Webhooks API

Create webhook subscriptions, verify deliveries, inspect delivery history, rotate secrets, and manage status.

Webhooks API

Webhooks let external systems react to RogerIQ events.

txt
/api/v1/projects/:projectId/webhooks

Create Webhook

bash
curl https://api.rogeriq.com/api/v1/projects/prj_123/webhooks \  -H "Authorization: Bearer riq_your_key" \  -H "Content-Type: application/json" \  -d '{    "url": "https://example.com/webhooks/rogeriq",    "events": ["conversation.created", "message.created"]  }'

The secret is returned only on creation. Store it immediately.

List Webhooks

bash
curl https://api.rogeriq.com/api/v1/projects/prj_123/webhooks \  -H "Authorization: Bearer riq_your_key"

Update Webhook

bash
curl -X PATCH https://api.rogeriq.com/api/v1/projects/prj_123/webhooks/whk_123 \  -H "Authorization: Bearer riq_your_key" \  -H "Content-Type: application/json" \  -d '{    "events": ["*"],    "status": "active"  }'

Delivery History

bash
curl https://api.rogeriq.com/api/v1/projects/prj_123/webhooks/whk_123/deliveries \  -H "Authorization: Bearer riq_your_key"

Rotate Secret

bash
curl -X POST https://api.rogeriq.com/api/v1/projects/prj_123/webhooks/whk_123/rotate-secret \  -H "Authorization: Bearer riq_your_key"

Verify Signatures

RogerIQ signs webhook payloads with the webhook secret. Verify signatures before trusting the payload.

ts
import crypto from "node:crypto";function verify(secret: string, body: string, signature: string) {  const expected = crypto    .createHmac("sha256", secret)    .update(body)    .digest("hex");  return crypto.timingSafeEqual(    Buffer.from(expected),    Buffer.from(signature)  );}

Rotate a webhook secret if it is logged, pasted into a client, or shared with a system that should no longer receive events.

Was this page helpful?

Previous Contacts API

Next Forms and Beacons API