All Conversations Automation Customer Data Growth Analytics Commerce DeveloperExplore products

Developer · Webhooks

Events that survive your worst Monday.

Every SabNode event — message received, order created, flow completed, payment captured — is delivered to your endpoint with HMAC-SHA256 signing, exponential backoff retries, replay-on-demand and a per-subscription dead-letter queue. Inbound webhooks accept Shopify, Razorpay, Meta and arbitrary provider payloads with first-class signature verification.

HMAC-SHA256 signing on every delivery
24-hour exponential-backoff retry window
DLQ with one-click replay
Per-subscription secret rotation

Start free Talk to sales Browse all features

The problem

Webhooks are where reliability promises die

You set up a webhook in five minutes and it works. Six months later your endpoint is 5xx-ing for thirty seconds during a deploy and the partner has lost 4,000 events. You email support, they tell you events are "best effort", and you spend a weekend stitching together a replay job from CSV exports of their internal logs.

The second pain is signing. The partner ships an HMAC secret. You write the verifier yourself. A week later someone discovers your verifier compares strings non-constant-time and your endpoint is vulnerable to timing attacks. Or you find out the partner does not sign the timestamp, so a captured request can be replayed forever. Each of these has happened on real production systems.

The third is observability. Inbound webhooks from Shopify, Razorpay, Meta and a dozen other providers land in your codebase. You have no per-provider dashboard, no replay button, no way to find "the 12 events that failed last Tuesday at 14:32". SabNode's webhook system was designed by an engineer who has been on the wrong end of every one of these.

What it is

Webhooks, in depth.

Outbound webhooks subscribe to any SabNode event — message.created, conversation.assigned, contact.updated, order.shipped, payment.captured, flow.completed and dozens more. You choose the events, the endpoint URL and an optional set of filters (only events on contacts in segment X, only orders over ₹5,000). SabNode signs every request with HMAC-SHA256 over the body and timestamp, includes a sabnode-signature header and a sabnode-event-id, and expects a 2xx response within 5 seconds.

Retries follow an exponential backoff curve: 30s, 2m, 10m, 30m, 1h, 4h, 12h, 24h, with full jitter. After the final retry, the event lands in the subscription's dead-letter queue. The DLQ in the SabNode dashboard shows the payload, the response your endpoint returned, the timestamps and a one-click replay button. You can also bulk-replay everything from a given hour, useful after a deploy outage.

Inbound webhooks are a first-class object. You can mount an inbound URL per provider (Shopify, Razorpay, Meta, custom), paste the provider's signing secret, and SabNode handles signature verification and replay-protection before the payload hits any of your flows. Inbound payloads can trigger flows, write fields to contacts or call REST API mutations — without you running a single line of glue code.

Secrets rotate cleanly. Each subscription has a primary and an optional next secret. During rotation, deliveries are signed with both; you cut over the verifier when ready and retire the old secret. No bang-and-pray secret swaps at 2 AM.

Capabilities

Everything you get with Webhooks.

7 capabilities

HMAC-SHA256 signing

Every outbound request includes a sabnode-signature header with HMAC-SHA256 over `${timestamp}.${body}`. The 5-minute timestamp tolerance defeats replays. Constant-time comparison is documented in every SDK.

Exponential backoff

Retries follow 30s, 2m, 10m, 30m, 1h, 4h, 12h, 24h with full jitter. Total window is 24 hours. The schedule is documented and unchanged release-over-release so your runbooks are stable.

Dead-letter queue

After final retry, events land in a per-subscription DLQ. The UI shows payload, your response, headers and timestamps. One-click replay or bulk-replay-by-hour pulls the events back through your endpoint.

Filtered subscriptions

Subscribe to events with filters: only contacts in segment X, only orders over ₹5k, only conversations on the priority queue. Filters run in SabNode, so your endpoint only gets the events it cares about.

Inbound receivers

Mount a SabNode-hosted URL per provider. We verify Shopify HMAC, Razorpay signature, Meta X-Hub-Signature and custom HMAC schemes before the event triggers a flow or writes a contact.

Secret rotation

Each subscription holds a primary and a next secret. During rotation, outbound deliveries are signed with both so you can flip the verifier without downtime, then retire the old secret.

Delivery observability

Per-subscription dashboards show throughput, success rate, p95 latency and failure breakdown. Alerts fire when failure rate breaches a threshold you set (default: 5% over 15 minutes).

Use cases

Built for the way teams actually work.

