CEXT-3914: Add a webhook option to skip certificate validation

oshmyheliuk · oshmyheliuk · commit 2637fdc297b1 · 2024-12-06T15:32:13.000-06:00
diff --git a/src/pages/webhooks/testing.md b/src/pages/webhooks/testing.md
@@ -50,3 +50,47 @@ Responses for a webhook endpoint may be cached if the `ttl` attribute for a hook
 ```bash
 bin/magento cache:clean webhooks_response
 ```
+
+## Testing webhook endpoint with self-signed SSL certificate
+
+**NOTE**: These options are recommended to use only for development purposes. It's not secure to disable SSL verification in production environments.
+
+If your webhook endpoint uses a self-signed SSL certificate, you can disable SSL verification for the webhook endpoint by setting the `sslVerification` attribute to `false` in the `hook` element.
+
+```xml
+    <method name="observer.checkout_cart_product_add_before" type="before">
+        <hooks>
+            <batch>
+                <hook name="validate_stock" 
+                      url="{env:APP_BUILDER_PROJECT_URL}/product-validate-stock" 
+                      sslVerification="false"
+                >
+                    <fields>
+                        <field name='product.name' source='data.product.name' />
+                        <field name='product.sku' source='data.product.sku' />
+                    </fields>
+                </hook>
+            </batch>
+        </hooks>
+    </method>
+```
+
+Or to specify path to the SSL certificate:
+
+```xml
+    <method name="observer.checkout_cart_product_add_before" type="before">
+        <hooks>
+            <batch>
+                <hook name="validate_stock" 
+                      url="{env:APP_BUILDER_PROJECT_URL}/product-validate-stock"
+                      sslCertificatePath="/path/to/ssl/certificate.pem"
+                >
+                    <fields>
+                        <field name='product.name' source='data.product.name' />
+                        <field name='product.sku' source='data.product.sku' />
+                    </fields>
+                </hook>
+            </batch>
+        </hooks>
+    </method>
+```
diff --git a/src/pages/webhooks/xml-schema.md b/src/pages/webhooks/xml-schema.md
@@ -75,6 +75,8 @@ The `hook` element defines the HTTP request to the remote server.
 | `fallbackErrorMessage` | Int    | The error message to return when the hook fails. | false       | Not applicable     |
 | `remove` | Boolean   | Indicates whether to skip a removed hook during the batch execution. | false       | false   |
 | `ttl` | Int    | The cache time-to-live (in seconds) for requests with the same URL, body, and headers. If this attribute is not specified, or if the value set to `0`, the response is not cached. | false       | 0       |
+| `sslVerification` | Boolean | Specifies whether SSL certificate verification would be performed during request. Enabled by default. It's recommended to use this option only for development purposes. | false       | true        |
+| `sslCertificatePath` | String  | Specifies the path to a custom SSL certificate file to use for SSL verification. This option will be ignored if sslVerification is set to false. | false       | true        |
 | `headers` | Array  | A set of HTTP headers to send with the request. | false       | []      |
 | `fields` | Array  | A set of fields to include in the hook payload. If not set, the entire payload will be sent. | false       | []      |
 
