Create Webhook
Body Parameters
URL that will receive notifications
List of events to subscribe to
Whether webhook is active
Request Example
curl -X POST "https://api.leavo.ai/backend/webhooks" \
-H "Authorization: Bearer your_api_key_here" \
-H "Content-Type: application/json" \
-d '{
"url": "https://your-app.com/webhooks/leavo",
"events": ["lead.created", "lead.status_changed", "message.received"],
"active": true
}'
Response
{
"success": true,
"data": {
"id": "webhook-uuid",
"url": "https://your-app.com/webhooks/leavo",
"events": ["lead.created", "lead.status_changed", "message.received"],
"active": true,
"secret": "whsec_xxxxxxxxxxxxx",
"created_at": "2024-01-15T10:30:00Z"
}
}
Store the secret securely. It’s used to verify that requests actually came from Leavo.
Signature Verification
Every webhook includes an X-Leavo-Signature header. Verify it to ensure authenticity:
const crypto = require('crypto');
function verifyWebhook(payload, signature, secret) {
const expectedSignature = crypto
.createHmac('sha256', secret)
.update(payload)
.digest('hex');
return crypto.timingSafeEqual(
Buffer.from(signature),
Buffer.from(expectedSignature)
);
}
