Webhooks
Webhooks allow your application to receive real-time HTTP push notifications when specific events occur within your Senda tenant.
Instead of polling the API for updates, Senda will send an HTTP POST request to a URL you configure whenever a subscribed event takes place.
Configuring Webhooks
Currently, Webhook subscriptions must be managed via the Senda Admin UI or the Admin API (/api/webhook-subs). When creating a subscription, you must provide:
- Name: A descriptive name for the webhook.
- URL: The endpoint on your server that will receive the
POSTrequests. - Event Filter: A pattern (e.g.,
agent.*,chat.message_sent, or*) to determine which events trigger the webhook. - Signing Secret: (Optional but highly recommended) A secret key used to cryptographically sign the webhook payloads.
Webhook Payload
When an event occurs, Senda sends an HTTP POST to your configured URL. The payload is a JSON object containing the event details.
Example Payload:
{
"event_id": "evt_abc123",
"event_type": "chat.message_sent",
"created_at": "2026-05-10T15:30:00Z",
"tenant_id": "tnt_prod",
"data": {
"chat_id": "chat_xyz789",
"message": "Hello, how can I help you?",
"role": "agent",
"agent_id": "agent_soporte"
}
}
Verifying Signatures
If you configured a Signing Secret, Senda includes an X-Senda-Signature header in every webhook request. You should verify this signature to ensure the request genuinely came from Senda and was not tampered with.
The signature is an HMAC-SHA256 hash generated using your signing_secret and the raw request body.
Node.js Example:
const crypto = require('crypto');
function verifyWebhookSignature(req, signingSecret) {
const signature = req.headers['x-senda-signature'];
const rawBody = req.body; // Ensure this is the raw string body, not parsed JSON
const expectedSignature = crypto
.createHmac('sha256', signingSecret)
.update(rawBody)
.digest('hex');
return crypto.timingSafeEqual(
Buffer.from(signature),
Buffer.from(expectedSignature)
);
}
Retries and Dead Letters
Senda expects your webhook endpoint to respond with a 2xx HTTP status code within a reasonable timeout.
- If your endpoint returns a
4xxor5xxerror, or times out, Senda will retry the delivery with exponential backoff. - After exhausting all retry attempts, the webhook delivery will be marked as
dead_letter. - Administrators can view the delivery history and manually re-enqueue
dead_letterevents via the Admin Dashboard or Admin API.