Webhooks
To receive data updates, configure a webhook endpoint via the admin console. After each data update from the provider, a webhook event will be sent to your endpoint.
Your endpoint must respond with HTTP 200 to acknowledge successful receipt. If the request fails due to a network error, exceeds 30 seconds to complete or returns any status code other than 200, the system will retry the request up to 5 times with exponential backoff. After the final attempt, the event will be discarded.
Webhook event Payload
- application_user_id The application user ID you’ve provided when getting the access token
- timestamp Time of the event
- event_type
- record_change new or updated data recieved from the provider
- provider_integration_created user has integrated with a provider
- provider_integration_deleted user integration has been deleted
- metrics metrics involved with the event
- activity_types activity types if any involved with the event
- provider_slug provider triggering the event
- earliest_record_start_at earliest timestamp of records involved with the event in ISO 8601 format
- latest_record_end_at latest timestamp of records involved with the event in ISO 8601 format
Example Payload
Signature
Each webhook event is signed using an HMAC-SHA256 signature for verification. The signature is included in the X-Body-Signature header.
The signature is computed by signing the raw request body as-is using a shared secret key. You can retrieve this key from the admin console.
To verify authenticity:
- Compute the HMAC-SHA256 hash of the request body using the shared key.
- Compare the result to the value in the X-Body-Signature header.