Webhooks Documentation
Receive real-time HTTP notifications when events happen in your Sentiments account. Build powerful integrations that react instantly to customer activities.
Quick Start
Create an Endpoint
Go to Dashboard → Settings → Webhooks and add a new endpoint. Provide a URL where you want to receive events.
Go to Webhook SettingsSubscribe to Events
Select which events you want to receive. You can subscribe to specific events or use "*" to receive all events.
View All EventsVerify Signatures
Use your signing secret to verify webhook payloads are genuinely from Sentiments and haven't been tampered with.
Security GuidePayload Format
All webhook payloads follow a consistent JSON structure with event metadata and the event-specific data.
Headers
| Header | Description |
|---|---|
| X-Sentiments-Signature | HMAC-SHA256 signature of the payload |
| X-Sentiments-Timestamp | Unix timestamp when the webhook was sent |
| X-Sentiments-Event | The event type (e.g., advocate.joined) |
| X-Sentiments-Delivery-Id | Unique ID for this delivery attempt |
Example Payload
{
"id": "evt_abc123def456",
"type": "advocate.joined",
"created": "2024-01-15T10:30:00.000Z",
"business_id": "biz_xyz789",
"data": {
"advocate_id": "adv_123",
"email": "john@example.com",
"name": "John Doe",
"tier": "bronze",
"source": "invite"
}
}Verifying Webhooks
Always verify webhook signatures to ensure payloads are from Sentiments and haven't been modified. Each endpoint has a unique signing secret that you can find in your webhook settings.
Verification Steps
- Get the raw request body (don't parse it yet)
- Compute HMAC-SHA256 of the body using your signing secret
- Compare with the X-Sentiments-Signature header
- Check the timestamp is recent (within 5 minutes)
Example (Node.js)
const crypto = require('crypto');
function verifyWebhook(payload, signature, secret) {
const expectedSignature = crypto
.createHmac('sha256', secret)
.update(payload)
.digest('hex');
return crypto.timingSafeEqual(
Buffer.from(signature),
Buffer.from(expectedSignature)
);
}
// In your webhook handler:
app.post('/webhooks/sentiments', (req, res) => {
const signature = req.headers['x-sentiments-signature'];
const timestamp = req.headers['x-sentiments-timestamp'];
const rawBody = req.rawBody; // Use raw body, not parsed JSON
// Check timestamp is within 5 minutes
const age = Date.now() / 1000 - parseInt(timestamp);
if (age > 300) {
return res.status(401).send('Webhook expired');
}
if (!verifyWebhook(rawBody, signature, WEBHOOK_SECRET)) {
return res.status(401).send('Invalid signature');
}
const event = JSON.parse(rawBody);
// Process the event...
res.status(200).send('OK');
});Retry Behavior
If your endpoint returns a non-2xx status code or times out, we'll automatically retry the delivery with exponential backoff.
Retry Schedule
| Attempt | Delay |
|---|---|
| 1st retry | 1 minute |
| 2nd retry | 5 minutes |
| 3rd retry | 15 minutes |
| 4th retry | 1 hour |
| 5th retry (final) | 4 hours |
Auto-disable Protection
If an endpoint fails 10 consecutive deliveries, it will be automatically disabled to prevent continued failures. You can re-enable it from your webhook settings after fixing the issue.
Event Types
Reviews
Events related to customer reviews and testimonials
review.submittedA new review/testimonial has been submittedreview.approvedA review has been approved for displayreview.rejectedA review has been rejectedFeedback Boards
Events from your feedback and idea boards
idea.createdA new idea has been submittedidea.status_changedAn idea status has been updatedidea.votedAn idea has received a voteidea.comment_addedA comment has been added to an ideaSupport Desk
Events from your support ticketing system
ticket.createdA new support ticket has been createdticket.updatedA ticket status or priority has been updatedticket.resolvedA ticket has been marked as resolvedticket.message_addedA new message has been added to a ticketAdvocates
Events related to your advocate community
advocate.joinedA new advocate has joined your programadvocate.tier_changedAn advocate tier has changedadvocate.points_earnedAn advocate has earned pointsRewards
Events related to reward redemptions
redemption.requestedAn advocate has requested to redeem a rewardredemption.fulfilledA reward has been fulfilled/deliveredQuests
Events from your gamified quest campaigns
quest.startedAn advocate has started a questquest.task_completedAn advocate has completed a quest taskquest.completedAn advocate has completed all tasks in a questPolls
Events from your polls
poll.response_submittedA response has been submitted to a pollpoll.completedA poll has reached its target or closing dateSurveys
Events from your surveys
survey.response_submittedA survey response has been submittedsurvey.completedA survey has reached its target responsesForms
Events from your custom forms
form.submission_receivedA form submission has been receivedReferrals
Events from your referral program
referral.click_trackedA referral link click has been trackedreferral.conversion_completedA referral has converted (purchase or signup)Session Replay
Events from session recordings
session.interesting_detectedAn interesting session has been detected (rage clicks, errors)Heatmaps
Alert events from heatmap analytics
heatmap.rage_click_spikeRage clicks on a page have exceeded thresholdheatmap.dead_click_detectedDead clicks detected on a new elementBest Practices
Respond Quickly
Return a 2xx response as quickly as possible. Do heavy processing asynchronously after acknowledging receipt.
Handle Idempotency
Use the event ID to handle duplicate deliveries. The same event may be delivered multiple times during retries.
Verify Signatures
Always verify the webhook signature before processing. This protects against spoofed requests.
Use HTTPS
Always use HTTPS endpoints. We don't send webhooks to insecure HTTP URLs in production.
Ready to Get Started?
Create your first webhook endpoint and start receiving real-time notifications.
Configure Webhooks