Back to index
Developer documentation

Webhooks

Webhooks are user-defined callbacks that inform other applications or websites about events happening on your SuperSaaS account in near real-time. They can be used to extend the functionality of your schedule, for example, by subscribing new users to a mailing list or by sending you a chat message for a changed appointment.

Automatically configuring webhooks

You can use either Zapier.com or Make.com (formerly known as Integromat) to interactively create webhooks between hundreds of well-known websites and SuperSaaS, without the need for programming.

Read more: Automatically configure webhooks using Zapier or Make

Manually configuring webhooks

Please note that this feature is only available to subscribers. You can try it out for a week by clicking the button “Start free trial” on the webhooks screen.

You can manually create and update webhooks via the Integrations page, where you can find the Webhooks button. A webhook sends data, so it requires that a web service is available on the other side to receive the data. Typically, the other side is a script or application that you create, but it can also be a third party website that the webhook connects to. If a message transmitted by our webhook requires some processing before it can be consumed by another API then the free service Pipedream can be very useful. A powerful feature of Pipedream is that you can store the webhook messages and query them using SQL, allowing you to build custom reports without the need to set up a database backed script yourself.

Creating a webhook without the use of Zapier or Make requires some technical proficiency. The remainder of this page contains information for programmers looking to add a webhook to send information to their own application, or who want to program their own interface between SuperSaaS and another site.

Customizing the message that a webhook sends

By default, a webhook sends across all relevant fields encoded as JSON. Note that if an object has an attached custom form then that form is also included. You can change this to send no data at all, or to send data you define yourself. For example, you may want to include some kind of API key or authentication in the message.

After you create a new webhook you will automatically arrive at a screen where you can edit the contents of the “payload”, the message the webhook sends. If you click Custom you will see a JSON editor that allows you to add and remove specific fields. The bottom of that screen lists all available “magic words” that are replaced when the message is generated. The magic words change depending on the fields that are enabled for that object.

Testing a webhook

If you’re using Pipedream.com then you can inspect incoming hooks directly on the workflow screen. Another good website to help you to debug a webhook is RequestBin. The service supplies you with a link that you can use as the target URL so you can monitor exactly what data is being sent across.

You can also find a Test link on the edit screen of the webhook that enables you to fire off a hook manually and modify the outgoing message. This allows you to modify an outgoing call to mimic, for example, a failed payment without actually having to generate such an event on your schedule.

The test message should fire within five seconds after it has been created. If the receiving side responds with a status code that is not “OK” (status code outside the range 200 to 300) the message will be attempted again at increasing intervals. After 10 failures the message will be deleted and if a hook has more than 5 failed messages it will become inactive until manually reactivated on the webhook screen. If the receiving end replies with a “410 Gone” status code the webhook will be removed right away.

Active message queue

You can view the progress of webhooks that are being executed on the Active Message Queue screen. The message queue screen will indicate the next attempt for the message and clicking on the spyglass icon will show the contents of the message. It also allows you to remove jobs to prevent them from being retried by clicking the red cross.

Supported Triggers

There are several events that you can monitor. Some events can be monitored either for a “new” event, or a “changed” event. The “changed” event includes every change, so it also fires on “new” and “delete”. So if you configure both a “New user” and a “Changed user” then both hooks will fire when a new user signs up. Note that if you’ve configured your schedule to not require signup then you would never see a “New user” trigger, only a “New appointment” trigger.

TriggerCaused by…Code
New userFires when a user registers for your accountU
Changed userFires when the user updates his registration information, or the administrator does it for him.M
New appointmentFires when a user, or the admin, makes an appointment on the specified schedule.N
Changed appointmentFires on all possible changes to an appointment, including “New”, “Delete”, “Placement from waiting list”, “Payment received”, etc. (See the full list below)C
New stand-alone formFires when a stand-alone form is filled out. Note that it does not trigger when a form is attached to an appointment, instead that would trigger the appointment webhook.R
Updated stand-alone formFires upon any change to a stand-alone form (integrated forms would trigger a “Changed appointment” or “Changed user”)F
Send mailFires on all emails sent from your account, including “Lost password” mails etc. Useful to send mail through your own server. Email will no longer be sent by us if this webhook is active. More information.S
Reminder
Follow-up
Fires on Reminders or Follow-ups. The reminder or follow-up will no longer be sent by us if its webhook is active.O
PurchaseFires when a user buys something in your shop. Also fires if you create a purchase manually, the price field will be zero in that case. Does not fire for the administrator unless he is acting as a user.P

Event and role fields

You may want to filter events, for example, to only send a message if an appointment is deleted by a user and not by the administrator. The “event” and “role” fields included in the default fields can be used to construct such a filter, see the tables below for the possible values these fields can contain.

TriggerPossible values of the “event” field
New usernew
Changed usernew, change, delete
New appointmentcreate
Changed appointmentcreate, edit, place, pending, destroy, restore, approve, revert
New formnew
Changed formnew, change, delete, restore
Reminder / Follow-upreminder, follow_up
Purchasepurchase

“Role” fieldWho triggered the event…
0AnonymousNot logged in
1Logged in with a shared password
2Validated using an IP range check
3Regular user
4Superuser
5Administrator or Reseller
7System or Payment gateway

Status field

When creating or changing an appointment that includes payment, the fields “status” and “status message” allow you to further narrow down to specific events using the list of all possible status codes. For example, you could set a filter to only act on messages for appointments that have been refunded.

Note that appointments and users created through our API by default do not trigger the corresponding webhook. You can change that behavior by adding webhook=true as a parameter to the API call.

Adding authentication to a webhook

Sometimes the receiving end requires that you add authentication to the webhook. Two types of authentication are supported, “Basic authentication” and “Bearer tokens”. You can add basic authentication to the webhook URL by specifying it in this format:

https://username:password@www.example.com/endpoint

To add a bearer token use a similar format, with the username “bearer” and the token as the password:

https://bearer:abc123@www.example.com/endpoint

Using different HTTP methods

By default a webhook uses a POST request to send the payload. If you need to use a different method, like PUT or HEAD, you can do so by adding a _method parameter in the query string. For example:

https://www.example.com/endpoint?_method=PUT

The _method parameter will be removed from the request and the given HTTP method will be used with the resulting URI.

Programmatically creating webhooks (REST hooks)

To create a webhook through via an API call you can send a POST request:

https://www.supersaas.com/api/hooks
Input Values
ParameterValue
accountAccount name (not your email address)
api_keyFind your API key on the Account Info page
eventSingle character code for the event you want to subscribe to, see the first table
parent_idDepending on the event this is a Schedule ID, Form ID or Account ID
target_urlURL that the webhook should POST to

For event codes U, M, H and P, the parent_id is the Account ID which you can find on the Account Info page. For the other events the parent_id can be found on the configuration page of the schedule or form, the ID is the number at the end of the URL. If the call to create a webhook is successful, the API will return a 201 status code with a JSON body that contains a Webhook ID.

Deleting a webhooks

You can delete the webhook programmatically by sending a DELETE to the endpoint with the following parameters:

Input Values
ParameterValue
idWebhook ID obtained when creating the webhook
parent_idMust be identical to the parent_id used when creating the webhook
accountAccount name (not your email address)
api_keyFind your API key on the Account Info page