Webhooks
Receive real-time notifications when events occur. Configure webhook endpoints and handle payloads.
Overview
Webhooks allow you to receive real-time notifications when events occur in WallJobs AI. Instead of polling the API, configure webhook endpoints to receive HTTP POST requests with event data automatically.
- Sync contacts to your CRM when created or updated
- Trigger workflows when candidates move through pipeline stages
- Update external systems when sequences complete or receive replies
- Build real-time dashboards and notifications
Setting Up Webhooks
Configure webhooks through the dashboard or API:
Via Dashboard
Via API
POST
/v1/webhooksBody Parameters
| Name | Type | Required | Description |
|---|---|---|---|
url | string | Required | |
events | array | Required | |
description | string | Optional |
Request Example
curl -X POST "https://api.walljobs.com.br/v1/webhooks" \-H "Authorization: Bearer YOUR_API_KEY" \-H "Content-Type: application/json" \-d '{"url": "https://your-app.com/webhooks/walljobs","events": ["contact.created", "contact.updated", "shortlist.stage_changed"],"description": "Main CRM sync webhook"}'
Response Example
{"data": {"id": "webhook_abc123","url": "https://your-app.com/webhooks/walljobs","events": ["contact.created", "contact.updated", "shortlist.stage_changed"],"description": "Main CRM sync webhook","signing_secret": "whsec_abc123xyz789...","status": "active","created_at": "2024-01-22T18:00:00Z"}}
Store the Signing Secret
The signing secret is only shown once when the webhook is created. Store it securely - you'll need it to verify webhook signatures.
Event Types
Subscribe to the events relevant to your integration:
| Event | Description |
|---|---|
contact.created | A new contact was added |
contact.updated | Contact information was modified |
contact.deleted | A contact was deleted |
contact.enriched | Contact enrichment completed |
| Event | Description |
|---|---|
shortlist.candidate_added | A candidate was added to a shortlist |
shortlist.stage_changed | A candidate moved to a different stage |
shortlist.candidate_removed | A candidate was removed from a shortlist |
| Event | Description |
|---|---|
sequence.enrolled | A contact was enrolled in a sequence |
sequence.step_completed | A sequence step was executed |
sequence.replied | A contact replied to a sequence message |
sequence.completed | A contact completed all sequence steps |
sequence.bounced | A sequence message bounced |
Payload Format
All webhook payloads follow a consistent format:
webhook-payload.json
{"id": "evt_abc123xyz789","type": "contact.created","created_at": "2024-01-22T18:30:00Z","workspace_id": "ws_abc123","data": {"id": "contact_def456","first_name": "Maria","last_name": "Silva","email": "maria@example.com","created_at": "2024-01-22T18:30:00Z"}}
id- Unique event ID for idempotencytype- The event typecreated_at- When the event occurred (ISO 8601)workspace_id- The workspace where the event occurreddata- Event-specific data
Verifying Signatures
All webhook requests include a signature header for verification. Always verify signatures to ensure requests are from WallJobs AI.
The signature is in the X-WallJobs-Signature header and is computed as:
HMAC-SHA256(signing_secret, timestamp + "." + payload)
verify-webhook.ts
import crypto from 'crypto';function verifyWebhookSignature(payload: string,signature: string,timestamp: string,secret: string): boolean {const expectedSignature = crypto.createHmac('sha256', secret).update(`${timestamp}.${payload}`).digest('hex');return crypto.timingSafeEqual(Buffer.from(signature),Buffer.from(expectedSignature));}// In your webhook handler:app.post('/webhooks/walljobs', (req, res) => {const signature = req.headers['x-walljobs-signature'];const timestamp = req.headers['x-walljobs-timestamp'];const payload = JSON.stringify(req.body);if (!verifyWebhookSignature(payload, signature, timestamp, SIGNING_SECRET)) {return res.status(401).send('Invalid signature');}// Process the webhook...res.status(200).send('OK');});
Security
Never process webhooks without verifying the signature. This prevents attackers from sending fake events to your endpoint.
Retry Policy
If your endpoint returns a non-2xx status code or times out, we'll retry the webhook delivery:
- Retry 1: 1 minute after failure
- Retry 2: 5 minutes after first retry
- Retry 3: 30 minutes after second retry
- Retry 4: 2 hours after third retry
- Retry 5: 24 hours after fourth retry (final attempt)
After all retries fail, the webhook is marked as failed. You can manually retry failed webhooks from the dashboard.
Best Practices
- -
- -
- -
Webhook Endpoints
Manage webhooks via the API:
GET
/v1/webhooksRequest Example
curl "https://api.walljobs.com.br/v1/webhooks" \-H "Authorization: Bearer YOUR_API_KEY"
Response Example
{"data": [{"id": "webhook_abc123","url": "https://your-app.com/webhooks/walljobs","events": ["contact.created", "contact.updated"],"status": "active","created_at": "2024-01-22T18:00:00Z"}]}
DELETE
/v1/webhooks/:idRequest Example
curl -X DELETE "https://api.walljobs.com.br/v1/webhooks/webhook_abc123" \-H "Authorization: Bearer YOUR_API_KEY"
Response Example
{"data": {"id": "webhook_abc123","deleted": true}}