Skip to main content

Webhooks

Webhooks let SalesOS send HTTP POST requests to your server when specific events occur. Use them to sync data in real time, trigger external workflows, or build custom notifications.

How Webhooks Work

  1. You register a webhook URL and select which events to listen for
  2. When a matching event occurs in SalesOS, it sends a POST request to your URL
  3. Your server processes the payload and returns a 200 response
  4. If your server does not respond, SalesOS retries with exponential backoff

Managing Webhooks

Create a Webhook

POST /v1/webhooks
FieldTypeRequiredDescription
urlstringYesThe HTTPS URL to receive events
eventsarrayYesList of event types to subscribe to
secretstringNoA secret key for payload verification (recommended)
descriptionstringNoFriendly name for this webhook
activebooleanNoWhether the webhook is active (default: true)

Example

curl -X POST "https://api.play2sell.com/v1/webhooks" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://your-server.com/webhooks/salesos",
    "events": ["deal.won", "deal.lost", "lead.created"],
    "secret": "whsec_your_secret_key_here",
    "description": "CRM sync webhook"
  }'

List Webhooks

GET /v1/webhooks

Update a Webhook

PATCH /v1/webhooks/:id

Delete a Webhook

DELETE /v1/webhooks/:id

Event Types

Deal Events

EventFires When
deal.createdA new deal is created
deal.updatedAny deal field is updated
deal.stage_changedA deal moves to a different stage
deal.wonA deal is closed as won
deal.lostA deal is closed as lost
deal.deletedA deal is deleted

Lead Events

EventFires When
lead.createdA new lead is created
lead.updatedAny lead field is updated
lead.status_changedLead status changes
lead.convertedA lead is converted to a deal
lead.deletedA lead is deleted

User Events

EventFires When
user.createdA new user is invited
user.activatedA user accepts their invitation
user.updatedUser profile or role changes
user.deactivatedA user is deactivated

Gamification Events

EventFires When
badge.earnedA user earns a badge
ranking.changedA user’s ranking position changes
challenge.completedA user completes a challenge goal

Payload Format

All webhook payloads follow the same structure: 
{
  "id": "evt_abc123def456",
  "type": "deal.won",
  "created_at": "2026-03-15T14:30:00Z",
  "data": {
    "id": "880e8400-e29b-41d4-a716-446655440000",
    "name": "Tech Corp - Enterprise License",
    "value": 82000,
    "stage": "Closed Won",
    "owner_id": "660e8400-e29b-41d4-a716-446655440001",
    "previous_stage": "Negotiation"
  }
}

Payload Fields

FieldDescription
idUnique event ID (for deduplication)
typeThe event type
created_atWhen the event occurred
dataThe event payload (varies by event type)

Verifying Webhook Signatures

If you set a secret when creating the webhook, SalesOS includes a signature header for verification: 
X-SalesOS-Signature: sha256=abc123...
Verify the signature on your server: 
const crypto = require('crypto');

function verifyWebhook(payload, signature, secret) {
  const expected = 'sha256=' + crypto
    .createHmac('sha256', secret)
    .update(payload)
    .digest('hex');
  return crypto.timingSafeEqual(
    Buffer.from(signature),
    Buffer.from(expected)
  );
}
Always verify webhook signatures in production. Without verification, anyone who knows your webhook URL could send fake events to your server.

Retry Policy

If your server does not return a 2xx response, SalesOS retries the webhook:
AttemptDelay
1st retry1 minute
2nd retry5 minutes
3rd retry30 minutes
4th retry2 hours
5th retry12 hours
After 5 failed retries, the event is marked as failed. You can view failed deliveries in Admin > Integrations > Webhooks > Delivery Log. If a webhook consistently fails (10 consecutive failures), it is automatically deactivated. You receive an email notification when this happens.

Webhook Logs

View delivery history for each webhook: 
GET /v1/webhooks/:id/deliveries
Each delivery log entry includes:
  • Event type and payload
  • HTTP response code from your server
  • Response time
  • Success or failure status
  • Retry count
Use the delivery log to debug webhook issues. You can also replay any failed delivery by clicking Retry in the webhook management UI.

Best Practices

  • Use HTTPS — Webhook URLs must use HTTPS for security
  • Verify signatures — Always validate the X-SalesOS-Signature header
  • Respond quickly — Return a 200 response within 10 seconds; process the payload asynchronously if needed
  • Handle duplicates — Use the event id for deduplication, as retries may deliver the same event multiple times
  • Monitor failures — Check the delivery log regularly and fix endpoint issues promptly

Next Steps

n8n Integration

Use webhooks with SalesOS Connect

Custom Integrations

Build your own integration