Catch Connection Token
Before getting started, you must have set up the auth flow through magic-link or using the embedded snippet.
If you need to understand in depth these concepts, jump to the magic-link and frontend widget recipes.
You may need to follow first our webhook guide so you can understand quickly the next steps.
How to catch connection tokens ?
A connection_token
is created everytime a user connects an account to your platform.
It is a field of the Connection Object that Panora sends as a payload data through a webhook when you listen to events tagged as connection.created
.
Create a webhook endpoint handler to receive event data POST requests.
We must listen to connection.created
event.
If you log event.data
, you’ll be able to check that it is a Connection Object. Hence, it contains an id_linked_user
(more info here) which is helpful to attach it to your own end-user on your backend/db systems.
Register your endpoint within Panora using the Dashboard or the API.
Register the webhook endpoint’s accessible URL using the Webhooks section or the API so Panora knows where to deliver events.
Webhook URL format
The URL format to register a webhook endpoint is:
For example, if your domain is https://mycompanysite.com
and the route to your webhook endpoint is @app.route('/panora_webhooks', methods=['POST'])
, specify https://mycompanysite.com/panora_webhooks
as the Endpoint URL.
Add a webhook endpoint
Navigate to the Configuration section and head to the Webhooks tab.
Register a webhook endpoint with the Panora API
You can also programmatically create webhook endpoints.
The following example creates an endpoint that notifies you when a connection is created.
Secure your webhook endpoint.
We highly recommend you secure your integration by ensuring your handler verifies that all webhook requests are generated by Panora. You can choose to verify webhook signatures using our official libraries or verify them manually.
Verify webhook signatures with official library
We recommend using our official libraries to verify signatures. You perform the verification by providing the event payload, the Panora-Signature
header, and the endpoint’s secret. If verification fails, you get an error.
Was this page helpful?