Webhooks
Webhooks allow you to receive real-time HTTP notifications when events occur in your FeedbackPulse tenant.
Setupโ
Via Dashboardโ
- Gehen Sie zu Einstellungen > Integrations
- Geben Sie Ihre Webhook URL
- Select which events to subscribe to
- Optionally set a secret for HMAC signature verification
- Save
Via APIโ
PUT /api/v2/webhooks/config
{
"url": "https://your-app.com/webhooks/feedbackpulse",
"events": ["submission.created", "submission.status_changed"],
"secret": "your_shared_secret"
}
Webhook Payloadโ
When an event occurs, FeedbackPulse sends a POST request to your URL:
{
"event": "submission.created",
"timestamp": "2024-03-15T10:30:00Z",
"data": {
"id": 42,
"campaign_id": 1,
"star_rating": 5,
"text_feedback": "Love this product!",
"customer_name": "Jane Doe",
"status": "pending"
}
}
Headersโ
Content-Type: application/json
X-FeedbackPulse-Signature: sha256=abc123...
X-FeedbackPulse-Event: submission.created
Signature Verificationโ
If you set a webhook secret, verify the signature:
$payload = file_get_contents('php://input');
$signature = $_SERVER['HTTP_X_FEEDBACKPULSE_SIGNATURE'];
$expected = 'sha256=' . hash_hmac('sha256', $payload, $secret);
if (!hash_equals($expected, $signature)) {
http_response_code(403);
exit('Invalid signature');
}
Supported Endpointsโ
FeedbackPulse auto-detects and formats payloads for:
| Service | URL Pattern | Format |
|---|---|---|
| Slack | hooks.slack.com/* | Slack Block Kit format |
| Discord | discord.com/api/webhooks/* | Discord embed format |
| Custom | Any HTTPS URL | Raw JSON payload |
SSRF Protectionโ
Webhook URLs are validated to prevent Server-Side Request Forgery:
localhost,127.0.0.1,0.0.0.0are blocked- Private IP ranges (10.x, 172.16-31.x, 192.168.x) are blocked
- Only public HTTPS URLs are allowed
Webhook Logsโ
View delivery history:
Via Dashboardโ
Einstellungen > Integrations > Webhook Logs
A dedicated Webhook Logs page is also available at /webhooks/logs, providing a full delivery history with response details and filtering options. You can filter by event type, status code, and date range, and inspect the full request payload and response body for each delivery attempt.
Admin Webhook Log Viewerโ
Superadmins have access to a platform-wide webhook log viewer at /admin/webhook-logs. This provides visibility into webhook deliveries across all tenants, useful for diagnosing integration issues and monitoring platform health.
Via APIโ
GET /api/v2/webhooks/logs
Each log entry shows:
- Event type
- URL
- Response code
- Payload sent
- Response body
- Timestamp