Want Docs? Book Call📞

Webhooks

In this guide, we will look at how to register and consume webhooks to integrate your app with DocsSmith Demo2. With webhooks, your app can know when something happens in DocsSmith Demo2, such as someone sending a message or adding a contact.

Registering webhooks

To register a new webhook, you need to have a URL in your app that DocsSmith Demo2 can call. You can configure a new webhook from the DocsSmith Demo2 dashboard under API settings. Give your webhook a name, pick the events you want to listen for, and add your URL.

Now, whenever something of interest happens in your app, a webhook is fired off by DocsSmith Demo2. In the next section, we'll look at how to consume webhooks.

Consuming webhooks

When your app receives a webhook request from DocsSmith Demo2, check the type attribute to see what event caused it. The first part of the event type will tell you the payload type, e.g., a conversation, message, etc.

Example webhook payload

{
  "id": "a056V7R7NmNRjl70",
  "type": "conversation.updated",
  "payload": {
    "id": "WAz8eIbvDR60rouK"
    // ...
  }
}

In the example above, a conversation was updated, and the payload type is a conversation.


Event types

  • Name
    contact.created
    Type
    Description

    A new contact was created.

  • Name
    contact.updated
    Type
    Description

    An existing contact was updated.

  • Name
    contact.deleted
    Type
    Description

    A contact was successfully deleted.

  • Name
    conversation.created
    Type
    Description

    A new conversation was created.

  • Name
    conversation.updated
    Type
    Description

    An existing conversation was updated.

  • Name
    conversation.deleted
    Type
    Description

    A conversation was successfully deleted.

  • Name
    message.created
    Type
    Description

    A new message was created.

  • Name
    message.updated
    Type
    Description

    An existing message was updated.

  • Name
    message.deleted
    Type
    Description

    A message was successfully deleted.

  • Name
    group.created
    Type
    Description

    A new group was created.

  • Name
    group.updated
    Type
    Description

    An existing group was updated.

  • Name
    group.deleted
    Type
    Description

    A group was successfully deleted.

  • Name
    attachment.created
    Type
    Description

    A new attachment was created.

  • Name
    attachment.updated
    Type
    Description

    An existing attachment was updated.

  • Name
    attachment.deleted
    Type
    Description

    An attachment was successfully deleted.

Example payload

{
  "id": "a056V7R7NmNRjl70",
  "type": "message.updated",
  "payload": {
    "id": "SIuAFUNKdSYHZF2w",
    "conversation_id": "xgQQXg3hrtjh7AvZ",
    "contact": {
      "id": "WAz8eIbvDR60rouK",
      "username": "KevinMcCallister",
      "phone_number": "1-800-759-3000",
      "avatar_url": "https://assets.DocsSmith Demo2.chat/avatars/kevin.jpg",
      "last_active_at": 705103200,
      "created_at": 692233200
    },
    "message": "I’m traveling with my dad. He’s at a meeting. I hate meetings.",
    "reactions": [],
    "attachments": [],
    "read_at": 705103200,
    "created_at": 692233200,
    "updated_at": 692233200
  }
}

Security

To know for sure that a webhook was, in fact, sent by DocsSmith Demo2 instead of a malicious actor, you can verify the request signature. Each webhook request contains a header named x-DocsSmith Demo2-signature, and you can verify this signature by using your secret webhook key. The signature is an HMAC hash of the request payload hashed using your secret key. Here is an example of how to verify the signature in your app:

Verifying a request

const signature = req.headers['x-DocsSmith Demo2-signature']
const hash = crypto.createHmac('sha256', secret).update(payload).digest('hex')

if (hash === signature) {
  // Request is verified
} else {
  // Request could not be verified
}

If your generated signature matches the x-DocsSmith Demo2-signature header, you can be sure that the request was truly coming from DocsSmith Demo2. It's essential to keep your secret webhook key safe — otherwise, you can no longer be sure that a given webhook was sent by DocsSmith Demo2. Don't commit your secret webhook key to GitHub!