Webhooks

Webhooks allow a subscription URL to be configured that we will POST event data to as it is added to the Event Log. Each subscription is configured to trigger when an event matches a set of object types and actions.

Here is an example of the Webhook data for an opportunity that was won. This would be sent to the URL you provide using a POST request:

1
{
2
  "event": {
3
    "date_created": "2019-01-15T12:48:23.395000",
4
    "meta": {
5
      "request_method": "PUT",
6
      "request_path": "/api/v1/opportunity/oppo_7H4sjNso7FyBFaeR3RXi5PMJbilfo0c6UPCxsJtEhCO/"
7
    },
8
    "id": "ev_2sYKRjcrA79yKxi3S4Crd7",
9
    "action": "updated",
10
    "date_updated": "2019-01-15T12:48:23.395000",
11
    "changed_fields": [
12
      "confidence",
13
      "date_updated",
14
      "status_id",
15
      "status_label",
16
      "status_type"
17
    ],
18
    "previous_data": {
19
      "status_type": "active",
20
      "confidence": 70,
21
      "date_updated": "2019-01-15T12:47:39.873000+00:00",
22
      "status_id": "stat_3FD9DnGUCJzccBKTh8LiiKoyVPpMJsOkJdcGoA5AYKH",
23
      "status_label": "Active"
24
    },
25
    "organization_id": "orga_XbVPx5fFbKlYTz9PW5Ih1XDhViV10YihIaEgMEb6fVW",
26
    "data": {
27
      "contact_name": "Mr. Jones",
28
      "user_name": "Joe Kemp",
29
      "value_period": "one_time",
30
      "updated_by_name": "Joe Kemp",
31
      "date_created": "2019-01-15T12:41:24.496000+00:00",
32
      "user_id": "user_N6KhMpzHRCYQHdn4gRNIFNN5JExnsrprKA6ekxM63XA",
33
      "updated_by": "user_N6KhMpzHRCYQHdn4gRNIFNN5JExnsrprKA6ekxM63XA",
34
      "value_currency": "USD",
35
      "organization_id": "orga_XbVPx5fFbKlYTz9PW5Ih1XDhViV10YihIaEgMEb6fVW",
36
      "status_label": "Won",
37
      "contact_id": "cont_BwlwYQkIP6AooiXP1CMvc6Zbb5gGh2gPu4dqIDlDrII",
38
      "status_type": "won",
39
      "created_by_name": "Joe Kemp",
40
      "id": "oppo_8H4sjNso7FyBFaeR3RXi5PMJbilfo0c6UPCxsJtEhCO",
41
      "lead_name": "KLine",
42
      "date_lost": null,
43
      "note": "",
44
      "date_updated": "2019-01-15T12:48:23.392000+00:00",
45
      "status_id": "stat_wMS9M6HC2O3CSEOzF5g2vEGt6RM5R3RfhIQixdnmjf2",
46
      "value": 100000,
47
      "created_by": "user_N6KhMpzHRCYQHdn4gRNIFNN5JExnsrprKA6ekxM63XA",
48
      "value_formatted": "$1,000",
49
      "date_won": "2019-01-15",
50
      "lead_id": "lead_zwqYhEFwzPyfCErS8uQ77is2wFLvr9BgVi6cTfbFM68",
51
      "confidence": 100
52
    },
53
    "request_id": "req_4S2L8JTBAA1OUS74SVmfbN",
54
    "object_id": "oppo_7H4sjNso7FyBFaeR3RXi5PMJbilfo0c6UPCxsJtEhCO",
55
    "user_id": "user_N6KhMpzHRCYQHdn4gRNIFNN5JExnsrprKA6ekxM63XA",
56
    "object_type": "opportunity",
57
    "lead_id": "lead_zwqYhEFwzPyfCErS8uQ77is2wFLvr9BgVi6cTfbFM68"
58
  },
59
  "subscription_id": "whsub_8AmjKCZYT3zI8eZoi4HhFC"
60
}

Webhook delivery

• Failed deliveries are retried with a retry interval that exponentially backs off up to every 20 minutes. They will be retried up to 72 hours before being dropped.
• Event ordering is not guaranteed due to event consolidation, delivery parallelism/retries and other factors.
• A subscription will automatically be paused and its queue cleared when one of following happens:
  • Event queue reaches 100,000 backlogged events. Warning emails will be sent to admins when there is more than 80,000 backlogged events.
  • All event delivery fails for 3 days. Warning emails will be sent to admins before the subscription is paused.
• Email notifications are sent to admins when a subscription is paused.
• Paused subscriptions must be manually re-activated via the API before we will attempt to deliver events again.
• We recommend processing Webhook events asynchronously meaning that you queue them locally before trying to process the payload. This will ensure we are always able to deliver the event and avoid the possibility of subscriptions getting paused because the max queue length is reached.
• If your application needs to reprocess historical events, you can access them via the event log API for up to 30 days.
• For updated or deleted actions the webhook will be called after the consolidation delay.
• Event updates are written immediately to the event log during the consolidation period so if you query the event log directly you may see events that you haven’t received a webhook notification for yet.

Data management

• Users with the Admin role can manage subscriptions for all users in the organization. Non-admin users can only modify subscriptions created by them.
• All data is delivered in the Webhook event even for non-admin users since they would have access to the same data via the application at delivery time.
• We recommend using https to protect your data during delivery. SSL certificate validation is enabled by default but can be disabled via the verify_ssl field.

Webhook signatures

The subscription API’s POST response includes a signature_key value that will be used to sign Webhooks for the subscription. The signature and signing timestamp is available in the following two headers of each POST request to your endpoint.

1
close-sig-hash: aa4fea8d4b74a0790e6b0dc2214db9d4d7651cb3e23f53caea499defd71ee431
2
close-sig-timestamp: 1544271440

The signature in the close-sig-hash header is the sha256 HMAC of the close-sig-timestamp and payload concatenated. The following Python 3 example code demonstrates how the signture can be verified.

1
key = '058bfb6a3d8cfdc4da7c3be5901b16ae11da982b46a25fb2cd7016e97a140a1c'
2
data = headers['close-sig-timestamp'] + payload
3
signature = hmac.new(bytearray.fromhex(key), data.encode('utf-8'), hashlib.sha256).hexdigest()
4
valid = hmac.compare_digest(headers['close-sig-hash'], signature)  # Will be True if sigs match

See the Subscription API documentation for the details of managing Webhook subscriptions.

Limits

The maximum number of webhook subscriptions per organization is 40. However, we allow a higher limit of webhook subscriptions to specific automation platforms (up to a total of 500 subscriptions).

These platforms are:

• Zapier
• Backendless
• Integrately
• Customer.io Journeys Track API