Webhooks

Webhooks will send a HTTP request to a URL when an event happens in the Client Dashboard. You will be given a webhook secret key to verify requests.

Webhook Headers

For security we send some extra headers so you can verify the events.

POST https://example.com/webhook

Content-Type: application/json,
User-Agent: clients.icaal.co.uk/1.0,
X-ICAAL-Signature: 594a6ca9d134d8664977d98f43f1f01eaa785600,
X-ICAAL-Account-Key: API-KEY

Verifying Requests

The signature can be found in the X-ICAAL-Signature header. This signature is a sha1 hash from the body of the webhook signed with your webhook secret key. If they don't match you shouldn't accept the request.

Here's an example of how you can verify incoming webhooks:

$webhook_secret = 'WEBHOOK_SECRET';
$raw_post_data = file_get_contents('php://input');
$header_signature = $headers['X-ICAAL-Signature'];

$expected_signature = hash_hmac('sha1', $raw_post_data, $webhook_secret);

if (! hash_equals($header_signature, $expected_signature)) {
    // Signature not verified
    exit;
}

Failed Webhooks

If the webhook fails to receive a 2xx response code it will attempt to retry after the following intervals:

  1. 60 seconds

  2. 5 minutes

  3. 15 minutes

  4. 30 minutes

  5. 1 hour

Webhook Types

Lead Created

When a lead is created it will trigger this webhook. The data sent will depend on the type of lead. There are some examples below

Quote

PreviousUsers

Last updated