You can integrate webforms on nsw.gov.au with approved external platforms. Examples of these are customer relationship management (CRM) platforms, or email marketing platforms. These integrations provide many benefits. It can streamline workflows and make them more efficient. It can also enhance user experience and improve data security.
You can integrate your webforms using any of the below modes:
Webhook
Webhooks are best for real-time communication between the content management system (CMS) and an external platform. With it, the two systems exchange data immediately. There is no need to perform a manual check for new data at regular intervals. This means that data is always synced between them. An alert is also sent whenever this data exchange occurs.
An example is when a user completes your webform and submits their data. Webhooks can notify you of this submission as soon as it happens. You can then action their submission on the external platform as you need.
The below image shows this in detail. It shows data flow from the CMS to an external system using a webhook.
The Premier’s Department’s Contact Us form is a live example of this.
JSON Web Token (JWT)
JWT is a secure way to authenticate and transfer data between the CMS and other systems. It focuses on strong security and smooth interactions between systems. It uses tokens with digital signatures for the connections.
The tokens ensure data flowing between the systems come from a trusted source. They do this by verifying who the users or receiving applications are. Data will not flow from one system to another if the token does not match what is set up in the receiving system. Once verified, the data flows as intended. The digital signature ensures data remains confidential and unchanged as it happens.
The below images show a JWT interaction works.
Detailed view of a JWT.
Data flow from the CMS to an external system using JWT.
OAuth2
OAuth2 is best for granting secure and limited access to resources between applications. It upholds data privacy and compliance when exchanging data. It uses credentials to secure the connection. The receiving application blocks the connection if the provided credentials do not match. Information passes as required if the credentials match. This ensures that only allowed entities can send any information.
The diagram below shows how OAuth2 works. Data flows from the CMS to a SharePoint API. It is using an OAuth framework to authorise submissions.
Data flow from the CMS to SharePoint using Azure OAuth framework.
NSW Fair Trading's Request to have personal information suppressed form is a live example of this.
Application Programming Interface (API)
API integrations follow set rules for asking for and sending information. Systems interact by passing requests and sending responses to each other. The API acts as the mediator of communication for the two systems. This allows for a smooth and reliable way of exchanging data.
Our CMS uses APIs to connect with CRMs like Salesforce, SharePoint and Amazon S3. We use API gateways to keep these connections secure and make data transfer easier.
The diagram below illustrates this setup. An API gateway receives and sends requests and responses between the CMS (Drupal) and other systems.
The CMS (Drupal) connecting with an external system through API.
We are currently setting up an API Gateway to make registering APIs easier. It will also allow agencies to create mock APIs, helping them speed up their implementation process. The below diagram shows this in summary.
An external system connecting with the CMS through API.
Webform integrations to Sharepoint
Some nsw.gov.au webforms integrate with SharePoint through JWT and OAuth2. Learn more about this in the below articles:
- Saving webform submissions on SharePoint through Power Automate
- Integrating webforms to SharePoint using O365/OAuth authentication
Need any more help?
If you have any questions, or require assistance with anything mentioned in this article, submit a request via the webform.