Skip to main content

How Do I Validate My Webhook URL?

Updated
 

Learn more: Creating your web hook for the first time? Start here: How Do I Create and Manage Webhooks?

Before your webhook URL can start receiving event notifications, we first need to validate that you own that URL.  We do this by sending a request to your URL and checking the response we receive.  If the URL for your webhook ever changes or your webhook is disabled, it will need to go through this validation process again in order to continue receiving event notifications.  This validation process is a required step in setting up your webhook and your webhook will not be activated until this validation is complete.

The Validation Process

After adding your webhook, its status will be set to Pending Security Check.

 

Permissions Required: The General Admin: Manage Integrations permission is required to validate webhooks.

Sending The Request

Now that the security check is pending, you will need to send the request for validation.

  1. Click on Admin

  2. Select the Integrations tab

  3. Click on the Validate Webhook URL link, then you will see a popup with information about validating your webhook URL. The popup will contain your signing secret, which can be used to confirm the validation request came from Loopio, and actions to send the validation request.
    Validate Webhook URL link.png

  4. Click Validate if you are ready to receive the validation requesit, otherwise, click on Not Now to validate at a later time. The validation request should be sent after completing the required setup outlined in How Do I Create and Manage Webhooks?
    Validate Webhook URL popup.png

Once The Request Has Been Received

We will send an application/json POST request to your webhook URL with a payload resembling this:

{
    "challenge": "5e27233bdb7dc16ae84abe9208a04232380afb3345ef83841fd11a8321eb56f58d6f928574453111b21f2d3197e0e1b6028360b2",
    "type": "url_verification"
}

We expect to receive the challenge attribute’s value in your response.  Once you have received the request, you can verify it came from us by using your signing secret and following the steps outlined in our article: How Do I Use My Signing Secret? Respond with a HTTP 200 status and the challenge attribute’s value from our request with the application/json content-type:

HTTP 200 OK
Content-type: application/json
{
   “challenge”: “5e27233bdb7dc16ae84abe9208a04232380afb3345ef83841fd11a8321eb56f58d6f928574453111b21f2d3197e0e1b6028360b2
”}
 

Important: We expect a response of 200. Other "success" response types, such as 202, may result in a failure to connect and your webhook being automatically disconnected.

When we receive the correct challenge value, you’ll see the status of your webhook change from Pending Security Check to Active and your webhook can now start receiving notifications for its subscribed events. 

A web hook that has been validated and is active.png

 

Related articles