What are webhooks?
Nexudus can communicate with other systems and automatically push data on to those systems when specific actions take place. This information is transferred over the internet by means of webhooks. The receiving end of these webhooks is normally a system that understands this data and is able to process it.

The receiving end of a webhook will listen for incoming calls from Nexudus with specific data. For example, if you want to notify another system every time you make a change to a member or contact you could use the "Coworker Update" webhook which sends the data of the contact or member whose record you have updated.

Webhooks are created from the Settings > Integrations menu. We keep adding new webhooks as users require them for specific integrations but these are the ones we have available so far:

  • Access Control Update (see more details)
  • Coworker Update
  • Coworker Create
  • BlogPost Create
  • BlogPost Update
  • Booking Create
  • Booking Update
  • Booking Delete
  • Send Welcome Email
  • Coworker Contract Activate
  • Coworker Contract Cancel
  • Coworker Contract Renew
  • Coworker Contract Upgrade Downgrade
  • Coworker Contract Activate First
  • Coworker Invoice Create First
  • Coworker Invoice Create
  • Coworker Invoice Delete
  • Coworker Invoice Update
  • Coworker Invoice Refund
  • Coworker Invoice Credit Note
  • Coworker Invoice Paid
  • Coworker Invoice Failed Payment
  • Coworker Invoice Received Payment
  • Coworker Invoice Awaiting Payment
  • Team Create
  • Team Update
  • Team Delete
  • Calendar Event Create
  • Calendar Event Update
  • Calendar Event Attendee Delete
  • Calendar Event Attendee Create
  • Calendar Event Attendee Update
  • Global Chat Message Create
  • NewsLetter Subscriber Create
  • NewsLetter Subscriber Subscribed
  • NewsLetter Subscriber UnSubscribed
  • NewsLetter Subscriber Removed From Group
  • Coworker Checkout
  • Coworker Checkin
  • Coworker Checkin Failed
  • Visitor Notification
  • Community Board New Thread
  • Community Board New Reply
  • Visitor Checked in
  • Visitor Registered
  • Blog Post Delete
  • Calendar Event Delete
  • HelDesk Message Created
  • HelpDesk Comment Created
  • Checkin Created
  • Checkin Updated
  • Checkin Deleted
  • Coworker Delete
  • Coworker Message Create
  • Delivery Created
  • Delivery Assigned
  • Proposal Created
  • Proposal Updated
  • Proposal Deleted

Webhook requests created by our servers can be verified by calculating a digital signature using a shared secret you can type in Settings > Integrations.

GET Webhook Types

GET https://spaces.nexudus.com/api/utils/enums?name=eWebhookAction

Verify a webhook created through the API

If a shared secret is available, each Webhook request includes a X-Nexudus-Hook-Signature header which is generated using the app's shared secret along with the data sent in the request.

The following code is used to generate the hash header:

var wr = GetWebRequest();
var dataString = JsonConvert.SerializeObject(new[] { dto });
//Calculate signature hash
var sharedSecret = GetSharedSecret();
if (!string.IsNullOrEmpty(sharedSecret))
  var encoding = new System.Text.ASCIIEncoding(); 
  var keyBytes = encoding.GetBytes(sharedSecret);
  var hmacsha256 = new HMACSHA256(keyBytes);
  var messageBytes = encoding.GetBytes(dataString);
  var hashBytes = hmacsha256.ComputeHash(messageBytes);
  var hash = ByteToString(hashBytes);
  wr.Headers.Add("X-Nexudus-Hook-Signature", hash);
string ByteToString(byte[] buff)
  string sbinary = "";
  for (int i = 0; i < buff.Length; i++)
    sbinary += buff[i].ToString("X2"); // hex format
    return sbinary;

To verify that the request came from Nexudus, compute the HMAC 256 digest and compare it with the value in the X-Nexudus-Hook-Signature header. If they match, you can be sure that the Webhook was sent from Nexudus and the data has not been compromised.

Failed Requests and retries

  If your server fails to process a webhook request, Nexudus will reattempt to call the webhook URL at different delayed intervals up to 10 times.

If your server fails to process a request 10 consecutive times, the failing webhook will be automatically disabled.

  Webhooks are location bound, each webhook will need to be placed in the location that is intended to be used, placing the webhook in the network account won't apply to the other locations

Was this article helpful?
1 out of 2 found this helpful
Have more questions? Submit a request


Please sign in to leave a comment.