Webhooks

Bot Webhook

This Webhook will be triggered when your customer sends a message to your Qiscus Omnichannel Chat.

GET
Copy

Custom Agent Allocation Webhook

This webhook will be triggered when your customer sends a message to your Qiscus Omnichannel Chat and has not been assign to the agent yet. Once your customer have at least an agent you will not get this webhook.

GET
Copy

Custom Button

This webhook helps you to get information about a room chat into your third party systems, such as CRM, Ticketing, Analytics, and many more. This webhook is triggered when admin or supervisor or agent click custom button. Here's the sample response for this webhook.

GET
Copy

Mark As Resolved

This webhook helps you to get information about a room chat into your CRM or any other systems. Before you start, you need to register your webhook first. Please follow the example below :

URL :

HTTP
Copy

Please follow this page to get your AdminToken

CURL Sample:

POST
Copy

Sample Response:

HTTP
Copy

This webhook will be triggered when admin or supervisor or agent resolves the conversation. Here's the sample of webhook responses.

Sample Webhook:

GET
Copy

New Session Webhook

This webhook will be triggered when a customer sends a message to your Qiscus Omnichannel Chat for the first time or when a customer sends a new message after the previous chat room was resolved.

CURL Sample:

POST
Copy

Please follow this page to get Qiscus App ID and Qiscus Secret Key.

Sample Response:

HTTP
Copy

A sample payload received when the New Session Webhook API is used.

HTTP
Copy

User Logout Webhook

This webhook will be triggered when user (admin, supervisor, or agent) logout from Qiscus Omnichannel Chat dashboard. Before you start, you need to register your webhook first using this API.

URL :

HTTP
Copy

CURL Sample:

POST
Copy

Please follow this page to get your AdminToken.

Sample Response:

HTTP
Copy

Sample payload:

Admin

JSON
Copy

Supervisor

JSON
Copy

Agent

JSON
Copy

You can get information regarding the Webhooks using the following CURL.

GET
Copy

Sample Response:

HTTP
Copy

Signature Key

The qiscus-signature-key is a secure mechanism to verify webhook requests. Each webhook payload includes a qiscus-signature-key in the header, generated using HMAC (Hash-based Message Authentication Code). This key combines the webhook's plain text payload with your unique Qiscus Secret Key, ensuring data integrity and authenticity.

How to Verify Webhook Requests

This tutorial shows you how to verify if a webhook request from Qiscus is real using the qiscus-signature-key and HMAC-SHA256. There are many platforms for HMAC. But in this case, we are using Devglan.

  1. Check your webhook and you can notice qiscus-signature-keyon the Header.
  1. Open Devglan as a header verification tools. You will see "Enter Plain Text" and "Enter the Secret Key" fields.
  2. Go back to your webhook, copy the Raw Content. Then paste it in the Devglan's "Enter Plain Text to Compute Hash" field
  1. Back to your Omnichannel, click App Information, then copy your Qiscus Secret Key.
  1. Back to Devglan, paste your Qiscus Secret Key in the "Enter the Secret Key" field
  2. Make sure SHA-256 is selected as the hash function. Then choose Base64
  3. Click Compute button to compute the Hashed Output
  1. Compare the Hashed Output with the qiscus-signature-key in your webhook header

If the Hashed Output matches the qiscus-signature-key in the webhook, it means:

The request is valid and really sent by Qiscus.

In other words, the message hasn’t been changed, and it came from Qiscus. This match proves that the webhook payload is authentic and secure.

Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
  Last updated