Last updated: December 12, 2022
When active, Appraisal Inbox sends the following webhook events:
- When an Appraisal is created or updated
- When a new Client is created
- When a new Contact is created
Note: Appraisal Inbox does not send delete events nor does it send update events for Clients and Contacts.
- From anywhere in Appraisal Inbox, click the avatar icon in the upper right hand corner.
- Click the Integrations tab.
- On the Send Webhooks row, click the SET DESTINATION URL AND VIEW SECRET button.
- Set the Destination URL (this is where Appraisal Inbox will send the webhook events). Must be https!
- The Signing Secret will be generated automatically for you. Use this to secure your webhook (see below)
To test webhooks, you can use a webhook catching service like Webhook.site.
When an event occurs that triggers a webhook, we will send an HTTP POST to the URL you specified, with a JSON-encoded body:
POST /your_destination_url HTTP/1.1
User-Agent: Appraisal Inbox (https://appraisalinbox.com)
"client_name": "Awesome AMC",
"location_address": "1760 County Line Road, Lakeland, FL, USA",
Note: The URL you specify to received webhook payloads should respond quickly with a 200 OK response code. To ensure you respond in a timely manner, it’s best to enqueue the body in a job queue to process asynchronously (rather than processing it in the request cycle). If we receive a non-2xx response code, we will retry several times.
Webhooks are sent over HTTPS and are signed with a secret key. The secret key is unique to each webhook and is used to verify the authenticity of the requests. This secret can be found alongside the webhook configuration in your account’s integration settings. Using the secret key, Appraisal Inbox signs the request body with a SHA-256 HMAC signature. The signature is included in the signature header.
- Copy your signing secret
- Verify the authenticity of the webhook event
Example in Elixir. This should be similar in your framework of choice:
def verify_signature(body, signature, secret) do
body = Plug.Conn.read_body(conn)
header_signature = Plug.Conn.get_req_header(conn, "signature") |> List.first()
:crypto.hmac(:sha256, secret, body)
|> Base.encode16(case: :lower)