Webhook & Callback

Endpoint yang menerima panggilan dari sistem eksternal (payment gateway, mail provider, log shipper, layanan internal).

Callback di /api/v1 — routes/index.js

Method	Path	Handler	Keterangan
POST	/api/v1/refresh	refreshToken	Refresh access token
POST	/api/v1/revoke	revokeRefreshToken	Logout / cabut refresh token
POST	/api/v1/callback-raw-log	rawLog	Ingest log mentah dari Logstash → clean-log ES
GET	/api/v1/t3st-job	testJob	Endpoint test job
POST	/api/v1/callback-payment	cbXendit	Webhook pembayaran Xendit
POST	/api/v1/xendit	xendit	Endpoint Xendit
GET	/api/v1/auth-zoho	zoho.authorizeZoho	OAuth Zoho
GET	/api/v1/get-token	zoho.getToken	Ambil token Zoho
POST	/api/v1/spamming-mail	company.spamMailHandler	Handler laporan spam

Webhook pembayaran Xendit

• Path: POST /api/v1/callback-payment
• Auth: header x-callback-token harus cocok dengan CALLBACK_TOKEN_XENDIT.
• Controller: controllers/callbackXendit.js.
• Detail alur ada di Billing & Pembayaran.

Callback raw-log

• Path: POST /api/v1/callback-raw-log
• Controller: controllers/callbackRawLog.js.
• Detail ada di Logging Pengiriman.

/callback — routes/callbackRoutes.js

Method	Path	Handler	Auth
POST	/callback/sparkpost	callbacks.sparkpost	Basic Auth (SPARKPOST_WEBHOOK_USER / SPARKPOST_WEBHOOK_PASS)

Webhook event delivery SparkPost. Handler: callbacks/sparkpostCallback/sparkpostCallback.js. Detail di Logging Pengiriman.

/api/internal — routes/internalRoutes.js

Method	Path	Handler	Auth
POST	/api/internal/relay-status	internal.internalRelayAccount	API key (internalApiKeyAuth)

Auth via header x-api-key atau Bearer token, dibandingkan dengan INTERNAL_API_KEY (timing-safe compare).

/public — routes/publicRouter.js

Method	Path	Handler	Auth
GET	/public/company/script/:token	public.downloadSetupScript	Token di URL

Mengunduh setup script Zimbra yang dipersonalisasi (lihat Pengiriman Email).