Webhook Validation

Webhook Validation

All URLs are validated through a simple token exchange mechanism so we may trust that you actually control the target server. Note that validation happens right at webhook creation, meaning that we will issue a request to you before successfully registering the webhook. The validation will send a GET request to your url with a query string of check=<random_string>, your webhook server should respond back with the <random_string> to be validated.

For example:

$reply_value = $_GET['check']; // Outputs example and then send it back
app.get("/webhooks", (req, res) => {
})// true, req.query.check send it back
reply = request.GET.get('check')
#send example and reply back with 200

In the above example URL, you should return a HTTP 200 (HTTP 204 is not accepted, even though that is considered a successful response) along side with the string example. The string will change with each webhook trigger, so it's necessary to have the same string that was returned to our server for validation.


Timed out Timer

The recommended pattern for processing our webhooks is to first respond to our request with an HTTP 200 response and then process the data afterwards, as the request will time out in 10 seconds without a response. Any timed out requests will be be retried in 30 second intervals. After 300 consecutive failed requests the webhook will be disabled.


Automatic validation

If you use Zapier webhooks instead of your own backend's, validation will be automatic.



In the case that you do not have a server of your own, i.e. using another 3rd party platform, we recommend using services such as AWS Lambda functions. They can return the validation requirements back to our server, and redirect the payload further downstream to your integration platform.