Send ARMember profile updates to a secure JSON webhook for Google Apps Script, Make.com, or custom integrations.
- Hooks into ARMember
arm_update_profile_externalprofile update event - Sends payload as
application/jsonviaPOST - Adds shared secret in both query string and header for flexible receiver validation
- Configurable from a tabbed WordPress admin screen: Settings -> ARMember WebHook
- Git Updater-compatible release assets published automatically from GitHub Actions
- WordPress 5.0+
- PHP 8.0+
- ARMember plugin installed and active
- A webhook endpoint URL (Google Apps Script, Make.com, or custom API)
- Install and activate the plugin.
- Open Settings -> ARMember WebHook.
- Configure:
- Webhook URL
- Secret Key
- Enable webhook for profile updates =
Yes
- Update an ARMember profile and verify your endpoint receives a
POSTpayload.
- Copy the plugin to
/wp-content/plugins/WebHookARM. - Activate WebHookARM in Plugins.
- Go to Settings -> ARMember WebHook.
- Save your webhook URL and secret key.
Use the sample script in assets/webhookarm_appscript.gs.
- Open your Google Sheet.
- Go to Extensions -> Apps Script and paste/adapt the script.
- In Project Settings -> Script properties, set:
AUTH_SECRETSHEET_NAME
- Deploy as a Web App:
- Execute as:
Me - Who has access:
Anyone
- Execute as:
- Copy the Web App URL into plugin settings.
- Create an HTTP/Webhook scenario module.
- Receive a
POSTwithapplication/jsonbody. - Validate one of:
- Query param
key=<YOUR_SECRET> - Header
X-Security-Key: <YOUR_SECRET>
- Query param
- Process/store incoming fields as needed.
WebHookARM sends a POST request with:
- Query params:
key=<secret>action=profile_update
- Headers:
Content-Type: application/jsonX-Security-Key: <secret>
- JSON body:
{
"user_id": 123,
"user_login": "johndoe",
"user_email": "john@example.com"
}ARMember form fields are included in the same payload when available.
- Use a strong secret key.
- Always validate the secret at the receiving endpoint.
- Use HTTPS for the webhook URL.
- Avoid logging sensitive data in production.
For security reporting, see SECURITY.md.
This plugin includes Git Updater-compatible headers and release assets. To receive dashboard updates:
- Install Git Updater.
- Keep this repository configured as your plugin source.
- Use published GitHub releases as the update source; the repository automation builds the versioned zip asset automatically when a new version is tagged.
Releases are generated automatically with GitHub Actions:
- Update the version in
webhookarm.phpandreadme.txt. - Push the change to
main. - The
update-stable-tagworkflow creates the matchingvX.Y.Ztag. - The
package-pluginworkflow builds the plugin zip and publishes the GitHub release asset.
Release packaging keeps only WordPress runtime files:
- Keeps
README.md - Removes all other
.mdfiles - Removes
.shscripts that are not used by WordPress at runtime
Latest planned release: 1.3.1
- Maintenance patch release to keep plugin version metadata, packaging, and release files synchronized across the repository.
- No requests arriving: confirm plugin toggle is enabled and ARMember profile update event is firing.
- 401/403 at endpoint: verify secret key and validation logic.
- Invalid payload format: ensure receiver accepts
application/json. - Debugging: enable
WP_DEBUGto inspect webhook send logs.
No. WebHookARM is triggered by ARMember profile update hooks.
Yes. Any endpoint that accepts authenticated JSON POST requests is supported.
- Open an issue: https://github.com/renatobo/WebHookARM/issues
- Repository: https://github.com/renatobo/WebHookARM
GPLv2 or later. See LICENSE.