Webhooks

Overview

Webhooks provide real-time notifications when events occur in the Form Platform.

Webhook Events

Available Events

  • response.created - New form submission

  • event.view - Form page viewed

  • event.focus - Field focused

  • event.submit - Form submitted

  • event.error - Validation error

  • event.abandon - Form abandoned

Webhook Configuration

Create Webhook

POST /webhooks
{
  "formId": "form_123",
  "event": "response.created",
  "url": "https://example.com/webhook",
  "secret": "whsec_optional_secret"
}

Webhook Settings

  • URL: Endpoint to receive webhooks

  • Event: Event type to subscribe to

  • Secret: HMAC secret for verification

  • Enabled: Enable/disable webhook

Webhook Payload

OpenTelemetry Format

Legacy Format

For backwards compatibility, legacy fields included:

  • type: Event type

  • form_id: Form ID

  • response_id: Response ID

  • timestamp: ISO timestamp

  • data: Event data

Signature Verification

HMAC Signature

Webhooks include HMAC SHA-256 signature:

Header: X-Webhook-Signature

Verification

Webhook Delivery

Retry Logic

  • Automatic retries with exponential backoff

  • Maximum 3 retry attempts

  • Dead-letter queue for failures

Delivery Status

  • Success: 200-299 status codes

  • Failure: 4xx, 5xx status codes

  • Retry: Automatic retry on failure

Best Practices

Webhook Endpoint

  • Return 200 quickly

  • Process asynchronously

  • Idempotent processing

  • Log all webhooks

Security

  • Always verify signatures

  • Use HTTPS endpoints

  • Validate payload structure

  • Rate limit webhook processing

Next Steps

  • API Reference - API reference

  • Security - Security best practices

PreviousWorkspace EnvironmentsNextAnalytics

Last updated