A webhook (also called Push API) is a way to provide your other applications with real-time information about

• Persons
• Organizations
• Deals
• Calendar events

A webhook delivers data to other applications when you create or update a record, meaning you can get data immediately.

A webhook will POST exactly the json object you receive by querying our API.

• https://support.onpipeline.com/api/#Deals
• https://support.onpipeline.com/api/#Person
• https://support.onpipeline.com/api/#Organization
• https://support.onpipeline.com/api/#Events

Organization - JSON example

{
"OrgID": "1213453823ABC12313121",
"OrgName": "Onpipeline",
"Address1": "Av Diagonal 458",
"Address2": "",
"Postcode": "08006",
"City": "Barcelona",
"Region": "Barcelona",
"Country": "Spain",
"FullAddress": "Av Diagonal 458, 08006 Barcelona",
"DealsOpen": "0",
"DealsWon": "0",
"DealsLost": "0",
"Source": "API",
"SourceName": "",
"Created": "2015-02-09 12:35:41",

"Extra": [
{
"ID":"123456789",
"Value":"Area1"
}
]
}

How to create a webhook

Admins can create webhooks through the settings are. Just save the Endpoint URL (the script on your server receiving the post) and specify which area shall be notified to that Endpoint.

The Endpoint URL must exist, and answer with a “200” http status code.

How it works

New records and changes will be posted to your Endpoints almost in realtime. If you Endpoint fails the webhook will retry automatically after 10 minutes, and then after 30 minutes. We consider the webhook as failed when your endopoint answers with a status code out of the 200 range (20*). The if you wish to execute the webhook manually you can do it within the admin area by clicking on the alert symbol, if any. Errors will be accessible for 7 days.

Validating Webhook Requests with X-Signature

To ensure a webhook request comes from Onpipeline, compare the X-Signature header with the value assigned to your endpoint.

This value is known only to you and Onpipeline, and can be:

• copied from the panel when creating the webhook manually;
• retrieved via API using the webhook-related resources.

Steps:

1. Read the X-Signature header from the request.
2. Compare it with your stored signature value.
3. If they match, the request is valid.

<?php

$headers = getallheaders();
// Extract the X-Signature value
$receivedSignature = $headers['X-Signature'] ?? '';

// Expected signature (from your config or environment)
$expectedSignature = 'your_known_signature';

// Validate
if (hash_equals($expectedSignature, $receivedSignature)) {
http_response_code(200);
echo 'Valid request';
} else {
http_response_code(403);
echo 'Invalid signature';
}
?>

You can create webhooks also via API. If you need support contact our support team.