Webhooks

HoverSignal can send webhook events that notify your application any time after lead on your site.

To integrate by webhooks, you have to use API key. To find your API key, click "Site settings", then click "Create an API key" for your app.

Copy your API key and go to https://app.hoversignal.com/docs/ui/index

Paste your API key on "api_key" field and press Explore button.

Сreate webhook select your apps hooks POST method and send topic and your endpoint address as given in example:

{
"topic": "LeadCreated",
"url": "string"
}

To ensure that a given endpoint address actually intends to receive hooks from a HoverSignal, a subscription uses a temporary secret in the initial handshake.

When the HoverSignal responds to your first POST request, the response includes a X-Hook-Secret header that has a unique string as its value.

A unique value computed for each new subscription.

Upon receiving the secret from the HoverSignal, you need to return a 200 response with the secret included in the X-Hook-Secret header.

To prove the authenticity of subsequent messages, HoverSignal use a shared secret. You can find it on "Site settings" page.

For each message, HoverSignal signs the message by computing an HMAC SHA-256 hash of the shared secret plus request body and placing the signature in the X-Hook-Signature header.

Then you can verify the signature to know that the message is authentic. Verification is as simple as computing the same HMAC and comparing it to the X-Hook-Signature header value.

Note that if webhook invocation fails 5 times in a row, it will be deleted. Also webhook will be removed after 410 response.

To get list of your webhooks use GET method.

To delete webhook use DELETE method.

For more info see http://resthooks.org/docs/