search

Webhooks

Webhooks will send a HTTP request to a URL when an event happens in the Client Dashboard. You will be given a webhook secret key to verify requests.

hashtag
Webhook Headers

For security we send some extra headers so you can verify the events.

POST https://example.com/webhook

Content-Type: application/json,
User-Agent: clients.icaal.co.uk/1.0,
X-ICAAL-Signature: 594a6ca9d134d8664977d98f43f1f01eaa785600,
X-ICAAL-Account-Key: API-KEY

hashtag
Verifying Requests

The signature can be found in the X-ICAAL-Signature header. This signature is a sha1 hash from the body of the webhook signed with your webhook secret key. If they don't match you shouldn't accept the request.

Here's an example of how you can verify incoming webhooks:

$webhook_secret = 'WEBHOOK_SECRET';
$raw_post_data = file_get_contents('php://input');
$header_signature = $headers['X-ICAAL-Signature'];

$expected_signature = hash_hmac('sha1', $raw_post_data, $webhook_secret);

if (! hash_equals($header_signature, $expected_signature)) {
    // Signature not verified
    exit;
}

hashtag
Failed Webhooks

If the webhook fails to receive a 2xx response code it will attempt to retry after the following intervals:

  1. 60 seconds

  2. 5 minutes

  3. 15 minutes

  4. 30 minutes

  5. 1 hour

hashtag
Webhook Types

hashtag
Lead Created

When a lead is created it will trigger this webhook. The data sent will depend on the type of lead. There are some examples below

hashtag
Quote

PreviousUsers

Last updated