Skip to main content

Send Webhooks

Last updated: December 12, 2022

Webhooks allow you to send events to your server or a 3rd-party platform like Zapier or Make and create any custom integration.

When active, Appraisal Inbox sends the following webhook events:

  • When an Appraisal is created or updated
  • When a new Client is created
  • When a new Contact is created

Note: Appraisal Inbox does not send delete events nor does it send update events for Clients and Contacts.

Activate Webhooks

  1. From anywhere in Appraisal Inbox, click the avatar icon in the upper right hand corner.
  2. Click the Integrations tab.
  3. On the Send Webhooks row, click the SET DESTINATION URL AND VIEW SECRET button.
  4. Set the Destination URL (this is where Appraisal Inbox will send the webhook events). Must be https!
  5. The Signing Secret will be generated automatically for you. Use this to secure your webhook (see below)

Image

To test webhooks, you can use a webhook catching service like Webhook.site.

Consuming Webhooks

When an event occurs that triggers a webhook, we will send an HTTP POST to the URL you specified, with a JSON-encoded body:

POST /your_destination_url HTTP/1.1
Host: https://yourapp.com
User-Agent: Appraisal Inbox (https://appraisalinbox.com)
signature: IW2uPTdLKJYyzzh0vTyDm7WD+/9/JoDbNVICWkTlVqQ=
Content-Type: application/json

{
  "event_data": {
    "appraisal_file_number": "2022-213",
    "appraisal_status": "Quote",
    "assignees": [
      "Angeline Bones"
    ],
    "client_name": "Awesome AMC",
    "created_at": "2022-12-11T19:15:36.738066Z",
    "id": "f967da5e-2199-4cf7-b48e-afb3555e50a3",
    "location_address": "1760 County Line Road, Lakeland, FL, USA",
    "property_type": "Commercial",
    "quote_fee": "7500",
    "quote_made_date": "2022-12-11T19:14:46.859000Z"
  },
  "event_id": "f4423741-2144-43ba-987b-f5e29d35ba8f",
  "event_time": "2022-12-11T19:15:37.009260Z",
  "event_type": "appraisal.created"
}

Note: The URL you specify to received webhook payloads should respond quickly with a 200 OK response code. To ensure you respond in a timely manner, it’s best to enqueue the body in a job queue to process asynchronously (rather than processing it in the request cycle). If we receive a non-2xx response code, we will retry several times.

Securing Webhooks

Webhooks are sent over HTTPS and are signed with a secret key. The secret key is unique to each webhook and is used to verify the authenticity of the requests. This secret can be found alongside the webhook configuration in your account’s integration settings. Using the secret key, Appraisal Inbox signs the request body with a SHA-256 HMAC signature. The signature is included in the signature header.

  1. Copy your signing secret

Image

  1. Verify the authenticity of the webhook event

Example in Elixir. This should be similar in your framework of choice:

def verify_signature(body, signature, secret) do
  body = Plug.Conn.read_body(conn)
  header_signature = Plug.Conn.get_req_header(conn, "signature") |> List.first()

  :crypto.hmac(:sha256, secret, body)
    |> Base.encode16(case: :lower)
    |> Plug.Crypto.secure_compare(header_signature)
end