Webhooks provide a notification system to alert you to changes made in your project. It works as the opposite of the REST API, where you contact the Smartlook servers for information. When a webhook is triggered, the Smartlook servers contact you to alert you of the change, pushing the data to you.

Webhooks offer you a variety of benefits. A major benefit of Webhooks is that you receive the information in real time. When a user completes an action that triggers a webhook, you receive notification of that action. This also increases your efficiency, allowing you to wait for the information to come to you rather than searching for it on your own.

Currently, Smartlook offers six webhooks:

Setting up webhooks

To set up webhooks:

  1. Set the body parameters:
    • url β€” The client URL that listens for webhooks
    • type β€” The type of webhook. Must be: alerts, dashboards, heatmaps, issues, notes, shares.
    • secret β€” Optional parameter that acts as an extra layer of security. For more information, see Setting a secret.
  2. Send the parameters using the public-api:
POST /api/v1/webhoooks
  "url": "https://yourUrl.com",
  "type": "<webhook type>",
  "secret": "your-secret" 
  1. The API then sends a response with an ID:
  "id": "webhook_id"

Now, wait for a user to trigger your webhook.

Setting a secret

If you decide to set a secret for your webhook, Smartlook creates a hash signature that is attached to each payload in the header Smartlook-Signature-256.

Hash verification

The hash-based message authentication codes (HMAC) uses the SHA256 hashing function and is digested as a HEX string. An example of the function:

const crypto = require('crypto')

const secret = SECRET_TOKEN
const message = request.body

const signature = crypto
  .createHmac('sha256', secret)

if (request.headers['Smartlook-Signature-256'] !== signature) {
  throw new Error('Invalid webhook signature')