Webhook API Guide
This page helps you setting up your chatbot webhooks.
The Webhook API guide allows you to set-up webhooks to receive a POST request on when an event or more is triggered.
Payload
Key |
Type |
Description |
eventType |
string |
event type (eg. lead.submit) |
chatbotId |
string |
Chatbot ID |
payload |
Object |
Payload of the event. Learn more |
Event types
These are the list of events supported in webhooks.
-
lead.submit
- When a customer submit his info (Name, Email, and Phone) to your chatbot.
{
conversationId: string,
customerEmail: string,
customerName: string,
customerPhone: string
}
Receiving the webhook request
You can receive the payload by accessing the body same as any request. But it is recommended to to check the request header x-chatzuri-signature for securing your endpoint from spam from anyone knows your endpoint.
You can achieve this by using SHA-1 (Secure Hash Algorithm 1) function to generate a signature for the request and compare it with x-chatzuri-signature found in the request headers. If the are identical then the request is from Chatzuri.
Example Request
import crypto from 'crypto'
import { Request, Response } from 'express'
// Note: In this example json body parser is enabled in the app
export async function webhookHandler(req: Request, res: Response) {
if (req.method === 'POST') {
const { SECRET_KEY } = process.env
if (typeof SECRET_KEY != 'string') {
throw new Error('No secret key found');
}
const receivedJson = req.body
const rawBody = Buffer.from(JSON.stringify(receivedJson))
const bodySignature = sha1(rawBody, secretKey)
if (requestBodySignature !== req.headers['x-chatzuri-signature']) {
return res.status(400).json({ message: "Signature didn't match" })
}
console.log('Received:', receivedJson)
/*
Body example for leads.submit event
{
eventType: 'leads.submit',
chatbotId: 'xxxxxxxx',
payload: {
conversationId: 'xxxxxxxx',
customerEmail: '[email protected]',
customerName: 'Example',
customerPhone: '123'
}
}
*/
res.status(200).end('OK')
} else {
res.setHeader('Allow', 'POST')
res.status(405).end('Method Not Allowed')
}
}
function sha1(data: Buffer, secret: string): string {
return crypto.createHmac('sha1', secret).update(data).digest('hex')
}
Respond to the event webhook
Return a JSON object with the following structure to indicate your endpoint has received the event webhook