates a subscription for an app (see SUBSCRIPTIONS for more information), the Webhooks service can send notifications to subscribers by POSTing to the callback_url.


Providing a verify_token is optional (see VERIFYING SUBSCRIPTIONS for more information). If a developer provided a verify_token value in the subscription request, the notification POST from Nike+ will contain an X-Hub-Signature header:
Content-Type: application/json
+ X-Hub-Signature: sha1={signature}

The X-Hub-Signature value will be sha1={signature} where {signature} is a 40-byte hexadecimal representation of a SHA1 signature. Nike+ computes the signature using the HMAC algorithm with the request body as the data and the verify_token as the key. When you receive a notification with the X-Hub-Signature header, you can verify the request by computing the SHA1 signature with the verify_token for the subscription. If the signature does not match, subscribers must still return a 200 OK response to acknowledge receipt, but locally ignore the message as invalid. 

Note:  Verifying the X-Hub-Signature is not required each time you receive a notification POST.

The Webhooks service requires a 200 OK response to a notification POST. If any notification sent to the callback_url server fails, the Webhooks service will retry periodically for 24 hours. After 24 hours, you will have to call the Activity Detail endpoint with the object_id to get any missed changes (see SAMPLE GET FOR ACTIVITY DETAIL for an example).


Name Type Required? Description
object_type String Yes The domain object name for the notification. Currently, “activity” is the only supported object type.
object_id String Yes The ID of the object that was created, deleted, or changed.
object_uri String (URI format RFC3986)
Yes The URI that can be used by subscriber apps to retrieve the object.
change_token String No The change token (is null for immutable objects). In future versions of Webhooks, the change token will identify a specific change for a mutable object.
user_id UUID No The user ID that this object is related to (null for cross-user objects)



Content-Type: application/json
+ X-Hub-Signature: sha1=48wawFmRoIGmBBUsDbW+QIFmjHc


    "object_type": “activity",
    "object_id": {object_id},
    "object_uri": "{object_id}",
    "change_token": "1",
    "user_id": "54"

Note:  The X-Hub-Signature header will only appear in POST notifications from the Webhooks service if you provided a verify_token when you subscribed (see SUBSCRIPTIONS for more information).



See Activity Detail for more information on retrieving the details for an Activity that has been created, updated, or deleted.

 Note:  The Activity Detail endpoint documentation uses {activityId} rather than {object_id} to refer to the object ID that is passed in with the GET request.