Parse an incoming webhook request into a typed, normalized trigger payload. Pass a framework request object, or pass ``body=`` and ``headers=`` explicitly. When ``verify_secret`` is provided, the SDK verifies the webhook signature before returning the normalized tri
(
self,
request: t.Any = None,
*,
body: t.Union[str, bytes, t.Mapping[str, t.Any], None] = None,
headers: t.Union[t.Mapping[str, t.Any], None] = None,
verify_secret: t.Union[str, None, Omit] = omit,
tolerance: int = 300,
)
| 1259 | } |
| 1260 | |
| 1261 | def parse( |
| 1262 | self, |
| 1263 | request: t.Any = None, |
| 1264 | *, |
| 1265 | body: t.Union[str, bytes, t.Mapping[str, t.Any], None] = None, |
| 1266 | headers: t.Union[t.Mapping[str, t.Any], None] = None, |
| 1267 | verify_secret: t.Union[str, None, Omit] = omit, |
| 1268 | tolerance: int = 300, |
| 1269 | ) -> VerifyWebhookResult: |
| 1270 | """ |
| 1271 | Parse an incoming webhook request into a typed, normalized trigger payload. |
| 1272 | |
| 1273 | Pass a framework request object, or pass ``body=`` and ``headers=`` |
| 1274 | explicitly. When ``verify_secret`` is provided, the SDK verifies the |
| 1275 | webhook signature before returning the normalized trigger payload. When |
| 1276 | it is omitted, the SDK parses the body without verifying the signature. |
| 1277 | |
| 1278 | ``request`` may be any object exposing the request body and headers, such |
| 1279 | as a Flask, Django, or FastAPI request. The body is read from ``.body`` |
| 1280 | (or ``.data`` / ``.get_data()``), and the headers are read from |
| 1281 | ``.headers``. Because this SDK is synchronous, async frameworks must pass |
| 1282 | an already-read raw body, for example via ``body=await request.body()``. |
| 1283 | |
| 1284 | :param request: The incoming webhook request object (Flask/Django/FastAPI) |
| 1285 | :param body: The raw request body (str/bytes/parsed mapping); overrides ``request`` |
| 1286 | :param headers: The request headers as a mapping; overrides ``request`` |
| 1287 | :param verify_secret: Webhook secret; when set, the signature is verified. |
| 1288 | Omit it entirely to parse without verification. Passing a present-but-empty |
| 1289 | value (e.g. an unset ``COMPOSIO_WEBHOOK_SECRET``) raises rather than |
| 1290 | silently skipping verification. |
| 1291 | :param tolerance: Max webhook age in seconds (only used when verifying) |
| 1292 | :return: VerifyWebhookResult containing version, normalized payload, and raw payload |
| 1293 | :raises ValidationError: If ``verify_secret`` is empty, or is set but signature headers are missing |
| 1294 | :raises WebhookSignatureVerificationError: If signature verification fails |
| 1295 | :raises WebhookPayloadError: If the payload cannot be parsed |
| 1296 | |
| 1297 | Example: |
| 1298 | # Flask: verify the signature |
| 1299 | @app.route('/webhooks/composio', methods=['POST']) |
| 1300 | def webhook(): |
| 1301 | try: |
| 1302 | result = composio.triggers.parse( |
| 1303 | request, |
| 1304 | verify_secret=os.environ['COMPOSIO_WEBHOOK_SECRET'], |
| 1305 | ) |
| 1306 | print(f"Trigger: {result['payload']['trigger_slug']}") |
| 1307 | print(f"Event data: {result['payload']['payload']}") |
| 1308 | return 'OK', 200 |
| 1309 | except exceptions.WebhookSignatureVerificationError: |
| 1310 | return 'Unauthorized', 401 |
| 1311 | |
| 1312 | # FastAPI: parse without verifying after reading the async body |
| 1313 | @app.post('/webhooks/composio') |
| 1314 | async def webhook(request: Request): |
| 1315 | raw = await request.body() |
| 1316 | result = composio.triggers.parse(body=raw, headers=request.headers) |
| 1317 | return {'trigger': result['payload']['trigger_slug']} |
| 1318 | """ |