SaaS

Case 01

Real-time data warehouse

A SaaS streams every conversation.assigned, message.created and flow.completed event into BigQuery via a Cloud Run receiver. The DLQ saved them during a 14-minute warehouse outage — 4,200 events replayed cleanly.

E-commerce

Case 02

PagerDuty escalation

A merchant sets a filtered subscription on conversation.priority="urgent" → PagerDuty. The on-call engineer is paged inside 90 seconds of a high-value angry customer landing in the queue.

D2C

Case 03

Shopify return webhook

A D2C brand mounts an inbound Shopify webhook for refunds.created. The flow triggered by that webhook posts a soft-recovery message to the customer and adds a frequent-returner tag for downstream filtering.

B2B

Case 04

CRM bidirectional sync

A B2B team mirrors contacts both ways between Salesforce and SabNode using outbound contact.updated webhooks and a Salesforce Apex receiver. Idempotency keys derived from the event ID make double-fires safe.

Financial Services

Case 05

Compliance ledger

A fintech subscribes to message.created and writes every send and receive to an append-only S3 bucket for regulatory archive. The webhook signature is preserved in the archive for non-repudiation.

How it works

From signup to first send in minutes.

Webhooks is included on every SabNode workspace. No separate billing, no extra setup — flip it on from your workspace settings.

01
Create a subscription
Pick events, endpoint URL and optional filters. SabNode mints a signing secret and shows a curl sample for verification.
02
Verify signatures
Your endpoint reads sabnode-signature, computes HMAC-SHA256 over timestamp+body, compares constant-time and acks 200.
03
Process idempotently
sabnode-event-id is unique per logical event. Dedupe on it so a retry from our side is never a double-write on yours.
04
Watch the dashboard
Delivery rate, p95 latency and DLQ depth show in the subscription dashboard. Alerts fire on failure thresholds.
05
Replay if needed
After an outage, open the DLQ and click bulk-replay-by-hour. Events flow back through your endpoint in the original order.

Plays well with

Works with the tools you already ship on.

ShopifyRazorpayMetaStripeAWS LambdaVercelCloudflare WorkersPagerDuty

Frequently asked

Questions about Webhooks.

Can't find what you're looking for? Talk to our team.

What happens if my endpoint is down for an hour?

SabNode retries with exponential backoff over 24 hours. Most outages of an hour or less are absorbed by retries with no manual action. Anything that fails all eight attempts lands in the dead-letter queue, where you can replay individual events or bulk-replay by hour once your endpoint is healthy.

How do I verify the signature in Node.js?

Read the sabnode-signature header (format: t=<timestamp>,v1=<hmac>). Compute HMAC-SHA256 over `${timestamp}.${rawBody}` with your secret, compare to v1 using crypto.timingSafeEqual. Reject if the timestamp is more than 5 minutes from now. Our JS SDK ships a verifyWebhook helper that does all of this.

Are deliveries ordered?

Within a single conversation, message events are delivered in order. Across conversations, events may interleave for throughput. If you need strict global ordering, sort by sabnode-event-id at the receiver — it is monotonic per workspace.

Can I subscribe to events for one workspace but not others?

Webhook subscriptions are scoped to a single workspace. If you run multiple workspaces (test, staging, prod), each one has its own subscriptions, secrets and DLQ. Cross-workspace event mirroring is available on enterprise plans through a dedicated event bus.

What payload format do you send?

JSON, UTF-8, content-type application/json. Every event carries id, type, created_at, workspace_id and data. The data shape is the same as the corresponding REST API resource, so a contact.updated webhook contains the full contact object exactly as GET /contacts/:id would return it.

How do I handle a renamed event type?

New event types ship as additive changes. Renames or removals are scheduled with at least 24 months of dual emission: both the old and the new event type fire, your verifier can listen to whichever it prefers, and we sunset the old type only after the API version that uses it is fully retired.

Can I get webhooks at the edge?

Yes. Cloudflare Workers, Vercel Edge Functions and AWS Lambda@Edge are all common receivers. SabNode's timestamps are UTC and signatures are pure HMAC-SHA256, so no V8-incompatible Node APIs are required for verification.

Related features

Stronger when stacked.

Browse every feature

REST API

Typed REST + webhooks for every object. SDKs for JS, Python and Go.

OAuth 2 & API Keys

Scoped access tokens with audit log and granular permissions.

Environments

Sandbox → staging → production with per-env credentials and domains.

Triggers

Fire a flow on order paid, message received, webhook call or schedule.