Gigya Job Openings

Comment Notifications

Skip to end of metadata
Go to start of metadata


Gigya's commenting service can generate callbacks to a customer-defined URL when a new comment is posted or when a pending comment is published. 

Comment notifications can be registered in the Gigya Platform's Settings tab, select Comment Settings and then page down to the Notifications.  Comment notification can also be registered using the comments.setCategoryInfo API (in the categorySettings parameter). 


The Notification Format

Notifications are sent as an HTTP/HTTPS post request with the following parameters:

  • event newCommentcommentEdited or commentStatusChanged. Comment statuses can be "published", "pending" or "rejected".
  • eventData - a JSON object containing the following fields:
    • categoryID - taken from the StreamInfo object
    • streamID - taken from the StreamInfo object
    • commentID
    • comment - contains the comment object
    • oldValue and newValue - these fields appear only in commentStatusChanged events. The fields hold the old and new statuses, respectively.
    • isModerator- this field appears only in commendEdited events, and only for comments that have been edited by a moderator. It is set to "true".
  • nonce - a cryptographic number that is unique for each post.
  • timestamp - the GMT time of the callback in UNIX time format (the number of seconds since January 1st 1970).
  • signature - the callback is signed using HMAC-SHA1 digital signature. The signature's base string is built from the event, eventData, nonce and timestamp. 

URL encoding is used for the data sent. In the example below the eventData is shown in its raw format, unencoded.

    "categoryID": "17235654",
    "streamID": "strm1",
    "commentID": "2a9f579657c044f380a4a0e1b6fc2af8",
    "comment": {
        "ID": "2a9f579657c044f380a4a0e1b6fc2af8", 
        "threadID": "", 
        "commentText": "This is a comment!", 
        "sender": {
            "photoURL": "", 
            "loginProvider": "Facebook",
            "name": "Mark Zuck", 


Signature Generation

  1. Generate a signature using the values in the callback (i.e. event, eventData, nonce and timestamp) in their URL-encoded form. Note - if you are using one of our SDKs, you may use the SigUtils.calcSignature method to generate the signature.
  2. Compare the generated signature with the signature received in the callback URL. Make sure both signatures are identical.


Sample Code (C#):

string event = "[the value of the event parameter]";   // "newComment" or "commentStatusChanged"

string eventData = "[the value of the <em style="font-size: 1em; line-height: 1.7em;">eventData parameter]";    // see the example above

string nonce = "[the value of the nonce parameter]"; // e.g. "b7a00b88e1b9469599e5f53049eb1b6d"

string timestamp =  "[the value of the timestamp parameter]";   // e.g. "1332079751"

string signatureBase = String.Format("{0}_{1}_{2}_{3}", event, eventData, nonce, timestamp);

string secret = "[your gigya secret key]";

string expectedSignature = Gigya.Socialize.SDK.SigUtils.CalcSignature(signatureBase, secret);  // Using Gigya's .Net SDK

// Now compare the expectedSignature value to the signature value returned in the callback

For further information on generating signatures and further examples see the Security Guidelines and signing instructions