Theme
Webhooks
Webhooks allow external systems to push data into OmniBots — triggering conversations, creating work items, or updating customer records.
Authentication
At the top of the page, you can generate credentials for webhook authentication:
| Credential | Description |
|---|---|
| API Key | Passed in the X-API-Key header by the calling system |
| HMAC Secret | Used to sign and verify webhook payloads with X-Hub-Signature-256 |
Click Generate to create a new key or secret, and Copy to copy it to your clipboard.
WARNING
Generating a new API key or HMAC secret invalidates the previous one. Update all calling systems immediately.
Webhook URL
All webhooks use the base URL format:
POST /api/v1/webhooks/{type}The full URL is shown for each channel on the page with a Copy button.
Webhook Channels
Three inbound channels are supported:
Email Inbound
Receives inbound emails and creates conversations.
- Enable/Disable toggle
- Default Queue — select which agent queue handles email conversations
Form Submission
Receives form data from your website (e.g., contact forms, lead capture).
- Enable/Disable toggle
- Default Queue — select the handling queue
External System
Receives events from external systems (e.g., CRM, ticketing, ERP).
- Enable/Disable toggle
- Default Queue — select the handling queue
- Field Mapping — JSON configuration that maps external system fields to OmniBots fields
Saving
Click Save to persist all webhook settings.
Webhook configuration form showing API key and HMAC secret generation area at the top, webhook URL display with copy buttons, and channel toggle cards for email inbound, form submission, and external system with queue selectors
Security
A notice box reminds you to:
- Always use HTTPS URLs when configuring webhooks in external systems
- Validate the HMAC signature on incoming requests
- Keep your API key and HMAC secret confidential