- Add a webhook
- Verify the webhook signature
- Choosing Events
- Request Logs
Webhooks can be used to trigger events on any external server. For example if a Guest registered on your site you can send his data to an invoicing service and send him a invoice.
All request are signed. You should always verify the signature of our requests. So you can be sure the request came from us
If a request fails, we attempt to send it again for 2 times.
Your endpoint URL must be secure (https only) and the certificate must be valid. We do not follow redirects. We abort every request after 5 seconds.
We send two headers with every webhook request
x-hello-one-signature: $SIGNATURE x-hello-one-signature-salt: $SALT
signed_payload string is created by concatenating:
The $SALT (as a string) The character . The actual JSON payload (i.e., the request body)
Compute an HMAC with the SHA256 hash function. Use the endpoint’s
signing secret as the key, and use the
signed_payload string as the message.
Compare the signature in the header to the expected signature.
Please select only the events you want be informed about. So we won’t hammer your servers.
If you do not receive any webhook requests, have a look in the logs and you can see all sent requests and their errors.