Skip to main content

Webhooks

Webhooks automatically deliver extracted data to your endpoints when a bot execution completes successfully. Instead of polling the API for results, your system receives a push notification with the data as soon as it is available.

Configuration

Webhooks are configured per bot:

  1. Open the bot's settings.
  2. Navigate to the Webhook section.
  3. Enter your Webhook URL — the endpoint that will receive the data.
  4. Select an Authentication Method (see below).
  5. Optionally specify a Data Path to extract a specific field from the output.
  6. Save.

Authentication Methods

None

No authentication is applied. hidettp sends a plain POST request to your webhook URL. Use this for internal endpoints or development/testing.

HMAC-SHA256

Stripe-style signature verification. Each request includes a signature header that lets you verify the payload was sent by hidettp and has not been tampered with.

How it works:

  1. You provide a secret key when configuring the webhook.
  2. For each delivery, hidettp computes an HMAC-SHA256 hash of the request body using your secret key.
  3. The hash is included in the X-Signature header of the POST request.
  4. Your endpoint recomputes the HMAC using the same secret key and the received body, then compares it to the header value.

Verification example (Node.js):

const crypto = require("crypto");

function verifySignature(body, signature, secret) {
  const expected = crypto
    .createHmac("sha256", secret)
    .update(body, "utf8")
    .digest("hex");
  return crypto.timingSafeEqual(
    Buffer.from(signature),
    Buffer.from(expected)
  );
}

JWT

hidettp authenticates with your API before delivering data. This is useful when your endpoint requires a login flow.

How it works:

  1. You provide a login URL, username, and password when configuring the webhook.
  2. Before each delivery, hidettp sends a POST request to your login URL with the credentials.
  3. Your login endpoint returns a JWT token.
  4. hidettp sends the data to your webhook URL with the token in the Authorization: Bearer <token> header.

Data Path

By default, the entire extracted data object is sent as the webhook payload. If you only need a specific nested field, specify a data path using dot notation.

For example, if your bot extracts:

{
  "results": {
    "items": [
      { "name": "Product A", "price": 29.99 },
      { "name": "Product B", "price": 49.99 }
    ],
    "total": 2
  }
}

Setting the data path to results.items sends only the array of items to your webhook.

Payload Format

Webhooks are delivered as POST requests with a Content-Type: application/json header. The body contains the extracted data (or the subset specified by the data path).

Delivery Tracking

hidettp stores the result of each webhook delivery for debugging purposes. You can review:

  • HTTP status code returned by your endpoint
  • Response body from your endpoint

This helps diagnose delivery failures such as authentication errors, endpoint downtime, or payload format mismatches.