Webhook integration guide

Last updated
Save as PDF

Set up webhooks

Prerequisites

Dashboard access with webhook management permissions
HTTPS endpoint to receive webhook notifications
Authorization credentials (JWT token or basic authentication token)

Security requirements

For security, all webhook endpoints must use HTTPS.
Include authentication in the authorization header using either a bearer token or a basic authentication token. JWT is recommended for long-term use.

Configuration steps

Via API:

Webhooks API methods (delete, get, post, put) are available in our API Documentation.

Webhook payload

Request headers

Your endpoint will receive the following headers with each webhook:

Authorization: Bearer your-jwt-token
X-Nexus-Signature-256: sha256=signature_hash
X-Nexus-Timestamp: unix_timestamp
X-Nexus-Event-Type: Page_Create
X-Nexus-Delivery-Id: unique-delivery-uuid
Content-Type: text/xml

Signature verification

Each webhook includes a signature for security verification:

// Example verification (Node.js)
const crypto = require('crypto');

function verifySignature(payload, signature, timestamp, secret) {
    const signingString = `${timestamp}.${payload}`;
    const expectedSignature = crypto
        .createHmac('sha256', secret)
        .update(signingString)
        .digest('hex');
    
    return signature === `sha256=${expectedSignature}`;
}

Monitoring and logs

Dashboard monitoring enables you to:

View webhook status and recent deliveries
Download delivery logs as CSV reports
Monitor failure rates and response times

Log data includes:

Delivery timestamp
Response status code
Response time
Failure reasons
Retry attempts

Delivery reliability

Rate limits and performance

Webhooks are delivered asynchronously to prevent system impact.
Concurrent delivery limits apply to prevent overwhelming the endpoints.
During bulk operations (imports/exports), webhook delivery may be paused.

Timeout and retries

Timeout: 1 second per request
Retry logic: Automatic retries with exponential backoff for 5xx errors and timeouts
Failure tracking: Consecutive failures are monitored.

Failure handling

If your endpoint consistently fails to respond:

After multiple consecutive failures, the webhook will be automatically disabled.
You will receive a notification about the disabled status.
Manual re-enablement is required. Access this through the Dashboard.
Failure logs are available for download as CSV reports.

Best practices

Respond quickly: Acknowledge receipt within 1 second.

HTTP/1.1 200 OK
Content-Length: 0

Handle idempotency: Use the X-Nexus-Delivery-Id header to prevent duplicate processing.
Implement proper Error handling:
- Return 2xx status codes for successful processing.
- Return 4xx for permanent failures (will not retry).
- Return 5xx for temporary issues (will retry).

Troubleshoot common issues

Test your integration

Start small: Begin with a single event type.
Test signature verification: Implement and test signature validation.
Handle edge cases: Test with malformed requests and network issues.
Monitor logs: Use Dashboard logs to debug delivery issues.

Webhook not firing

Verify the event type is correctly selected.
Check that the webhook is enabled.
Ensure your endpoint is accessible via HTTPS.

Authentication failures

Verify your authorization header format.
Check token expiration for JWT tokens.
Validate signature verification logic.

Timeout issues

Ensure your endpoint responds within 1 second.
Consider asynchronous processing for heavy operations.
Return 200 OK immediately, process in background.

Support

For technical issues or questions about webhook integration:

Check Dashboard logs for delivery details.
Review your endpoint's response codes and timing.
Contact NiCE KM Support with specific error messages and delivery IDs.