Webhooks
Webhooks allow you to receive real-time HTTP notifications when events occur in your FeedbackPulse tenant.
Setup
Via 仪表板
- 前往 设置 > Integrations
- 输入您的 Webhook URL
- Select which events to subscribe to
- Optionally set a secret for HMAC signature verification
- Save
Via API
PUT /api/v2/webhooks/config
{
"url": "https://your-app.com/webhooks/feedbackpulse",
"events": ["submission.created", "submission.status_changed"],
"secret": "your_shared_secret"
}
Webhook Payload
When an event occurs, FeedbackPulse sends a POST request to your URL:
{
"event": "submission.created",
"timestamp": "2024-03-15T10:30:00Z",
"data": {
"id": 42,
"campaign_id": 1,
"star_rating": 5,
"text_feedback": "Love this product!",
"customer_name": "Jane Doe",
"status": "pending"
}
}
Headers
Content-Type: application/json
X-FeedbackPulse-Signature: sha256=abc123...
X-FeedbackPulse-Event: submission.created
Signature Verification
If you set a webhook secret, verify the signature:
$payload = file_get_contents('php://input');
$signature = $_SERVER['HTTP_X_FEEDBACKPULSE_SIGNATURE'];
$expected = 'sha256=' . hash_hmac('sha256', $payload, $secret);
if (!hash_equals($expected, $signature)) {
http_response_code(403);
exit('Invalid signature');
}
Supported Endpoints
FeedbackPulse auto-detects and formats payloads for:
| Service | URL Pattern | Format |
|---|---|---|
| Slack | hooks.slack.com/* | Slack Block Kit format |
| Discord | discord.com/api/webhooks/* | Discord embed format |
| Custom | Any HTTPS URL | Raw JSON payload |
SSRF Protection
Webhook URLs are validated to prevent Server-Side Request Forgery:
localhost,127.0.0.1,0.0.0.0are blocked- Private IP ranges (10.x, 172.16-31.x, 192.168.x) are blocked
- Only public HTTPS URLs are allowed
Webhook Logs
View delivery history:
Via 仪表板
设置 > Integrations > Webhook Logs
A dedicated Webhook Logs page is also available at /webhooks/logs, providing a full delivery history with response details and filtering options. You can filter by event type, status code, and date range, and inspect the full request payload and response body for each delivery attempt.
Admin Webhook Log Viewer
Superadmins have access to a platform-wide webhook log viewer at /admin/webhook-logs. This provides visibility into webhook deliveries across all tenants, useful for diagnosing integration issues and monitoring platform health.
Via API
GET /api/v2/webhooks/logs
Each log entry shows:
- Event type
- URL
- Response code
- Payload sent
- Response body
- Timestamp